Upload
darrell-king
View
235
Download
2
Embed Size (px)
Citation preview
Iain RobertsonSystems EngineerBrocadeAccelerating applications in AWS with HTTP/2
1
Fill out the feedback form and go in a draw to win a drone today.Drone to be Won Today!
Title Goes Here7/5/2016Page 2 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
AgendaWho are Brocade (and why are we at an AWS focused event?)Accelerating web-based applications using HTTP/2How to try out this stuff3
Brocade and vADC
BrocadeNot just a storage connectivity company any moreFocused on datacentre products: virtualised, software defined, or hardwareAcquired Vyatta, Inc. (2012)Acquired SteelApp from Riverbed (2015), subsequently relabelled vADC Formerly known as StingrayFormerly known as Zeus Traffic Manager(Its had a few names)5
Why vADC?Hundreds of reasons to consider; heres a few:TLS 1.2 supportSNI supportHTTP/2 (with proxying to HTTP/1.1 if required)CompressionMulti-provider cloud/hybrid cloud
Integrated WAFCompressionDIY CDN with flexibility (S3 frontend)Inline content manipulationetc6
vADC Architecture 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY7
Request
Response
SSL DecryptionService ProtectionTCP OffloadRate ShapingApplication FirewallContent CompressionHTTP CachingTCP OffloadService Level MonitoringBandwidth ShapingTransaction LoggingApplication FirewallPool(Server Connections)Virtual Server(Client Connections)Load BalancingSession PersistenceBandwidth ShapingSSL EncryptionHTTP MultiplexingConcurrency ControlApplication Auto-ScalingHealth Monitors
Request RulesRule BuilderTrafficScriptJava
Response RulesRule BuilderTrafficScriptJava
Completion RulesTrafficScript
Web / ApplicationServers
This slide shows how traffic passes through the Traffic Manager, and where each logical function occurs.
[Click] TrafficScript allows you to act on a Request, [CLICK] A Response, or at the end of a transaction7
(Amazon themselves have brought us in where ELB is being stretched beyond capabilities)Coopetition with ELB8
Accelerating Web-based Applications
HTTP/1.1 is s l o wHTTP/1.1Many short-lived TCP connectionsAll subject to TCP slow startPotentially requiring SSL handshake per-sessionLimited concurrent downloads2-6 per domain (browser dependent)Lengthy text-based headersSame or very similar headers sent with many requests & responsesIts old (1999)WorkaroundsDomain shardingImage spriting & resource inliningImage sampling & conversionCookie-less domainsGeographic localisation (CDNs)10
7/5/2016Page 10 2012 Brocade Communications Systems, Inc. CONFIDENTIALFor Internal Use Only[Add Presentation Title: Insert tab > Header & Footer > Notes and Handouts]
Latency is the enemy not bandwidthDecreasing round trip times or reducing round trips improves performance11
Source: Mike Belshe & Ilya Grigorik, Google
HTTP/2 is faster than HTTP/1.xHTTP/2Single, longer-lived TCP connection per domainMultiplexing of content over single TCP connectionsMore efficient: headers Things to be aware ofMajor browsers require TLS for HTTP/2HTTP/2 & HTTP/1.1 can co-exist Does not improve single file transfersMany of the HTTP/1.x developer hacks are no longer required12
7/5/2016Page 12 2012 Brocade Communications Systems, Inc. CONFIDENTIALFor Internal Use Only[Add Presentation Title: Insert tab > Header & Footer > Notes and Handouts]
If a picture tells a thousand words
13vTM = Brocade Virtual Traffic ManagerELB = AWS Elastic Load Balancer
Page Load Time ComparisonsHTTP/2 vs HTTPS 1.1 for index.html + 96 small images
14Delay (ms)HTTP/2HTTPS 1.1Faster?0438 ms1,035 ms233%20618 ms1,590 ms257%50750 ms2,607 ms348%100837 ms3,484 ms416%2001,199 ms5,409 ms451%3001,435 ms7,971 ms555%
Note: Base latency of 35ms from a residence in Sydney to AWS Sydney
7/5/2016Page 14 2012 Brocade Communications Systems, Inc. CONFIDENTIALFor Internal Use Only[Add Presentation Title: Insert tab > Header & Footer > Notes and Handouts]
Backbone latency from Sydney, Australia15
150ms121ms100ms131ms300+ms163ms23ms12ms27ms46ms12ms229ms453ms467msMobile Latency2G 150-300ms3G 40-100ms4G 20ms
