Iain RobertsonSystems EngineerBrocadeAccelerating applications in AWS with HTTP/2

1

Fill out the feedback form and go in a draw to win a drone today.Drone to be Won Today!

Title Goes Here7/5/2016Page 2 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY

AgendaWho are Brocade (and why are we at an AWS focused event?)Accelerating web-based applications using HTTP/2How to try out this stuff3

Brocade and vADC

BrocadeNot just a storage connectivity company any moreFocused on datacentre products: virtualised, software defined, or hardwareAcquired Vyatta, Inc. (2012)Acquired SteelApp from Riverbed (2015), subsequently relabelled vADC Formerly known as StingrayFormerly known as Zeus Traffic Manager(Its had a few names)5

Why vADC?Hundreds of reasons to consider; heres a few:TLS 1.2 supportSNI supportHTTP/2 (with proxying to HTTP/1.1 if required)CompressionMulti-provider cloud/hybrid cloud

Integrated WAFCompressionDIY CDN with flexibility (S3 frontend)Inline content manipulationetc6

vADC Architecture 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY7

Request

Response

SSL DecryptionService ProtectionTCP OffloadRate ShapingApplication FirewallContent CompressionHTTP CachingTCP OffloadService Level MonitoringBandwidth ShapingTransaction LoggingApplication FirewallPool(Server Connections)Virtual Server(Client Connections)Load BalancingSession PersistenceBandwidth ShapingSSL EncryptionHTTP MultiplexingConcurrency ControlApplication Auto-ScalingHealth Monitors

Request RulesRule BuilderTrafficScriptJava

Response RulesRule BuilderTrafficScriptJava

Completion RulesTrafficScript

Web / ApplicationServers

This slide shows how traffic passes through the Traffic Manager, and where each logical function occurs.

[Click] TrafficScript allows you to act on a Request, [CLICK] A Response, or at the end of a transaction7

(Amazon themselves have brought us in where ELB is being stretched beyond capabilities)Coopetition with ELB8

Accelerating Web-based Applications

HTTP/1.1 is s l o wHTTP/1.1Many short-lived TCP connectionsAll subject to TCP slow startPotentially requiring SSL handshake per-sessionLimited concurrent downloads2-6 per domain (browser dependent)Lengthy text-based headersSame or very similar headers sent with many requests & responsesIts old (1999)WorkaroundsDomain shardingImage spriting & resource inliningImage sampling & conversionCookie-less domainsGeographic localisation (CDNs)10

7/5/2016Page 10 2012 Brocade Communications Systems, Inc. CONFIDENTIALFor Internal Use Only[Add Presentation Title: Insert tab > Header & Footer > Notes and Handouts]

Latency is the enemy not bandwidthDecreasing round trip times or reducing round trips improves performance11

Source: Mike Belshe & Ilya Grigorik, Google

HTTP/2 is faster than HTTP/1.xHTTP/2Single, longer-lived TCP connection per domainMultiplexing of content over single TCP connectionsMore efficient: headers Things to be aware ofMajor browsers require TLS for HTTP/2HTTP/2 & HTTP/1.1 can co-exist Does not improve single file transfersMany of the HTTP/1.x developer hacks are no longer required12

7/5/2016Page 12 2012 Brocade Communications Systems, Inc. CONFIDENTIALFor Internal Use Only[Add Presentation Title: Insert tab > Header & Footer > Notes and Handouts]

If a picture tells a thousand words

13vTM = Brocade Virtual Traffic ManagerELB = AWS Elastic Load Balancer

Page Load Time ComparisonsHTTP/2 vs HTTPS 1.1 for index.html + 96 small images

14Delay (ms)HTTP/2HTTPS 1.1Faster?0438 ms1,035 ms233%20618 ms1,590 ms257%50750 ms2,607 ms348%100837 ms3,484 ms416%2001,199 ms5,409 ms451%3001,435 ms7,971 ms555%

Note: Base latency of 35ms from a residence in Sydney to AWS Sydney

7/5/2016Page 14 2012 Brocade Communications Systems, Inc. CONFIDENTIALFor Internal Use Only[Add Presentation Title: Insert tab > Header & Footer > Notes and Handouts]

