SlideShare a Scribd company logo

F5 EMEA Webinar Oct'15: http2 how to ease the transition

Download as PPTX, PDF
Dmitry Tikhovich
Dmitry Tikhovich

HTTP/2 is here. It improves the way browsers and servers communicate, allowing for faster transfer of information. Today’s websites use many different components besides standard HTML, including design elements, client-side scripting, images, video, and flash animations. To transfer that information, a browser has to create several connections, putting a huge load on both the server delivering the content and the browser, which can lead to a slowdown as more and more elements are added to a site.

Related slideshows

Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12Lior rotkovitch ASM WAF unified learning – building policy with asm v12
Lior rotkovitch ASM WAF unified learning – building policy with asm v12
 
Decrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern TrafficDecrypting and Selectively Inspecting Modern Traffic
Decrypting and Selectively Inspecting Modern Traffic
 
User Expert forum Wildfire configuration
User Expert forum Wildfire configurationUser Expert forum Wildfire configuration
User Expert forum Wildfire configuration
 
1 of 40
HTTP/2: How to Ease the Transition F5 EMEA Webinar October 2015 Presenter Title
© F5 Networks, Inc 2 74% of users will leave a slow web site after just 5 seconds or less Every 100 ms delay costs Amazon 1% in sales No one Likes Slow Slow application: Reduced productivity
© F5 Networks, Inc 3 Things Are Not Getting Easier Mobile devices of global now account for Internet traffic35% 0 10 20 30 40 2009 2010 2011 2012 2013 2015 The average web page has grown since 2008 3x 2.1MB Growing exponentially Radio = Latency Fiber Cable LTE 34% Mostly use mobile Internet
© F5 Networks, Inc 4 2015 2016 COMPRESSION12% 21% ACCELERATION12% 25% SSL OFFLOAD9% 21% CACHING9% 19% Addressing Performance Challenges F5 survey shows growth in plans to deploy performance related services
© F5 Networks, Inc 5 1996 HTTP/1.0 • Static content • Small objects • Low number of objects HTTP Timeline
© F5 Networks, Inc 6 1996 HTTP/1.0 1999 HTTP/1.1 • Dynamic content • Bigger objects • More objects HTTP Timeline
© F5 Networks, Inc 7 1996 HTTP/1.0 1999 HTTP/1.1 2004 YouTube • Video content • User generated content Hey Nice Cat! His name is Mittens. HTTP Timeline
© F5 Networks, Inc 8 1996 HTTP/1.0 1999 HTTP/1.1 2004 YouTube 2009 SPDY • More objects • Bigger objects • Mobile devices HTTP/2 Timeline
© F5 Networks, Inc 9 1996 HTTP/1.0 1999 HTTP/1.1 2004 YouTube 2009 SPDY 2015 HTTP/2 HTTP/2 Timeline
© F5 Networks, Inc 10 1 request = 1 connection • Connection setup is expensive • Inefficient when large numbers of objects on page • Mitigated in part with keep-alive What Were the Issues with HTTP/1?
© F5 Networks, Inc 11 ? What Were the Issues with HTTP/1? No virtual host support • Each site needs 1 IP address • Inefficient use of addresses • Multi homing server limits (255 per server on Linux < 2.2 kernel)
© F5 Networks, Inc 12 What Were the Issues with HTTP/1? Primitive caching • Cache invalidation used absolute times • Clock skew caused problems • Not explicit enough
© F5 Networks, Inc 13 1996: HTTP/1.1 • Cache-control header • Max-age directive • Etag header • Default = all connections • No keepalive messages • Servers still have timeouts CACHING PERSISTENT CONNECTIONS VIRTUAL HOSTS • Host header now required • Multiple sites 1 IP address
© F5 Networks, Inc 14 What Are the Issues with HTTP/1.1? Requests are blocking • 1 connection can only process 1 request at a time • Slow object blocks others downloading • Solution – multiple connections