HTTP/2 readiness16Source: http://caniuse.com/#search=HTTP%2F2
Performance improvements with HTTP/2How can the ELB Sandwich design impact performance and visibility?17
External ELBin HTTPS mode. SNAT with XFFHTTP/2 GatewayInternal ELB
External ELBin TCP mode.SNAT with proxy protocol
HTTP 1.xHTTP 1.1HTTP 1.x & HTTP/2HTTP 1.1HTTP 1.x & HTTP/2HTTP 1.1HTTP/2
HTTP/2HTTP/2
Note: Proxy/gateway must support proxy protocol to interpret real client IPNote: Proxy/gateway sees the real client IP directlyNo External ELBClients talk directly to the proxy/gatewayElastic IP
Two More Examples18
TrafficScript ExamplesInvestigate Failed Client Connections:
2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY19# Let's look at each connection and see if it completed or not:$reasonCode = connection.getCompletionReasonCode();
# If the connection did not complete, lets include it in Traffic Managers# Recent Connections connection tracing table so we can investigate more thoroughlyif ( $reasonCode != "COMPLETE" ) { recentconns.include(); } # Or we could look into why the connection failed:$info = connection.getCompletionReasonInfo(); # And log the failure code and detailed description of why the connection failed:if( $info['iserror'] ) { log.info( "Transaction error detected. Code: " . $info['code'] . " Message: " . $info['message'] ); }
This rule is looking for any connection that dont complete properly and flags the connections to be recorded in the detailed transaction tracing engine on the Traffic Manager for further investigation.
We can also put an entry in the log file with details of what happened.
Connection Completion rules are also useful for flagging other types of problems for more detailed connection tracing, for example:- Log or Trace connections that took longer than 1000ms to complete;- Log con19
TrafficScript ExamplesTreat Platinum Frequent Flyers like Royalty:
2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY20# Let's extract the Frequent Flyer number from the URL$FFNumber = http.getFormParam("FFID");
# Let's look them up in a special web form to see what level Frequent Flyer they are:$FFLookup = http.request.get("http://fflookup.airline.com/ffLookup.php?FFID=".$FFNumber);
# If they are Platinum Frequent Flyer, let's roll out the Red Carpet:if(string.containsI($FFLookup, "platinum")){
# We have a dedicated pool of servers for Platinum Frequent Flyers: pool.select("pool_Platinum_FF");
# And apply a pair of special Bandwidth Classes so we dont slow them down # when the site is under load like everyone else: request.setBandwidthClass("BW_Platinum_FF_REQ"); response.setBandwidthClass("BW_Platinum_FF_RES");}
The http.request.get() function allows Traffic Manager to make an arbitrary connection to a remote HTTP service and do something with the reply. In this instance, you would get your application developers to expose an HTTP based query that allows the Traffic Manager to submit a FF number and get an HTTP response back with their FF Membership level.
We grab the FF number out of the customers login, look it up get their membership level.
Once we have this, we can apply different policies on the Traffic Manager like using a special pool or applying less restrictive bandwidth classes for example.20
Fix embedded contentProvide better scaleAccelerate your web-based applicationsADCs can help to:21
Title Goes Here7/5/2016Page 21 2015 Brocade Communications Systems, Inc. CONFIDENTIALFor Internal Use Only
How to try vADC
Download from http://brocade.com/vadc/Developer mode: 1Mbps throughput, all features availableUse free trial AMI available from the marketplace: https://goo.gl/iDZrGO Come talk to us!22
Fill out the feedback form and go in a draw to win a drone today.Drone to be Won Today!
Title Goes Here7/5/2016Page 23 2016 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY
Thank you
Title Goes Here7/5/2016Page 24 2015 Brocade Communications Systems, Inc. CONFIDENTIALFor Internal Use Only