Backbone latency from Sydney, Australia15

150ms121ms100ms131ms300+ms163ms23ms12ms27ms46ms12ms229ms453ms467msMobile Latency2G 150-300ms3G 40-100ms4G 20ms

HTTP/2 readiness16Source: http://caniuse.com/#search=HTTP%2F2

Performance improvements with HTTP/2How can the ELB Sandwich design impact performance and visibility?17

External ELBin HTTPS mode. SNAT with XFFHTTP/2 GatewayInternal ELB

External ELBin TCP mode.SNAT with proxy protocol

HTTP 1.xHTTP 1.1HTTP 1.x & HTTP/2HTTP 1.1HTTP 1.x & HTTP/2HTTP 1.1HTTP/2

HTTP/2HTTP/2

Note: Proxy/gateway must support proxy protocol to interpret real client IPNote: Proxy/gateway sees the real client IP directlyNo External ELBClients talk directly to the proxy/gatewayElastic IP

Two More Examples18

TrafficScript ExamplesInvestigate Failed Client Connections:

2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY19# Let's look at each connection and see if it completed or not:$reasonCode = connection.getCompletionReasonCode();

# If the connection did not complete, lets include it in Traffic Managers# Recent Connections connection tracing table so we can investigate more thoroughlyif ( $reasonCode != "COMPLETE" ) { recentconns.include(); } # Or we could look into why the connection failed:$info = connection.getCompletionReasonInfo(); # And log the failure code and detailed description of why the connection failed:if( $info['iserror'] ) { log.info( "Transaction error detected. Code: " . $info['code'] . " Message: " . $info['message'] ); }

This rule is looking for any connection that dont complete properly and flags the connections to be recorded in the detailed transaction tracing engine on the Traffic Manager for further investigation.

We can also put an entry in the log file with details of what happened.

Connection Completion rules are also useful for flagging other types of problems for more detailed connection tracing, for example:- Log or Trace connections that took longer than 1000ms to complete;- Log con19

TrafficScript ExamplesTreat Platinum Frequent Flyers like Royalty:

2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY20# Let's extract the Frequent Flyer number from the URL$FFNumber = http.getFormParam("FFID");

# Let's look them up in a special web form to see what level Frequent Flyer they are:$FFLookup = http.request.get("http://fflookup.airline.com/ffLookup.php?FFID=".$FFNumber);

# If they are Platinum Frequent Flyer, let's roll out the Red Carpet:if(string.containsI($FFLookup, "platinum")){

# We have a dedicated pool of servers for Platinum Frequent Flyers: pool.select("pool_Platinum_FF");

# And apply a pair of special Bandwidth Classes so we dont slow them down # when the site is under load like everyone else: request.setBandwidthClass("BW_Platinum_FF_REQ"); response.setBandwidthClass("BW_Platinum_FF_RES");}

The http.request.get() function allows Traffic Manager to make an arbitrary connection to a remote HTTP service and do something with the reply. In this instance, you would get your application developers to expose an HTTP based query that allows the Traffic Manager to submit a FF number and get an HTTP response back with their FF Membership level.

We grab the FF number out of the customers login, look it up get their membership level.

Once we have this, we can apply different policies on the Traffic Manager like using a special pool or applying less restrictive bandwidth classes for example.20

Fix embedded contentProvide better scaleAccelerate your web-based applicationsADCs can help to:21

Title Goes Here7/5/2016Page 21 2015 Brocade Communications Systems, Inc. CONFIDENTIALFor Internal Use Only

How to try vADC

Download from http://brocade.com/vadc/Developer mode: 1Mbps throughput, all features availableUse free trial AMI available from the marketplace: https://goo.gl/iDZrGO Come talk to us!22

Fill out the feedback form and go in a draw to win a drone today.Drone to be Won Today!

Title Goes Here7/5/2016Page 23 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY

Thank you

Title Goes Here7/5/2016Page 24 2015 Brocade Communications Systems, Inc. CONFIDENTIALFor Internal Use Only