© F5 Networks, Inc 15 meowmewomeowmeowmeow meowmeowmeowmeoMeowm ewomeowmeowmeowmeowm eowmeowmeomeowmewome owmeowmeowmeowmeowme owmeoMeowmewomeowmeo wmeowmeowmeowmeowmeo meowmewomeowmeowmeow meowmeowmeowmeoMeowm ewmeowmewomeowmeowme owmeowmeowmeowmeoMeo wmewomeowmeowmeowmeo wmeowmeowmeomeowmewo meowmeowmeowmeowmeow meowmeoMeowmewomeowm eowmeowmeowmeowmeowm eomeowmewomeowmeowme owmeowmeowmeowmeoMeo wmewomeowmeowmeowmeo wmeowmeowmewoofmeow Header Data Not that efficient • Headers not compressed • Header numbers and size increasing What Are the Issues with HTTP/1.1?
© F5 Networks, Inc 16 Workarounds can be counter productive • Multi-origin websites cause clients to open up to 30 TCP connections What Are the Issues with HTTP/1.1? .css /images/ HTML
© F5 Networks, Inc 17 2009: SPDY • Concurrent requests • Single connection • (More on this later) • Reduced header overhead • Smaller page size Multiplexed Requests Compressed Headers Requires TLS • Enforced SSL security • (Whether you want it or not)
© F5 Networks, Inc 18 What Are the Issues with SPDY? • Not a standard • Forced secure connections (TLS) • Maybe not as SPDY? (depending on who you listen to) • Insecure compression
© F5 Networks, Inc 19 • Multiplexed requests • "Safe" compression • TLS optional* • Stronger cryptography 2015: HTTP/2 is Here! *) Not in practice
© F5 Networks, Inc 20 Request Multiplexing is a major contributor to improved HTTP/2 performance • Multiple outstanding requests per connection • Uses a construct known as "streams" • Max number of streams is configurable (ADC default is typically 10) Multiplexed Requests
© F5 Networks, Inc 21 Hello Hello May I have a picture of a cat please? Here is a cat May I also have a picture of a dog? Here is a dog May I also have a picture of a turtle? Here is a turtle Thanks, bye Bye Hello Hello May I have a picture of a cat please? And another cat? And a dog? Here is a cat And a dog May I also have a picture of a turtle?. Here is another cat And a turtle Thanks, bye Bye HTTP/1.1 HTTP/2
© F5 Networks, Inc 22 • 100 images • 100 ms (added) latency • Served from Microsoft Azure • Page load 18seconds HTTP/1.1
© F5 Networks, Inc 23 • 100 images • 100 ms (added) latency • Served from Microsoft Azure • Page load 5seconds HTTP/2
© F5 Networks, Inc 24 method GET scheme HTTPS host F5.com path /resource accept image/jpeg user-agent Mozilla/5.0 … method GET scheme HTTPS host F5.com path /images accept image/jpeg user-agent Mozilla/5.0 … Request 1 Request 2 method: Get scheme: HTTPS host: f5.com path: /resource accept: image/jpg user-agent: Mozilla/…. Stream 1 headers Method: Get Scheme: HTTPS Host: f5.com path: /images Accept: image/jpg User-agent: Mozilla/…. Stream 2 headers • Most headers are the same between requests • Why send them every time? • Just keep a header table on each side of the connection • Update only what has changed in each stream Compression for Headers
© F5 Networks, Inc 25 TLS is Not Mandatory. But it is Really.
© F5 Networks, Inc 26 • Minimum requirements • TLS 1.2 or newer required for HTTP/2 • Ephemeral keys only (forward secrecy) • Prefer authenticated encryption modes like Galois/Counter Mode (GCM) • Minimal key sizes 128 bit EC, 2048 bit RSA • TLS 1.2 still has vulnerabilities (e.g. CVE-2015-4000 aka "Logjam") • Default ADC implementations mitigate most risks Stronger Cryptography
© F5 Networks, Inc 27 Browser Support for HTTP/2 Source: "Can I use", http://caniuse.com/#search=http2
