f5 emea webinar oct'15: http2 how to ease the transition
TRANSCRIPT
![Page 1: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/1.jpg)
HTTP/2: How to Ease the TransitionF5 EMEA Webinar October 2015
PresenterTitle
![Page 2: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/2.jpg)
© F5 Networks, Inc 2
74% of users will leave a slow web site after just
5 seconds or less
Every 100 ms delay costs Amazon 1% in
sales
No one Likes Slow
Slow application: Reduced productivity
![Page 3: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/3.jpg)
© F5 Networks, Inc 3
Things Are Not Getting Easier
Mobile devices of globalnow account for Internet traffic 35%
2009 2010 2011 2012 2013 20150
10203040
The average web page has grown since 2008 3x 2.1MB
Growing exponentially
Radio = Latency
FiberCable
LTE 34% Mostly use mobile Internet
![Page 4: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/4.jpg)
© F5 Networks, Inc 4
2015 2016
COMPRESSION12% 21%
ACCELERATION12% 25%
SSL OFFLOAD 9% 21%
CACHING 9% 19%
Addressing Performance ChallengesF5 survey shows growth in plans to deploy performance related services
![Page 5: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/5.jpg)
© F5 Networks, Inc 5
1996
HTTP/1.0
• Static content• Small objects • Low number of objects
HTTP Timeline
![Page 6: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/6.jpg)
© F5 Networks, Inc 6
1996
HTTP/1.0
1999
HTTP/1.1
• Dynamic content• Bigger objects• More objects
HTTP Timeline
![Page 7: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/7.jpg)
© F5 Networks, Inc 7
1996
HTTP/1.0
1999
HTTP/1.1
2004
YouTube
• Video content• User generated content
Hey Nice Cat!
His name is Mittens.
HTTP Timeline
![Page 8: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/8.jpg)
© F5 Networks, Inc 8
1996
HTTP/1.0
1999
HTTP/1.1
2004
YouTube
2009
SPDY
• More objects• Bigger objects• Mobile devices
HTTP/2 Timeline
![Page 9: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/9.jpg)
© F5 Networks, Inc 9
1996
HTTP/1.0
1999
HTTP/1.1
2004
YouTube
2009
SPDY
2015
HTTP/2
HTTP/2 Timeline
![Page 10: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/10.jpg)
© F5 Networks, Inc 10
1 request = 1 connection
• Connection setup is expensive
• Inefficient when large numbers of objects on page
• Mitigated in part with keep-alive
What Were the Issues with HTTP/1?
![Page 11: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/11.jpg)
© F5 Networks, Inc 11
www.cats.com
www.dogs.com
?
What Were the Issues with HTTP/1?
No virtual host support
• Each site needs 1 IP address
• Inefficient use of addresses
• Multi homing server limits (255 per server on Linux < 2.2 kernel)
![Page 12: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/12.jpg)
© F5 Networks, Inc 12
What Were the Issues with HTTP/1?
Primitive caching
• Cache invalidation used absolute times
• Clock skew caused problems
• Not explicit enough
![Page 13: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/13.jpg)
© F5 Networks, Inc 13
1996: HTTP/1.1
• Cache-control header
• Max-age directive
• Etag header
• Default = all connections
• No keepalive messages
• Servers still have timeouts
CACHING PERSISTENT CONNECTIONS
VIRTUAL HOSTS
• Host header now required
• Multiple sites 1 IP address
![Page 14: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/14.jpg)
© F5 Networks, Inc 14
What Are the Issues with HTTP/1.1?
Requests are blocking
• 1 connection can only process 1 request at a time
• Slow object blocks others downloading
• Solution – multiple connections
![Page 15: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/15.jpg)
© F5 Networks, Inc 15
meowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmeomeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmeomeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewmeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmeomeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmeomeowmewomeowmeowmeowmeowmeowmeowmeoMeowmewomeowmeowmeowmeowmeowmeowmewoofmeow
Header Data
Not that efficient
• Headers not compressed
• Header numbers and size increasing
What Are the Issues with HTTP/1.1?
