2: ease the transition, remove implementation barriers...bottleneck, you unlock the next one. in the...
TRANSCRIPT
HTTP/2: Ease the Transition, Remove Implementation BarriersRobert Haynes Ronnie Dockery
© 2016 F5 Networks
No One Likes Slow
3
© 2016 F5 Networks
No One Likes Slow
74% of users will leave a slow website after just 5 seconds or less
3
© 2016 F5 Networks
No One Likes Slow
74% of users will leave a slow website after just 5 seconds or less
Slow application:
Reduced productivity
3
© 2016 F5 Networks
No One Likes Slow
74% of users will leave a slow website after just 5 seconds or less
Every 100 millisecond delay costs Amazon 1% in
sales
Slow application:
Reduced productivity
3
© 2016 F5 Networks
Things Are Not Getting Easier
4
© 2016 F5 Networks
Things Are Not Getting Easier
Mobile devices of global now account for Internet traffic 35%
010203040
2009 2010 2011 2012 2013 2015
4
© 2016 F5 Networks
Things Are Not Getting Easier
The average web page has grown since 2008 3× 2.1MB
Growing exponentially
Mobile devices of global now account for Internet traffic 35%
010203040
2009 2010 2011 2012 2013 2015
4
© 2016 F5 Networks
Things Are Not Getting Easier
The average web page has grown since 2008 3× 2.1MB
Growing exponentially
Mobile devices of global now account for Internet traffic 35%
010203040
2009 2010 2011 2012 2013 2015
Radio = Latency
FiberCable
LTE 34% mostly use mobile Internet
4
© 2016 F5 Networks
2015 2016
COMPRESSION 12% 21%
ACCELERATION 12% 25%
SSL OFFLOAD 9% 21%
CACHING 9% 19%
Addressing Performance ChallengesF5 survey shows growth in plans to deploy performance-related services
5
© 2016 F5 Networks
Static content Small objects Low number of objects
HTTP Timeline
1996
HTTP/1.0
6
© 2016 F5 Networks
1 request = 1 connection Connection setup is expensive Inefficient when large numbers of objects on page Mitigated in part with keep-alive
What Were the Issues with HTTP/1?
7
© 2016 F5 Networks
www.cats.com
www.dogs.com
?
What Were the Issues with HTTP/1?
No virtual host support Each site needs one IP address Inefficient use of addresses Multi-homing server limits (255 per server on Linux < 2.2 kernel)
8
© 2016 F5 Networks
What Were the Issues with HTTP/1?
Primitive caching Cache invalidation used absolute times Clock skew caused problems Not explicit enough
9
© 2016 F5 Networks
Dynamic content Bigger objects More objects
HTTP Timeline
1996
HTTP/1.0
1999
HTTP/1.1
10
© 2016 F5 Networks
1996: HTTP/1.1
Cache-control header
Max-age directive
Etag header
Default = all connections
No keepalive messages
Servers still have timeouts
CACHING PERSISTENT CONNECTIONS
VIRTUAL HOSTS
Host header now required Multiple sites one IP address
11
© 2016 F5 Networks
What Are the Issues with HTTP/1.1?
Requests are blocking One connection can only process one request at a time Slow object blocks others downloading Solution—multiple connections
12
© 2016 F5 Networks
What Are the Issues with HTTP/1.1?
.css
/images/
HTML
Workarounds can be counter productive Multi-origin websites cause clients to open up to 30 TCP connections
13
© 2016 F5 Networks
meowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmeomeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmeomeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewmeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmeomeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmeomeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmewoofmeow
Header Data
Not that efficient Headers not compressed Header numbers and size increasing
What Are the Issues with HTTP/1.1?
14
© 2016 F5 Networks
Video content User-generated content
HTTP Timeline
Hey Nice Cat!
His name is Mittens.
1996
HTTP/1.0
1999
HTTP/1.1
2004
YouTube
15
© 2016 F5 Networks
More objects Bigger objects Mobile devices
HTTP Timeline
1996
HTTP/1.0
1999
HTTP/1.1
2004
YouTube
2009
SPDY
16
© 2016 F5 Networks
2009: SPDY
Concurrent requests
Single connection
Reduced header overhead
Smaller page size
Multiplexed Requests Compressed Headers Requires TLS
Enforced SSL security (Whether you want it or not)
17
© 2016 F5 Networks
What Are the Issues with SPDY?Not a standard
Forced secure connections (TLS)
Maybe not as SPDY? (depending on who you listen to)
Insecure compression
18
© 2016 F5 Networks
1996
HTTP/1.0
1999
HTTP/1.1
2004
YouTube
2009
SPDY
2015
HTTP/2
HTTP/2 Timeline
RFC 7540 May 2015
19
© 2016 F5 Networks
Multi-plexed requests
"Safe" compression
TLS optional*
Stronger cryptography
2015: HTTP/2 Is Here!