© F5 Networks, Inc 28 The requirement that all application traffic be secured via TLS/SSL Incompatibility with current security infrastructure Lack of familiarity with the technology Low availability of HTTP/2 services Lack of back-end support Lack of backward compatibility with HTTP/1.x 19% 28% 29% 31% 31% 41% Potential Barriers that Slow Adoption of HTTP/2 Source: IDG Enterprise Research
© F5 Networks, Inc 29 01101101 01100101 01101111 01110111 Optimisation Security Reporting HTTP/2 Client HTTP/2 Server • Limited web server availability • Little to no security infrastructure • Little to no visibility and reporting HTTP/2 Impacts the Infrastructure
© F5 Networks, Inc 30 01101101 01100101 HTTP/1.x Client HTTP/2 Server ADC Protocol Gateways GET /images/cat.jpgSecurity Optimisation Reporting • Gain most of the performance benefits of HTTP/2 • Can service both HTTP/2 and non HTTP/2 traffic • Use HTTP/1.1 downstream of gateway • Retain full visibility into traffic • Don’t need to refresh infrastructure HTTP/2 Gateway
© F5 Networks, Inc 31 01101101 01100101 HTTP/1.x Server ADC GET /images/cat.jpg • Gain most of the performance benefits of HTTP/2 • Can service both HTTP/2 and non HTTP/2 traffic • Use HTTP/1.1 downstream of gateway • Retain full visibility into traffic • Don’t need to refresh infrastructure HTTP/2 Gateway 01101101 01100101 GET /images/cat.jpg Protocol Gateways SPDY HTTP/2 HTTP/1.1 HTTP/1.1 GET /images/cat.jpg Security Optimisation Reporting
© F5 Networks, Inc 32 Two Steps to Implement HTTP/2 Gateway That’s it... really! HTTP/2 Profile ADC with Virtual Server
© F5 Networks, Inc 33 HTTP/1.1 So It’s All Good?
© F5 Networks, Inc 34 HTTP/2 HTTP/1.1 bottleneck removed! So It’s All Good?
© F5 Networks, Inc 35 “As with all performance optimisation processes, the moment you remove one performance bottleneck, you unlock the next one. In the case of HTTP/2, TCP may be it. Which is why, once again, a well-tuned TCP stack on the server is such a critical optimisation criteria for HTTP/2.” “High Performance Browser Networking” – Ilya Grigorik, O’Reilly Media What Do We All Know About Bottlenecks?
© F5 Networks, Inc 36 TCP 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 0000101001100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 000011 0100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 000 00 00001101 00001010 01100011 01100001 01110100 00001101 00001010 We’re Only Moving the Bottleneck 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00 100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001 10100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 1110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
© F5 Networks, Inc 37 TCP Inefficiencies Might Be the Next Bottleneck Things to consider • Congestion control • Window sizing • Multipath TCP • High RTT and packet loss links (radio)
© F5 Networks, Inc 38 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 0000101001100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 0 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 Know any good ones? Perhaps You Need a TCP Optimiser? RTT = 100 ms TCP algorithm = Westwood+ TCP window scale = 65,535 KB RTT = 1 ms TCP algorithm = Highspeed TCP window scale = 1 MB
© F5 Networks, Inc 39 Summary • Binary protocol • TCP optimisations required • SSL offload essential • Significant performance improvements • Reduced header overhead • Smaller page size • Fully multiplexed connections Impact Performance Opportunities • Server push possibilities • Leverage existing ADC
F5 EMEA Webinar Oct'15: http2 how to ease the transition