![Page 16: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/16.jpg)
© F5 Networks, Inc 16
Workarounds can be counter productive
• Multi-origin websites cause clients to open up to 30 TCP connections
What Are the Issues with HTTP/1.1?
.css
/images/
HTML
![Page 17: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/17.jpg)
© F5 Networks, Inc 17
2009: SPDY
• Concurrent requests
• Single connection
• Reduced header overhead
• Smaller page size
Multiplexed Requests Compressed Headers Requires TLS
• Enforced SSL security
• (Whether you want it or not)
![Page 18: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/18.jpg)
© F5 Networks, Inc 18
What Are the Issues with SPDY?
• Not a standard
• Forced secure connections (TLS)
• Maybe not as SPDY? (depending on who you listen to)
• Insecure compression
![Page 19: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/19.jpg)
© F5 Networks, Inc 19
• Multiplexed requests
• "Safe" compression
• TLS optional*
• Stronger cryptography
2015: HTTP/2 is Here!
*) Not in practice
![Page 20: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/20.jpg)
© F5 Networks, Inc 20
Request Multiplexing is a major contributor to improved HTTP/2 performance
• Multiple outstanding requests per connection
• Uses a construct known as "streams"
• Max number of streams is configurable (ADC default is typically 10)
Multiplexed Requests
![Page 21: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/21.jpg)
© F5 Networks, Inc 21
Hello
Hello
May I have a picture of a cat please?
Here is a cat
May I also have a picture of a dog?
Here is a dog
May I also have a picture of a turtle?
Here is a turtle
Thanks, bye
Bye
Hello
Hello
May I have a picture of a cat please?And another cat?And a dog?
Here is a catAnd a dog
May I also have a picture of a turtle?.
Here is another catAnd a turtle
Thanks, bye
Bye
HTTP/1.1 HTTP/2
![Page 22: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/22.jpg)
© F5 Networks, Inc 22
• 100 images
• 100 ms (added) latency
• Served from Microsoft Azure
• Page load 18 seconds
HTTP/1.1
![Page 23: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/23.jpg)
© F5 Networks, Inc 23
• 100 images
• 100 ms (added) latency
• Served from Microsoft Azure
• Page load 5 seconds
HTTP/2
![Page 24: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/24.jpg)
© F5 Networks, Inc 24
method GET
scheme HTTPS
host F5.com
path /resource
accept image/jpeg
user-agent Mozilla/5.0 …
method GET
scheme HTTPS
host F5.com
path /images
accept image/jpeg
user-agent Mozilla/5.0 …
Request 1 Request 2
method: Getscheme: HTTPShost: f5.compath: /resourceaccept: image/jpguser-agent: Mozilla/….
Stream 1 headers Method: GetScheme: HTTPSHost: f5.compath: /imagesAccept: image/jpgUser-agent: Mozilla/….
Stream 2 headers
• Most headers are the same between requests
• Why send them every time?
• Just keep a header table on each side of the connection
• Update only what has changed in each stream
Compression for Headers
![Page 25: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/25.jpg)
© F5 Networks, Inc 25
TLS is Not Mandatory. But it is Really.
