2: ease the transition, remove implementation barriers...bottleneck, you unlock the next one. in the...

HTTP/2: Ease the Transition, Remove Implementation BarriersRobert Haynes Ronnie Dockery

© 2016 F5 Networks

No One Likes Slow

3

© 2016 F5 Networks

No One Likes Slow

74% of users will leave a slow website after just 5 seconds or less

3

© 2016 F5 Networks

No One Likes Slow


Slow application:

Reduced productivity

3

© 2016 F5 Networks

No One Likes Slow


Every 100 millisecond delay costs Amazon 1% in

sales

Slow application:

Reduced productivity

3

© 2016 F5 Networks

Things Are Not Getting Easier

4

© 2016 F5 Networks


Mobile devices of global now account for Internet traffic 35%

010203040

2009 2010 2011 2012 2013 2015

4

© 2016 F5 Networks


The average web page has grown since 2008 3× 2.1MB

Growing exponentially


010203040

2009 2010 2011 2012 2013 2015

4

© 2016 F5 Networks


The average web page has grown since 2008 3× 2.1MB

Growing exponentially


010203040

2009 2010 2011 2012 2013 2015

Radio = Latency

FiberCable

LTE 34% mostly use mobile Internet

4

© 2016 F5 Networks

2015 2016

COMPRESSION 12% 21%

ACCELERATION 12% 25%

SSL OFFLOAD 9% 21%

CACHING 9% 19%

Addressing Performance ChallengesF5 survey shows growth in plans to deploy performance-related services

5

© 2016 F5 Networks

Static content Small objects Low number of objects

HTTP Timeline

1996

HTTP/1.0

6

© 2016 F5 Networks

1 request = 1 connection Connection setup is expensive Inefficient when large numbers of objects on page Mitigated in part with keep-alive

What Were the Issues with HTTP/1?

7

© 2016 F5 Networks

www.cats.com

www.dogs.com

?


No virtual host support Each site needs one IP address Inefficient use of addresses Multi-homing server limits (255 per server on Linux < 2.2 kernel)

8

© 2016 F5 Networks


Primitive caching Cache invalidation used absolute times Clock skew caused problems Not explicit enough

9

© 2016 F5 Networks

Dynamic content Bigger objects More objects

HTTP Timeline

1996

HTTP/1.0

1999

HTTP/1.1

10

© 2016 F5 Networks

1996: HTTP/1.1

Cache-control header

Max-age directive

Etag header

Default = all connections

No keepalive messages

Servers still have timeouts

CACHING PERSISTENT CONNECTIONS

VIRTUAL HOSTS

Host header now required Multiple sites one IP address

11

© 2016 F5 Networks

What Are the Issues with HTTP/1.1?

Requests are blocking One connection can only process one request at a time Slow object blocks others downloading Solution—multiple connections

12

© 2016 F5 Networks


.css

/images/

HTML

Workarounds can be counter productive Multi-origin websites cause clients to open up to 30 TCP connections

13

© 2016 F5 Networks

meowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmeomeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmeomeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewmeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmeomeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmeomeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmewoofmeow

Header Data

Not that efficient Headers not compressed Header numbers and size increasing


14

© 2016 F5 Networks

Video content User-generated content

HTTP Timeline

Hey Nice Cat!

His name is Mittens.

1996

HTTP/1.0

1999

HTTP/1.1

2004

YouTube

15

© 2016 F5 Networks

More objects Bigger objects Mobile devices

HTTP Timeline

1996

HTTP/1.0

1999

HTTP/1.1

2004

YouTube

2009

SPDY

16

© 2016 F5 Networks

2009: SPDY

Concurrent requests

Single connection

(More on this later)

Reduced header overhead

Smaller page size

Multiplexed Requests Compressed Headers Requires TLS

Enforced SSL security (Whether you want it or not)

17

© 2016 F5 Networks

What Are the Issues with SPDY?Not a standard

Forced secure connections (TLS)

Maybe not as SPDY? (depending on who you listen to)

Insecure compression

18

© 2016 F5 Networks

1996

HTTP/1.0

1999

HTTP/1.1

2004

YouTube

2009

SPDY

2015

HTTP/2

HTTP/2 Timeline

RFC 7540 May 2015

19

© 2016 F5 Networks

Multi-plexed requests

"Safe" compression

TLS optional*

Stronger cryptography

2015: HTTP/2 Is Here!