More Related Content

F5 EMEA Webinar Oct'15: http2 how to ease the transition

  • 1. HTTP/2: How to Ease the Transition F5 EMEA Webinar October 2015 Presenter Title
  • 2. © F5 Networks, Inc 2 74% of users will leave a slow web site after just 5 seconds or less Every 100 ms delay costs Amazon 1% in sales No one Likes Slow Slow application: Reduced productivity
  • 3. © F5 Networks, Inc 3 Things Are Not Getting Easier Mobile devices of global now account for Internet traffic35% 0 10 20 30 40 2009 2010 2011 2012 2013 2015 The average web page has grown since 2008 3x 2.1MB Growing exponentially Radio = Latency Fiber Cable LTE 34% Mostly use mobile Internet
  • 4. © F5 Networks, Inc 4 2015 2016 COMPRESSION12% 21% ACCELERATION12% 25% SSL OFFLOAD9% 21% CACHING9% 19% Addressing Performance Challenges F5 survey shows growth in plans to deploy performance related services
  • 5. © F5 Networks, Inc 5 1996 HTTP/1.0 • Static content • Small objects • Low number of objects HTTP Timeline
  • 6. © F5 Networks, Inc 6 1996 HTTP/1.0 1999 HTTP/1.1 • Dynamic content • Bigger objects • More objects HTTP Timeline
  • 7. © F5 Networks, Inc 7 1996 HTTP/1.0 1999 HTTP/1.1 2004 YouTube • Video content • User generated content Hey Nice Cat! His name is Mittens. HTTP Timeline
  • 8. © F5 Networks, Inc 8 1996 HTTP/1.0 1999 HTTP/1.1 2004 YouTube 2009 SPDY • More objects • Bigger objects • Mobile devices HTTP/2 Timeline
  • 9. © F5 Networks, Inc 9 1996 HTTP/1.0 1999 HTTP/1.1 2004 YouTube 2009 SPDY 2015 HTTP/2 HTTP/2 Timeline
  • 10. © F5 Networks, Inc 10 1 request = 1 connection • Connection setup is expensive • Inefficient when large numbers of objects on page • Mitigated in part with keep-alive What Were the Issues with HTTP/1?
  • 11. © F5 Networks, Inc 11 ? What Were the Issues with HTTP/1? No virtual host support • Each site needs 1 IP address • Inefficient use of addresses • Multi homing server limits (255 per server on Linux < 2.2 kernel)
  • 12. © F5 Networks, Inc 12 What Were the Issues with HTTP/1? Primitive caching • Cache invalidation used absolute times • Clock skew caused problems • Not explicit enough
  • 13. © F5 Networks, Inc 13 1996: HTTP/1.1 • Cache-control header • Max-age directive • Etag header • Default = all connections • No keepalive messages • Servers still have timeouts CACHING PERSISTENT CONNECTIONS VIRTUAL HOSTS • Host header now required • Multiple sites 1 IP address
  • 14. © F5 Networks, Inc 14 What Are the Issues with HTTP/1.1? Requests are blocking • 1 connection can only process 1 request at a time • Slow object blocks others downloading • Solution – multiple connections
  • 15. © F5 Networks, Inc 15 meowmewomeowmeowmeow meowmeowmeowmeoMeowm ewomeowmeowmeowmeowm eowmeowmeomeowmewome owmeowmeowmeowmeowme owmeoMeowmewomeowmeo wmeowmeowmeowmeowmeo meowmewomeowmeowmeow meowmeowmeowmeoMeowm ewmeowmewomeowmeowme owmeowmeowmeowmeoMeo wmewomeowmeowmeowmeo wmeowmeowmeomeowmewo meowmeowmeowmeowmeow meowmeoMeowmewomeowm eowmeowmeowmeowmeowm eomeowmewomeowmeowme owmeowmeowmeowmeoMeo wmewomeowmeowmeowmeo wmeowmeowmewoofmeow Header Data Not that efficient • Headers not compressed • Header numbers and size increasing What Are the Issues with HTTP/1.1?
  • 16. © F5 Networks, Inc 16 Workarounds can be counter productive • Multi-origin websites cause clients to open up to 30 TCP connections What Are the Issues with HTTP/1.1? .css /images/ HTML