![Page 26: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/26.jpg)
© F5 Networks, Inc 26
• Minimum requirements• TLS 1.2 or newer required for HTTP/2• Ephemeral keys only (forward secrecy)• Prefer authenticated encryption modes like Galois/Counter Mode (GCM)• Minimal key sizes 128 bit EC, 2048 bit RSA
• TLS 1.2 still has vulnerabilities (e.g. CVE-2015-4000 aka "Logjam")
• Default ADC implementations mitigate most risks
Stronger Cryptography
![Page 27: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/27.jpg)
© F5 Networks, Inc 27
Browser Support for HTTP/2
Source: "Can I use", http://caniuse.com/#search=http2
![Page 28: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/28.jpg)
© F5 Networks, Inc 28
The requirement that all application traffic be secured via TLS/SSL
Incompatibility with current security infrastructure
Lack of familiarity with the technology
Low availability of HTTP/2 services
Lack of back-end support
Lack of backward compatibility with HTTP/1.x
19%
28%
29%
31%
31%
41%
Potential Barriers that Slow Adoption of HTTP/2
Source: IDG Enterprise Research
![Page 29: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/29.jpg)
© F5 Networks, Inc 29
01101101 01100101 01101111 01110111
Optimisation
Security Reporting
HTTP/2
Client
HTTP/2
Server
• Limited web server availability
• Little to no security infrastructure
• Little to no visibility and reporting
HTTP/2 Impacts the Infrastructure
![Page 30: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/30.jpg)
© F5 Networks, Inc 30
01101101 01100101
HTTP/1.x
Client
HTTP/2
Server
ADC
ProtocolGateways GET /images/cat.jpg
Security
Optim
isation
Reporting
• Gain most of the performance benefits of HTTP/2
• Can service both HTTP/2 and non HTTP/2 traffic
• Use HTTP/1.1 downstream of gateway
• Retain full visibility into traffic
• Don’t need to refresh infrastructure
HTTP/2 Gateway
![Page 31: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/31.jpg)
© F5 Networks, Inc 31
01101101 01100101
HTTP/1.x
Server
ADC
GET /images/cat.jpg
• Gain most of the performance benefits of HTTP/2
• Can service both HTTP/2 and non HTTP/2 traffic
• Use HTTP/1.1 downstream of gateway
• Retain full visibility into traffic
• Don’t need to refresh infrastructure
HTTP/2 Gateway
01101101 01100101
GET /images/cat.jpg
ProtocolGateways
SPDY
HTTP/2
HTTP/1.1
HTTP/1.1 GET /images/cat.jpg
Security
Optim
isation
Reporting
![Page 32: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/32.jpg)
© F5 Networks, Inc 32
Two Steps to Implement HTTP/2 Gateway
That’s it... really!
HTTP/2 Profile ADC with Virtual Server
![Page 33: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/33.jpg)
© F5 Networks, Inc 33
HTTP/1.1
So It’s All Good?
![Page 34: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/34.jpg)
© F5 Networks, Inc 34
HTTP/2
HTTP/1.1 bottleneck removed!
So It’s All Good?
![Page 35: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/35.jpg)
© F5 Networks, Inc 35
“As with all performance optimisation processes, the moment you remove one performance bottleneck, you
unlock the next one. In the case of HTTP/2, TCP may be it. Which is why, once again, a well-tuned TCP stack on the server is such a critical optimisation criteria for HTTP/2.”
“High Performance Browser Networking” – Ilya Grigorik, O’Reilly Media
What Do We All Know About Bottlenecks?
![Page 36: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/36.jpg)
© F5 Networks, Inc 36
TCP
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 0000101001100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 000011 0100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 000 00 00001101 00001010 01100011 01100001 01110100 00001101 00001010
We’re Only Moving the Bottleneck
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00 100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001 10100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 1110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
![Page 37: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/37.jpg)
© F5 Networks, Inc 37
TCP Inefficiencies Might Be the Next Bottleneck
Things to consider
• Congestion control
• Window sizing
• Multipath TCP
• High RTT and packet loss links (radio)
![Page 38: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/38.jpg)
© F5 Networks, Inc 38
00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011
01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 0000101001100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 0
00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011
Know any good ones?
Perhaps You Need a TCP Optimiser?
RTT = 100 msTCP algorithm = Westwood+
TCP window scale = 65,535 KB
RTT = 1 msTCP algorithm = HighspeedTCP window scale = 1 MB
![Page 39: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/39.jpg)
© F5 Networks, Inc 39
Summary
• Binary protocol
• TCP optimisations required
• SSL offload essential
• Significant performance improvements
• Reduced header overhead
• Smaller page size
• Fully multiplexed connections
Impact Performance Opportunities
• Server push possibilities
• Leverage existing ADC
![Page 40: F5 EMEA Webinar Oct'15: http2 how to ease the transition](https://reader030.vdocument.in/reader030/viewer/2022033106/5888c16f1a28ab200f8b5641/html5/thumbnails/40.jpg)