Feature Description - HTTP2 Technical Preview

1 Introduction

HTTP/2 is a new release of the HTTP protocol. HTTP/2 has huge potential and most browsers, many clients and applications already support it. There are a number of inflexibility, inefficiency and performance challenges with HTTP/1 that are solved by HTTP/2. Several of the benefits of HTTP/2 are below:

Multiplexing and concurrency: Several requests can be sent in rapid succession in the same TCP connection. Responses can be received out of order – eliminating the need for multiple connections between the client and the server.

Stream dependencies: The client can indicate to the server which of the resources are more important than others

Header compression: HTTP header size is drastically reduced

Server push: The server can send resources that the client has not yet requested

Used under license U S Patent.png

The LoadMaster also supports HTTP/2 – the LoadMaster can convert HTTP/2 traffic to HTTP/1.1 traffic in the back-end before it hits the Real Servers. These Real Servers do not need to have SSL enabled.

The HTTP/2 Technical Preview for LoadMaster is an early release of HTTP/2 functionality that KEMP plan on including in a future release as a standard feature. The preview has not been subjected to a complete Quality Assurance (QA) cycle and is not functionally complete. As a result of this, it should not be used in production environments.

The Technical Preview implements HTTP/2 optimizations, such as request pipelining and request multiplexing to reduce the request load on back-end servers. This results in a significantly improved end user experience when using a browser with HTTP/2 support. HTTP/2 works with a number of LoadMaster features, such as content switching, content caching, advanced persistence, header injection and the Web Application Firewall (WAF).

1.1 Document Purpose

The purpose of this document is to show you how to enable HTTP/2 in the LoadMaster and provide test website content for you to test the functionality against.

1.2 Intended Audience

This document is intended to be used by anyone interested in enabling HTTP/2 in the LoadMaster.

1.3 Limitations

Some limitations are listed below:

HTTP/2 in the LoadMaster is not currently compatible with the Edge Security Pack (ESP).

Certain ciphers are not supported when using HTTP/2 – but these are automatically disabled when HTTP/2 support is enabled in the LoadMaster.

If either NT LAN Manager (NTLM) or Kerberos authentication is enabled on a Virtual Service, HTTP/2 will be disabled. Similarly, if HTTP/2 support is enabled on a Virtual Service, NTLM/Kerberos authentication will be disabled.

1.4 Support

If you have any questions or need assistance, send an email to techpreview@kemptechnologies.com to connect with the Technical Preview team.

2 Download and Install the HTTP/2 Patch

HTTP/2 functionality is currently available as a Technical Preview. A LoadMaster firmware update patch needs to be installed in order to gain access to this functionality. To download the Technical Preview patch for HTTP/2, follow the link provided in the invitation email, or contact techpreview@kemptechnologies.com.

After downloading the patch, follow the steps below to install it:

As the update process requires a reboot, KEMP recommend that the software update is performed during a maintenance window.

1. In the main menu of the LoadMaster WUI, go to System Configuration > System Administration > Update Software.

2. Click Choose File.

3. Browse to and select the patch file.

Download and Install the HTTP.png

4. Click Update Machine.

5. Click OK to install the software after validation is complete. Once installed, the LoadMaster will need to be rebooted. 

6. Click Reboot Now.

7. Click Continue.

When the LoadMaster becomes accessible again, the firmware version will be displayed in the top-right corner, for example 7.1.34.1.HTTP2.13199.RAPID.

3 Enable HTTP/2 in a Virtual Service

Follow the steps below to enable HTTP/2 in a Virtual Service in the LoadMaster:

1. In the LoadMaster Web User Interface (WUI), go to Virtual Services > View/Modify Services.

2. Click Modify on the relevant Virtual Service.

3. Expand the SSL Properties section.

Enable HTTP 2 in a Virtual.png

4. Select the Enabled check box.

HTTP/2 is only available if SSL Acceleration is Enabled.

HTTP/2 also works with SSL re-encryption, which helps with applications that require both encrypted flows in addition to L7 functionality.

5. Expand the Advanced Properties section.

Enable HTTP 2 in a Virtual_1.png

6. Select the Support HTTP/2 check box.

7. Configure any other settings as needed.

For details on each of the options in the WUI, refer to the Web User Interface (WUI), Configuration Guide.

3.1 HTTP/2 Service Type

In addition to the Support HTTP/2 option in Advanced Properties, there is also a HTTP/2 Virtual Service Type. However, this only offers generic pass through and it does not offer any Layer 7 options beyond address translation (transparency, subject originating, alternate source). This option has no impact on the Technical Preview and should not be selected. This option will be removed in the production release.