  • 17. © F5 Networks, Inc 17 2009: SPDY • Concurrent requests • Single connection • (More on this later) • Reduced header overhead • Smaller page size Multiplexed Requests Compressed Headers Requires TLS • Enforced SSL security • (Whether you want it or not)
  • 18. © F5 Networks, Inc 18 What Are the Issues with SPDY? • Not a standard • Forced secure connections (TLS) • Maybe not as SPDY? (depending on who you listen to) • Insecure compression
  • 19. © F5 Networks, Inc 19 • Multiplexed requests • "Safe" compression • TLS optional* • Stronger cryptography 2015: HTTP/2 is Here! *) Not in practice
  • 20. © F5 Networks, Inc 20 Request Multiplexing is a major contributor to improved HTTP/2 performance • Multiple outstanding requests per connection • Uses a construct known as "streams" • Max number of streams is configurable (ADC default is typically 10) Multiplexed Requests
  • 21. © F5 Networks, Inc 21 Hello Hello May I have a picture of a cat please? Here is a cat May I also have a picture of a dog? Here is a dog May I also have a picture of a turtle? Here is a turtle Thanks, bye Bye Hello Hello May I have a picture of a cat please? And another cat? And a dog? Here is a cat And a dog May I also have a picture of a turtle?. Here is another cat And a turtle Thanks, bye Bye HTTP/1.1 HTTP/2
  • 22. © F5 Networks, Inc 22 • 100 images • 100 ms (added) latency • Served from Microsoft Azure • Page load 18seconds HTTP/1.1
  • 23. © F5 Networks, Inc 23 • 100 images • 100 ms (added) latency • Served from Microsoft Azure • Page load 5seconds HTTP/2
  • 24. © F5 Networks, Inc 24 method GET scheme HTTPS host F5.com path /resource accept image/jpeg user-agent Mozilla/5.0 … method GET scheme HTTPS host F5.com path /images accept image/jpeg user-agent Mozilla/5.0 … Request 1 Request 2 method: Get scheme: HTTPS host: f5.com path: /resource accept: image/jpg user-agent: Mozilla/…. Stream 1 headers Method: Get Scheme: HTTPS Host: f5.com path: /images Accept: image/jpg User-agent: Mozilla/…. Stream 2 headers • Most headers are the same between requests • Why send them every time? • Just keep a header table on each side of the connection • Update only what has changed in each stream Compression for Headers
  • 25. © F5 Networks, Inc 25 TLS is Not Mandatory. But it is Really.
  • 26. © F5 Networks, Inc 26 • Minimum requirements • TLS 1.2 or newer required for HTTP/2 • Ephemeral keys only (forward secrecy) • Prefer authenticated encryption modes like Galois/Counter Mode (GCM) • Minimal key sizes 128 bit EC, 2048 bit RSA • TLS 1.2 still has vulnerabilities (e.g. CVE-2015-4000 aka "Logjam") • Default ADC implementations mitigate most risks Stronger Cryptography
  • 27. © F5 Networks, Inc 27 Browser Support for HTTP/2 Source: "Can I use", http://caniuse.com/#search=http2
  • 28. © F5 Networks, Inc 28 The requirement that all application traffic be secured via TLS/SSL Incompatibility with current security infrastructure Lack of familiarity with the technology Low availability of HTTP/2 services Lack of back-end support Lack of backward compatibility with HTTP/1.x 19% 28% 29% 31% 31% 41% Potential Barriers that Slow Adoption of HTTP/2 Source: IDG Enterprise Research