* Not in practice
20
© 2016 F5 Networks
Multi-plexed requests
"Safe" compression
TLS optional*
Stronger cryptography
2015: HTTP/2 Is Here!
* Not in practice
20
© 2016 F5 Networks
HTTP/2 Adoption
Data from http://isthewebhttp2yet.com/measurements/adoption.html
21
© 2016 F5 Networks
HTTP/2 Adoption
7.8% of sites
Data from https://w3techs.com/technologies/details/ce-http2/all/all
Most “webmonsters”
22
HTTP/2—Quick Overview
© 2016 F5 Networks
3 Shocking Facts About HTTP/2 Everyone Should Know
It’s binary
It uses multi-plexed requests on a single connection
It uses compressed headers
24
© 2016 F5 Networks
3 Shocking Facts About HTTP/2 Everyone Should Know
It uses multi-plexed requests on a single connection
It uses compressed headers
01101001 01110100 00100111 01110011 00100b00 01100010 01101001 01101110 01100001 01110010 01111001 00001010
24
© 2016 F5 Networks
3 Shocking Facts About HTTP/2 Everyone Should Know
It uses compressed headers
01101001 01110100 00100111 01110011 00100b00 01100010 01101001 01101110 01100001 01110010 01111001 00001010
01000111 01000101 01010100 00100000 00101111 01101001 01101101 01100001 01100111 01100101 01110011 00101111 01100011 01100001 01110100 00101110 01101010 01110000 01100111 01000111 01000101 01010100 00100000 00101111 01101001 01101101 01100001 01100111 01100101 01110011 00101111 01100100 01101111 01100111 00001101 00001010 00101110 01101010 01110000 01100111 01000111 01000101 01010100 00100000 00101111 01101001 01101101 01100001 01100111 01100101 01110011 00101111 01110100 01110101 01110010 01110100 01101100 01100101 00101110 01101010 01110000 01100111
24
© 2016 F5 Networks
3 Shocking Facts About HTTP/2 Everyone Should Know
01101001 01110100 00100111 01110011 00100b00 01100010 01101001 01101110 01100001 01110010 01111001 00001010
It uses compressed headers
01000111 01000101 01010100 00100000 00101111 01101001 01101101 01100001 01100111 01100101 01110011 00101111 01100011 01100001 01110100 00101110 01101010 01110000 01100111 01000111 01000101 01010100 00100000 00101111 01101001 01101101 01100001 01100111 01100101 01110011 00101111 01100100 01101111 01100111 00001101 00001010 00101110 01101010 01110000 01100111 01000111 01000101 01010100 00100000 00101111 01101001 01101101 01100001 01100111 01100101 01110011 00101111 01110100 01110101 01110010 01110100 01101100 01100101 00101110 01101010 01110000 01100111
24
© 2016 F5 Networks
A major contributor to improved HTTP/2 performance
Multi-plexed Requests
25
© 2016 F5 Networks
A major contributor to improved HTTP/2 performance
Multiple outstanding requests per connection
Uses a construct known as "streams"
Max number of streams is configurable
BIG-IP default is typically 10—probably too low
Multi-plexed Requests
25
© 2016 F5 Networks
HTTP/1.1
26
© 2016 F5 Networks
Hello
May I have a picture of a cat please?
Here is a cat
May I also have a picture of a dog?
Here is a dog
May I also have a picture of a turtle?
Here is a turtle
Thanks, bye
Bye
HTTP/1.1Hello
26
© 2016 F5 Networks
Hello
May I have a picture of a cat please?
Here is a cat
May I also have a picture of a dog?
Here is a dog
May I also have a picture of a turtle?
Here is a turtle
Thanks, bye
Bye
Hello
Hello
May I have a picture of a cat please? And another cat? And a dog?
Here is a cat And a dog
May I also have a picture of a turtle?
Here is another cat And a turtle
Thanks, bye
Bye
HTTP/1.1 HTTP/2Hello
26
© 2016 F5 Networks
Most headers are the same between requests Why send them every time?
Just keep a header table on each side of the connection
Update only what has changed in each stream
Method GETscheme HTTPShost F5.compath /resourceAccept image/jpeg
user-agent Mozilla/5.0 …
Method GETscheme HTTPShost F5.compath /imagesaccept image/jpeg
user-agent Mozilla/5.0 …
Request 1 Request 2
method: Get scheme: HTTPS host: f5.com path: /resource accept: image/jpg user-agent: Mozilla/….
Stream 1 headers
Method: Get Scheme: HTTPS Host: f5.com path: /images Accept: image/jpg User-agent: Mozilla/….