4 Evaluating HTTP/2

To assist with the evaluation of the HTTP/2 Technical Preview, KEMP have provided a simple web page that consists of an image made up of 1024 individual image ‘tiles’. This page provides a visual guide to the optimization available with HTTP/2 as the tiled image renders much faster with HTTP/2.

4.1 Example Test Environment

Example Test Environment.png

The test environment is focused on providing a visual comparison of the same page being loaded usingHTTP/2 and HTTP 1.1. A web page is hosted on a Real Server and the LoadMaster is configured with a Virtual Service for HTTP/2 and a Virtual Service for HTTP 1.1. Both Virtual Services use the same Real Server.

The following are recommended in order to evaluate HTTP/2 correctly:

Browser: Google Chrome is probably the best browser to use for HTTP/2 testing. To check what browsers support HTTP/2, please visit the following website: http://caniuse.com/#feat=http2

LoadMaster: Use LoadMaster firmware version 7.1.34 or later and apply the HTTP/2 Technical Preview patch before configuring.

Web Server: Any HTTP 1.1 capable server will suffice. The sample page provided is a simple web page with multiple images.

For the test, KEMP created a:

HTTP 1.1 Virtual Service on port 80 with SSL Acceleration disabled.

HTTP/2 Virtual Service on port 8080 with SSL Acceleration enabled.

In the example below, the Virtual Services are on 192.168.0.9 and the Real Server is on 192.168.0.10.

4.1.1 Create the HTTP 1.1 Virtual Service

To create the HTTP 1.1 Virtual Service, follow the steps below:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

Create the HTTP 1 1 Virtual.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 80 in the Port text box.

4. Enter a Service Name, for example HTTP 1.1.

5. Click Add this Virtual Service.

6. Configure any other details as needed.

7. Expand the Real Servers section.

8. Click Add New.

Create the HTTP 1 1 Virtual_1.png

9. Enter the Real Server Address.

10. Enter 80 as the Port.

11. Click Add This Real Server.

4.1.2 Create the HTTP/2 Virtual Service

To create the HTTP/2 Virtual Service, follow the steps below:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

Create the HTTP 2 Virtual.png

2. Enter a valid IP address in the Virtual Address text box.

3. Enter 8080 (or any other available port) in the Port text box.

4. Enter a Service Name, for example HTTP2 Test.

5. Click Add this Virtual Service.

6. Expand the SSL Properties section.

Create the HTTP 2 Virtual_1.png

7. Tick the Enabled check box.

SSL is mandatory for HTTP/2.

8. Expand the Advanced Properties section.

Create the HTTP 2 Virtual_2.png

9. Tick the Support HTTP/2 check box.

10. Configure any other details as needed.

11. Expand the Real Servers section.

12. Click Add New.

Create the HTTP 1 1 Virtual_1.png

13. Enter the Real Server Address.

14. Enter 80 as the Port.

15. Click Add This Real Server.

The HTTP/2 Virtual Service on the LoadMaster will communicate with the server using HTTP 1.1.

4.1.3 Performing Tests

To test the performance gains from HTTP/2, the simplest way is to visualize the impact by using a web page which contains a large number of elements, such as images. KEMP have provided a sample web page that displays an image made up of 1024 image ‘tiles’. Simply browse to the HTTP/2 and HTTP 1.1 Virtual Services to see the difference in performance. Ensure you use a HTTP/2-enabled browser, such as Chrome, when performing this test.

The KEMP HTTP/2 test page is available here: http://kemptechnologies.com/files/assets/tools/KEMP-TechPreview-HTTP2-TestPage.zip

Other tools and utilities for testing HTTP/2 are listed here: https://blog.cloudflare.com/tools-for-debugging-testing-and-using-http-2/

 

 

References

Unless otherwise specified, the following documents can be found at http://kemptechnologies.com/documentation.

Web User Interface (WUI), Configuration Guide

Document History

 

Date

Change

Reason for Change

Version

Resp.

July 2016

Initial draft

First draft of document

1.0

LB

July 2016

Minor updates

Enhancements made

2.0

LB

Jan 2017 Release updates Updates for 7.2.37 3.0 LB
Feb 2017 Minor updates Enhancements made 4.0 LB
Feb 2017 Minor updates Enhancements made 5.0 LB

 

 

 

Was this article helpful?

0 out of 0 found this helpful

Comments