Support for HTTP/2 on Avi Vantage

Overview

HTTP/2 is the latest version of HTTP and developed over HTTP 1.1. HTTP/2 was originally named as HTTP/2.0. HTTP/2 is a binary protocol, while HTTP 1.1 is a text protocol. The main advantage of using HTTP/2 is to enable full request and response multiplexing, which leads to a reduction in request-response latency. Even with these new features, HTTP/2 still maintains the high-level syntax of HTTP 1.1, such as methods, status codes, header fields, and URIs. The essential difference is how the data is framed and transmitted or received between the client and the server.

The following are the benefits of HTTP/2 over HTTP 1.1.

  • Request and Response Multiplexing – With HTTP/1.1, if a client needs to send multiple parallel requests, it opens multiple TCP connections. Even with pipelining, this leads to head-of-line blocking. With HTTP/2, multiple requests can be broken into frames which can be interleaved; the remote end is capable of reassembling them. In practice, clients may still open multiple connections, but the number of connections is not as many as in HTTP/1.1.
  • Server Push – This is a new feature available in HTTP/2 that allows a server to send multiple resources in response to a client request without the client explicitly sending a request for each of these resources. This is done by anticipating the resources that will be subsequently requested by the client. This reduces latency otherwise introduced by waiting for each request to serve the resource. In HTTP/1.1, applications try to work around this by inlining the resource. With HTTP/2, the client caches the resource, reuses it across pages, and uses multiplexing along other resources.
  • Flow control – HTTP/2 provides flow control at the application layer level by not allowing any one end to overwhelm the other side, by using window sizes.
  • Header Compression – In HTTP/1.1, each header in the request is sent as text. In HTTP/2, the header compresses request and response header metadata using HPACK compression format, reducing the transmitted header size.
  • Stream Prioritization – Since the HTTP messages are sent as frames and the frames from different streams can be interleaved, HTTP/2 can specify priorities for streams; all frames received can be accordingly prioritized based on their stream priorities.

Notes:

  • Starting with 18.1.2 release, Avi Vantage supports HTTP/2 on the client-side and over SSL only. Any HTTP/2 request received on an SSL-enabled port of an HTTP/2-enabled virtual service will be translated to an HTTP/1.1 request before being sent to the back-end server. The HTTP/1.1 response received from the back-end server will be translated to its corresponding HTTP/2 form before being relayed to the client.
  • Starting with 18.1.5 release, Server Name Indication (SNI) can be used in concert with HTTP/2. For HTTP/2 support in SNI VIP(parent-child virtual service), the HTTP/2 option should be enabled on the application profile of the parent virtual service.

Supported methods and modes for HTTP/2 on Avi Vantage

  • HTTP over TLS or HTTP over SSL:
    Avi Vantage supports HTTP over TLS, or HTTP over SSL method for all HTTP/2 requests. This method uses TLS version 1.2 or later. HTTP upgrade method is not supported for HTTP/2 requests coming on Avi Vantage. The upgrade method supports requests over non-SSL ports. Avi Vantage does not change HTTP 1.1 GET requests to HTTP/2 GET requests.

  • All settings and options available for HTTP Setting are also available for HTTP/2-enabled virtual services. HTTP features, for example, HTTP policy, DataScripts, HTTP-timeout setting, etc. are supported for HTTP/2 requests as well.

  • Prior to release 18.1.3 – For POST requests to HTTP/2-enabled virtual services, only buffered mode is supported and the POST body size is restricted to 32 MB. Avi Vantage uses buffered mode even if the Enable Request Body Buffering option is not enabled for the HTTP profile.

    Starting with release 18.1.3 – For POST requests to HTTP/2-enabled virtual services, both buffered and streaming modes are supported. Streaming mode is inferred if the Enable Request Body Buffering option is not enabled for the HTTP profile.

    If the buffered option is enabled, the maximum buffer size for POST requests is set to the lower of 32 MB or the configured values under the Client Post Body Size option.

    To enable or disable the checkbox for Enable Request Body Buffering, navigate to Applications > Virtual Services, select the required virtual services. Select the edit icon for the Application Profile option, available under the Profiles section, and the option for Enable Request Body Buffering is available under the DDOS tab.

    edit-application-profile

    buffering

Note: Starting with Avi Vantage release 18.1.3, WAF and HTTP/2 can be enabled simultaneously for a virtual service.

Use Cases

  • Workarounds used for HTTP 1.1, to make browsers compatible with HTTP/2, are no longer required.
  • All the browsers which use HTTP/2 can be now be deployed on Avi Vantage.

Configuration

Configuration through Avi UI

The checkbox for Enable HTTP2 option is available on the Avi UI under the Application Profile section. To enable this feature, navigate to Applications > Virtual Services, select the desired virtual service, and select the edit option. Navigate to Application Profile under the Profiles section, select the edit option, and enable the checkbox for Enable HTTP2 option available under the HTTP Setting option.

enable

Note:
If an HTTP-enabled virtual service is configured for both SSL and non-SSL ports, all requests on SSL ports will be HTTP/2, and the requests on non-SSL ports will use HTTP 1.1. For example, if an HTTP-enabled virtual service is configured for ports, 9000 and 9443 (SSL), then the requests coming over port 9000 will be HTTP 1.1, and the requests coming over 9443 port will be HTTP/2.

Configuration through Avi CLI

HTTP/2 for an application profile is enabled through the Avi CLI using the http2enabled option under the http-profile option.

Login to the Avi CLI and enter into shell mode. Use the configure applicationprofile <application-profile-name> mode and press Enter.


admin@10-70-80-10:~$ shell
Login: admin
Password:

[admin:10-1-1-1]: > configure applicationprofile <application-profile-name>
  • Use the http-profile command and press Enter.

[admin:10-1-1-1]: applicationprofile > http-profile
[admin:10-1-1-1]: applicationprofile:http_profile>
  • Use the http2enables command to enable HTTP/2 for the selected application profile.

[admin:10-1-1-1]: applicationprofile:http_profile> http2enabled

Logs

Using Avi UI

Avi Vantage’s application logs display the HTTP version in the request as HTTP/2.0. Navigate to Applications > Virtual Services, select the desired virtual service, and navigate to Logs tab to check logs. In the below screenshot, Avi Vantage is exhibiting GET method as HTTP/2. logs

Similarly, errors related to HTTP/2 requests and response can be checked under the Significant logs as well.

Using Avi CLI

The following are the few counters available for the HTTP/2 feature which can be used during troubleshooting.

  • Request handled error
  • Response codes (2xx, 3xx, 4xx, and 5xx)
  • Protocol errors
  • Flow-control error
  • Frame size errors
  • Compression errors
  • Refused Stream errors

The show virtualservice virtualservice-1 detail command of the Avi CLI provides the available counters for the HTTP/2 method.


[admin:10-70-80-10]: > show virtualservice <virtual service name> detail

|     cache_bytes                         | 0                                       |
|     http2_requests_handled              | 2                                       |
|     http2_response_2xx                  | 2                                       |
|     http2_response_3xx                  | 0                                       |
|     http2_response_4xx                  | 0                                       |
|     http2_response_5xx                  | 0                                       |
|     http2_protocol_errors               | 0                                       |
|     http2_flow_control_errors           | 0                                       |
|     http2_frame_size_errors             | 0                                       |
|     http2_compression_errors            | 0                                       |
|     http2_refused_stream_errors         | 0                                       |
|     http2_enhance_your_calm             | 0                                       |
|     http2_miscellaneous_errors          | 0