* Not in practice

20

© 2016 F5 Networks

HTTP/2 Adoption

Data from http://isthewebhttp2yet.com/measurements/adoption.html

21

© 2016 F5 Networks

HTTP/2 Adoption

7.8% of sites

Data from https://w3techs.com/technologies/details/ce-http2/all/all

Most “webmonsters”

22

HTTP/2—Quick Overview

© 2016 F5 Networks

3 Shocking Facts About HTTP/2 Everyone Should Know

It’s binary

It uses multi-plexed requests on a single connection

It uses compressed headers

24

© 2016 F5 Networks


It uses multi-plexed requests on a single connection


01101001 01110100 00100111 01110011 00100b00 01100010 01101001 01101110 01100001 01110010 01111001 00001010

24

© 2016 F5 Networks



01101001 01110100 00100111 01110011 00100b00 01100010 01101001 01101110 01100001 01110010 01111001 00001010

01000111 01000101 01010100 00100000 00101111 01101001 01101101 01100001 01100111 01100101 01110011 00101111 01100011 01100001 01110100 00101110 01101010 01110000 01100111 01000111 01000101 01010100 00100000 00101111 01101001 01101101 01100001 01100111 01100101 01110011 00101111 01100100 01101111 01100111 00001101 00001010 00101110 01101010 01110000 01100111 01000111 01000101 01010100 00100000 00101111 01101001 01101101 01100001 01100111 01100101 01110011 00101111 01110100 01110101 01110010 01110100 01101100 01100101 00101110 01101010 01110000 01100111

24

© 2016 F5 Networks


01101001 01110100 00100111 01110011 00100b00 01100010 01101001 01101110 01100001 01110010 01111001 00001010


01000111 01000101 01010100 00100000 00101111 01101001 01101101 01100001 01100111 01100101 01110011 00101111 01100011 01100001 01110100 00101110 01101010 01110000 01100111 01000111 01000101 01010100 00100000 00101111 01101001 01101101 01100001 01100111 01100101 01110011 00101111 01100100 01101111 01100111 00001101 00001010 00101110 01101010 01110000 01100111 01000111 01000101 01010100 00100000 00101111 01101001 01101101 01100001 01100111 01100101 01110011 00101111 01110100 01110101 01110010 01110100 01101100 01100101 00101110 01101010 01110000 01100111

24

© 2016 F5 Networks

A major contributor to improved HTTP/2 performance

Multi-plexed Requests

25

© 2016 F5 Networks

A major contributor to improved HTTP/2 performance

Multiple outstanding requests per connection

Uses a construct known as "streams"

Max number of streams is configurable

BIG-IP default is typically 10—probably too low

Multi-plexed Requests

25

© 2016 F5 Networks

HTTP/1.1

26

© 2016 F5 Networks

Hello

May I have a picture of a cat please?

Here is a cat

May I also have a picture of a dog?

Here is a dog

May I also have a picture of a turtle?

Here is a turtle

Thanks, bye

Bye

HTTP/1.1Hello

26

© 2016 F5 Networks

Hello

May I have a picture of a cat please?

Here is a cat

May I also have a picture of a dog?

Here is a dog


Here is a turtle

Thanks, bye

Bye

Hello

Hello

May I have a picture of a cat please? And another cat? And a dog?

Here is a cat And a dog


Here is another cat And a turtle

Thanks, bye

Bye

HTTP/1.1 HTTP/2Hello

26

© 2016 F5 Networks

Most headers are the same between requests Why send them every time?

Just keep a header table on each side of the connection

Update only what has changed in each stream

Method GETscheme HTTPShost F5.compath /resourceAccept image/jpeg

user-agent Mozilla/5.0 …

Method GETscheme HTTPShost F5.compath /imagesaccept image/jpeg

user-agent Mozilla/5.0 …

Request 1 Request 2

method: Get scheme: HTTPS host: f5.com path: /resource accept: image/jpg user-agent: Mozilla/….

Stream 1 headers

Method: Get Scheme: HTTPS Host: f5.com path: /images Accept: image/jpg User-agent: Mozilla/….

Stream 2 headers

Compression for Headers

27

© 2016 F5 Networks

100 images 100 milliseconds (added) latency Served from Microsoft Azure

Page load 18 seconds

HTTP/1.1

One hundred requests: HTTP/1: Browser limited to six simultaneous requests

28

© 2016 F5 Networks

100 images 100 milliseconds (added) latency Served from Microsoft Azure

Page load 5 seconds

HTTP/2One hundred requests: HTTP/2: Browser can request more than six simultaneous requests

29

© 2016 F5 Networks

Ephemeral keys only (forward secrecy)

Stronger Cryptography

30

© 2016 F5 Networks

Ephemeral keys only (forward secrecy)

Stronger Cryptography

TLS 1.2 or newer required for HTTP/2

Minimal key sizes—128 bit EC, 2048 bit RSA

30

© 2016 F5 Networks

TLS Is Not Mandatory. But It Is Really.