Stream 2 headers
Compression for Headers
27
© 2016 F5 Networks
100 images 100 milliseconds (added) latency Served from Microsoft Azure
Page load 18 seconds
HTTP/1.1
One hundred requests: HTTP/1: Browser limited to six simultaneous requests
28
© 2016 F5 Networks
100 images 100 milliseconds (added) latency Served from Microsoft Azure
Page load 5 seconds
HTTP/2One hundred requests: HTTP/2: Browser can request more than six simultaneous requests
29
© 2016 F5 Networks
Ephemeral keys only (forward secrecy)
Stronger Cryptography
30
© 2016 F5 Networks
Ephemeral keys only (forward secrecy)
Stronger Cryptography
TLS 1.2 or newer required for HTTP/2
Minimal key sizes—128 bit EC, 2048 bit RSA
30
© 2016 F5 Networks
TLS Is Not Mandatory. But It Is Really.
31
So, Why Isn’t the Web All HTTP/2 Yet?
© 2016 F5 Networks
The requirement that all application traffic be secured via TLS/SSL
Incompatibility with current security infrastructure
Lack of familiarity with the technology
Low availability of HTTP/2 services
Lack of back-end support
Lack of backward compatibility with HTTP/1.x
19%
28%
29%
31%
31%
41%
Potential Barriers that Slow Adoption of HTTP/2
33
© 2016 F5 Networks
The requirement that all application traffic be secured via TLS/SSL
Incompatibility with current security infrastructure
Lack of familiarity with the technology
Low availability of HTTP/2 services
Lack of back-end support
Lack of backward compatibility with HTTP/1.x
19%
28%
29%
31%
31%
41%
Potential Barriers that Slow Adoption of HTTP/2
Source: IDG Enterprise Research
33
© 2016 F5 Networks
01101101 01100101 01101111 01110111
Optimization
Security Reporting
HTTP/2
Client
HTTP/2
Server
HTTP/2 Impacts the Infrastructure
34
© 2016 F5 Networks
So?
Inspection
Optimization
Reporting
Protocol Understanding
35
© 2016 F5 Networks
So?
Inspection
Optimization
Reporting
35
© 2016 F5 Networks
So?
Inspection
Optimization
Reporting
35
HTTP/2 Made Easy
© 2016 F5 Networks
01101101 01100101
HTTP/1.x
Client
HTTP/2
Server
Security
Optim
ization
Reporting
HTTP/2 Gateway
HTTP/2 Performance HTTP/ 1Simplicity Full ADC Services
Protocol Gateway
ADC
GET /images/cat.jpg
37
© 2016 F5 Networks
HTTP/1.x
Server
GET /images/cat.jpg01101101 01100101
Multi-Protocol Gateway
01101101 01100101GET /images/cat.jpg
SPDY
HTTP/2
HTTP/1.1
HTTP/1.1 GET /images/cat.jpg
ADC
Client
Protocol Gateway
38
© 2016 F5 Networks
Two Steps to Implement HTTP/2 Gateway
Copy HTTP/2 Profile
Add Profile to Virtual Server
39
© 2016 F5 Networks
Two Steps to Implement HTTP/2 Gateway
That’s it... really!
Copy HTTP/2 Profile
Add Profile to Virtual Server
39
© 2016 F5 Networks
HTTP/2 Profile Settings Things you might want to play with (then TEST):
Inserting a header if HTTP/2 is used – track on your webserver
Concurrent streams per connection: Increase to 30 or more
40
© 2016 F5 Networks
HTTP/1.1
From Slow…
41
© 2016 F5 Networks
HTTP/2
HTTP/1.1 bottleneck removed!
To Fast(er)
42
© 2016 F5 Networks 43
© 2016 F5 Networks 43
© 2016 F5 Networks
As with all performance optimization processes, the moment you remove one performance bottleneck, you unlock the next one. In the case of HTTP/2, TCP may be it. Which is why, once
again, a well-tuned TCP stack on the server is such a critical optimization criteria for HTTP/2.
High Performance Browser Networking, Ilya Grigorik, O’Reilly Media
44
© 2016 F5 Networks
TCP
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 0000101001100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 000011 0100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 000 00 00001101 00001010 01100011 01100001 01110100 00001101 00001010
We’re Only Moving the Bottleneck
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00 100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001 10100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 1110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
45
© 2016 F5 Networks
TCP Inefficiencies: the Next BottleneckThings to consider:
Congestion control algorithms
Window sizing
Multi-path TCP
High RTT and packet loss links (radio)
46
© 2016 F5 Networks
00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 0000101001100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 0
00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011
Know any good ones?
Perhaps You Need a TCP Optimizer?
RTT = 100 ms TCP algorithm = Woodside
TCP window scale = 65,535 KB
RTT = 1 ms TCP algorithm = High speed TCP window scale = 1 MB
47
© 2016 F5 Networks
Summary
Binary protocol
TCP optimizations required
SSL offload essential
Significant performance improvements
Reduced header overhead
Smaller page size
Fully multi-plexed connections
Impact Performance Opportunities
Server push possibilities Leverage existing ADC
48
• Add class to your personal schedule.
• Survey will pop up in Mobile App. • Answer the multiple choice. • Submit your question to complete. • Receive 5 points!
Give Feedback – Get Points!