  • 29. © F5 Networks, Inc 29 01101101 01100101 01101111 01110111 Optimisation Security Reporting HTTP/2 Client HTTP/2 Server • Limited web server availability • Little to no security infrastructure • Little to no visibility and reporting HTTP/2 Impacts the Infrastructure
  • 30. © F5 Networks, Inc 30 01101101 01100101 HTTP/1.x Client HTTP/2 Server ADC Protocol Gateways GET /images/cat.jpgSecurity Optimisation Reporting • Gain most of the performance benefits of HTTP/2 • Can service both HTTP/2 and non HTTP/2 traffic • Use HTTP/1.1 downstream of gateway • Retain full visibility into traffic • Don’t need to refresh infrastructure HTTP/2 Gateway
  • 31. © F5 Networks, Inc 31 01101101 01100101 HTTP/1.x Server ADC GET /images/cat.jpg • Gain most of the performance benefits of HTTP/2 • Can service both HTTP/2 and non HTTP/2 traffic • Use HTTP/1.1 downstream of gateway • Retain full visibility into traffic • Don’t need to refresh infrastructure HTTP/2 Gateway 01101101 01100101 GET /images/cat.jpg Protocol Gateways SPDY HTTP/2 HTTP/1.1 HTTP/1.1 GET /images/cat.jpg Security Optimisation Reporting
  • 32. © F5 Networks, Inc 32 Two Steps to Implement HTTP/2 Gateway That’s it... really! HTTP/2 Profile ADC with Virtual Server
  • 33. © F5 Networks, Inc 33 HTTP/1.1 So It’s All Good?
  • 34. © F5 Networks, Inc 34 HTTP/2 HTTP/1.1 bottleneck removed! So It’s All Good?
  • 35. © F5 Networks, Inc 35 “As with all performance optimisation processes, the moment you remove one performance bottleneck, you unlock the next one. In the case of HTTP/2, TCP may be it. Which is why, once again, a well-tuned TCP stack on the server is such a critical optimisation criteria for HTTP/2.” “High Performance Browser Networking” – Ilya Grigorik, O’Reilly Media What Do We All Know About Bottlenecks?
  • 36. © F5 Networks, Inc 36 TCP 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 0000101001100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 000011 0100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 000 00 00001101 00001010 01100011 01100001 01110100 00001101 00001010 We’re Only Moving the Bottleneck 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00 100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001 10100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 1110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010
  • 37. © F5 Networks, Inc 37 TCP Inefficiencies Might Be the Next Bottleneck Things to consider • Congestion control • Window sizing • Multipath TCP • High RTT and packet loss links (radio)
  • 38. © F5 Networks, Inc 38 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 01100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 0000101001100011 01100001 01110100 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 0 00001101 00001010 01100011 01100001 01110100 00001101 00001010 01100011 Know any good ones? Perhaps You Need a TCP Optimiser? RTT = 100 ms TCP algorithm = Westwood+ TCP window scale = 65,535 KB RTT = 1 ms TCP algorithm = Highspeed TCP window scale = 1 MB
  • 39. © F5 Networks, Inc 39 Summary • Binary protocol • TCP optimisations required • SSL offload essential • Significant performance improvements • Reduced header overhead • Smaller page size • Fully multiplexed connections Impact Performance Opportunities • Server push possibilities • Leverage existing ADC