31

So, Why Isn’t the Web All HTTP/2 Yet?

© 2016 F5 Networks

The requirement that all application traffic be secured via TLS/SSL

Incompatibility with current security infrastructure

Lack of familiarity with the technology

Low availability of HTTP/2 services

Lack of back-end support

Lack of backward compatibility with HTTP/1.x

19%

28%

29%

31%

31%

41%

Potential Barriers that Slow Adoption of HTTP/2

33

© 2016 F5 Networks

The requirement that all application traffic be secured via TLS/SSL

Incompatibility with current security infrastructure

Lack of familiarity with the technology

Low availability of HTTP/2 services

Lack of back-end support

Lack of backward compatibility with HTTP/1.x

19%

28%

29%

31%

31%

41%

Potential Barriers that Slow Adoption of HTTP/2

Source: IDG Enterprise Research

33

© 2016 F5 Networks

01101101 01100101 01101111 01110111

Optimization

Security Reporting

HTTP/2

Client

HTTP/2

Server

HTTP/2 Impacts the Infrastructure

34

HTTP/2 Made Easy

© 2016 F5 Networks

01101101 01100101

HTTP/1.x

Client

HTTP/2

Server

Security

Optim

ization

Reporting

HTTP/2 Gateway

HTTP/2 Performance HTTP/ 1Simplicity Full ADC Services

Protocol Gateway

ADC

GET /images/cat.jpg

37

© 2016 F5 Networks

HTTP/1.x

Server

GET /images/cat.jpg01101101 01100101

Multi-Protocol Gateway

01101101 01100101GET /images/cat.jpg

SPDY

HTTP/2

HTTP/1.1

HTTP/1.1 GET /images/cat.jpg

ADC

Client

Protocol Gateway

38

© 2016 F5 Networks

Two Steps to Implement HTTP/2 Gateway

That’s it... really!

Copy HTTP/2 Profile

Add Profile to Virtual Server

39

© 2016 F5 Networks

HTTP/2 Profile Settings Things you might want to play with (then TEST):

Inserting a header if HTTP/2 is used – track on your webserver

Concurrent streams per connection: Increase to 30 or more

40

© 2016 F5 Networks

As with all performance optimization processes, the moment you remove one performance bottleneck, you unlock the next one. In the case of HTTP/2, TCP may be it. Which is why, once

again, a well-tuned TCP stack on the server is such a critical optimization criteria for HTTP/2.

High Performance Browser Networking, Ilya Grigorik, O’Reilly Media

44

© 2016 F5 Networks

TCP

01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010

01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 0000101001100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010

01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010

01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010

01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 000011 0100 00001101 00001010 01100011 01100001 01110100 00001101 00001010

01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 000 00 00001101 00001010 01100011 01100001 01110100 00001101 00001010

We’re Only Moving the Bottleneck

01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00 100 00001101 00001010 01100011 01100001 01110100 00001101 00001010

01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001 10100 00001101 00001010 01100011 01100001 01110100 00001101 00001010

01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 1110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010

45

© 2016 F5 Networks

TCP Inefficiencies: the Next BottleneckThings to consider:

Congestion control algorithms

Window sizing

Multi-path TCP

High RTT and packet loss links (radio)

46

© 2016 F5 Networks

00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011

01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011

01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 0000101001100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 0

00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011

Know any good ones?

Perhaps You Need a TCP Optimizer?

RTT = 100 ms TCP algorithm = Woodside

TCP window scale = 65,535 KB

RTT = 1 ms TCP algorithm = High speed TCP window scale = 1 MB

47

© 2016 F5 Networks

Summary

Binary protocol

TCP optimizations required

SSL offload essential

Significant performance improvements

Reduced header overhead

Smaller page size

Fully multi-plexed connections

Impact Performance Opportunities

Server push possibilities Leverage existing ADC

48

• Add class to your personal schedule.

• Survey will pop up in Mobile App. • Answer the multiple choice. • Submit your question to complete. • Receive 5 points!

Give Feedback – Get Points!

2: ease the transition, remove implementation barriers...bottleneck, you unlock the next one. in the...

Documents