Editor's Notes

  1. http://www.webperformancetoday.com/2013/05/06/psychology-waiting-faster-online-checkout/ Does anyone like slow applications. 5 seconds is actually a long time.
  2. So more mobile devices over higher latency radio networks and larger webpages. Hmm sounds like a recipe for application performance problems. http://www.fiercewireless.com/special-reports/3g4g-wireless-network-latency-how-do-verizon-att-sprint-and-t-mobile-compar http://techcrunch.com/2013/05/29/mary-meeker-2013-internet-trends/ http://www.pewinternet.org/fact-sheets/mobile-technology-fact-sheet/
  3. The dawn of a new era for human-kind….online cat videos!
  4. Today’s digital era has fundamentally changed the datacenter strategy. Yesterday’s approach, where aps were centrally managed under one infrastructure, datacenter boundaries provided protection, and IT staff ensured availability, performance, and security, can no longer support today’s dynamic application infrastructure. The data center is evolving as more apps move to private and public cloud and traditional data center perimeters are blurred. CIOs want to maintain control as they seek greater agility and cost savings with cloud adoption, and DevOps is driving app orchestration and management outside of IT. These trends, coupled with new complexities—lack of integration across cloud vendors plus availability and security guarantees limited only to individual services and not the apps themselves—require a new data center strategy, one that is app-centric. An app-centric strategy enables IT to drive consistent delivery of services, regardless of deployment model. Focused at the app-level, IT can abstract away from the complexities of disparate cloud providers, gain insight into traffic data, and leverage existing skills and policies while enabling DevOps.
  5. Today’s digital era has fundamentally changed the datacenter strategy. Yesterday’s approach, where aps were centrally managed under one infrastructure, datacenter boundaries provided protection, and IT staff ensured availability, performance, and security, can no longer support today’s dynamic application infrastructure. The data center is evolving as more apps move to private and public cloud and traditional data center perimeters are blurred. CIOs want to maintain control as they seek greater agility and cost savings with cloud adoption, and DevOps is driving app orchestration and management outside of IT. These trends, coupled with new complexities—lack of integration across cloud vendors plus availability and security guarantees limited only to individual services and not the apps themselves—require a new data center strategy, one that is app-centric. An app-centric strategy enables IT to drive consistent delivery of services, regardless of deployment model. Focused at the app-level, IT can abstract away from the complexities of disparate cloud providers, gain insight into traffic data, and leverage existing skills and policies while enabling DevOps.
  6. Compression used DEFLATE which is vulnerable to the CRIME exploit
  7. HTTP/2 was developed by the IETF’s HTTP Working Group, which maintains the HTTP protocol. It’s made up of a number of HTTP implementers, users, network operators and HTTP experts. Today’s digital era has fundamentally changed the datacenter strategy. Yesterday’s approach, where aps were centrally managed under one infrastructure, datacenter boundaries provided protection, and IT staff ensured availability, performance, and security, can no longer support today’s dynamic application infrastructure. The data center is evolving as more apps move to private and public cloud and traditional data center perimeters are blurred. CIOs want to maintain control as they seek greater agility and cost savings with cloud adoption, and DevOps is driving app orchestration and management outside of IT. These trends, coupled with new complexities—lack of integration across cloud vendors plus availability and security guarantees limited only to individual services and not the apps themselves—require a new data center strategy, one that is app-centric. An app-centric strategy enables IT to drive consistent delivery of services, regardless of deployment model. Focused at the app-level, IT can abstract away from the complexities of disparate cloud providers, gain insight into traffic data, and leverage existing skills and policies while enabling DevOps.
  8. That’s a 350% improvement!
  9. Since HTTP has always been STATELESS it has meant that, until now, every connection has had to send EVERY header since the client cannot assume that the server knows anything about it. Operational ramification: New header compression techniques will mean caches and upstream infrastructure which may act upon those headers will need to be able to speak HPACK.
  10. Important to remember that SSL/TLS is not a set-it-and-forget-it configuration. Practise good sec… always review TLS settings on a monthly or quarterly basis…. Remove unnecessary protocols (use your ADC or public websites such as SSL Pulse) to review whether you need to support old protocols Use your ADC to remove weak ciphers, prefer stronger cipher suites and apply in-line protocol patching (if necessary) Operational ramification: Upstream infrastructure (caches, load balancers, NGFW, access management) will be blinded by encryption and unable to perform their functions.
  11. So virtually all modern browsers already support HTTP2. Some notes… IE v11 only supports HTTP2 on Windows 10 Some mobile browsers do NOT support HTTP2 (e.g. Android Browser) but it DOES support SPDY, so ideally you want an ADC that can negotiate HTTP2 and SPDY
  12. We’ve already mentioned… Regular inline tools (caches, reporting tools) will lose visibility since they don’t understand the binary protocol May require changes to TCP profiles (idle time outs, etc) Also important to recognise that HTTP2 is BINARY. This alone makes HTTP2 incompatible with HTTP1.1. Any tool which uses HTTP1.1 will be rendered useless.
  13. Translate HTTP2 to HTTP1.1 Translate binary to traditional ASCII Decrypt TLS to clear text Use your ADC to act as an HTTP2, SPDY and possibly even IPv6 gateway
  14. Translate HTTP2 to HTTP1.1 Translate binary to traditional ASCII Decrypt TLS to clear text Use your ADC to act as an HTTP2, SPDY and possibly even IPv6 gateway
  15. TCP is the next bottleneck