Review of the "ELB Sandwich" design - Is it always best to design? - How can it impact performance, security & complexity? Accelerating web-based applications - Why HHP/2 is so much faster than HTTP 1.1 - Implementing HTTP/2 without changing your webservers. - Simplifying certain SSL designs & lowering recurring costs. - Solving unexpected application problems with ADCs. * Presented at the Sydney AWS Meetup session 6th July 2016 http://www.meetup.com/AWS-Sydney/ Hosted and organised by PolarSeven - http://polarseven.com

1. Accelerating applications in
AWS with HTTP/2

2. Fill out the feedback form
and go in a draw to win a
drone today.
Drone to be Won Today!

3. Agenda
• Who are Brocade
(and why are we at an AWS focused event?)
• Accelerating web-based applications using HTTP/2
• How to try out this stuff
3

4. Brocade and vADC

5. Brocade
Not just a storage connectivity company any more…
• Focused on datacentre products: virtualised, software defined, or
hardware
• Acquired Vyatta, Inc. (2012)
• Acquired SteelApp from Riverbed (2015), subsequently relabelled
vADC
‒ Formerly known as Stingray
‒ Formerly known as Zeus Traffic Manager
(It’s had a few names)
5

6. Why vADC?
Hundreds of reasons to consider; here’s a few:
• TLS 1.2 support
• SNI support
• HTTP/2 (with proxying to
HTTP/1.1 if required)
• Compression
• Multi-provider cloud/hybrid
cloud
• Integrated WAF
• Compression
• DIY CDN – with flexibility (S3
frontend)
• Inline content manipulation
• etc…
6

7. vADC Architecture
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 7
Request
Response
SSL Decryption
Service Protection
TCP Offload
Rate Shaping
ApplicationFirewall
Content Compression
HTTP Caching
TCP Offload
Service Level
Monitoring
Bandwidth Shaping
Transaction Logging
ApplicationFirewall
Pool
(Server Connections)
VirtualServer
(Client Connections)
Load Balancing
Session Persistence
Bandwidth Shaping
SSL Encryption
HTTP Multiplexing
ConcurrencyControl
ApplicationAuto-
Scaling
Health Monitors
Request Rules
Rule Builder
TrafficScript
Java
Response Rules
Rule Builder
TrafficScript
Java
Completion Rules
TrafficScript
Web / Application
Servers

8. (Amazon themselves have brought us in where ELB is being
stretched beyond capabilities)
Coopetition with ELB

9. Accelerating Web-based Applications

10. HTTP/1.1 is s l o w
HTTP/1.1
‒ Many short-lived TCP
connections
• All subject to TCP slow start
• Potentially requiring SSL handshake per-
session
‒ Limited concurrent downloads
• 2-6 per domain (browser dependent)
‒ Lengthy text-based headers
• Same or very similar headers sent with
many requests & responses
‒ It’s old (1999)
Workarounds
‒ Domain sharding
‒ Image spriting & resource inlining
‒ Image sampling & conversion
‒ Cookie-less domains
‒ Geographic localisation (CDNs)
10

11. Latency is the enemy – not bandwidth
Decreasing round trip times or reducing round trips improves performance
11
Source: Mike Belshe & Ilya Grigorik, Google

12. HTTP/2 is faster than HTTP/1.x
HTTP/2
‒ Single, longer-lived TCP
connection per domain
‒ Multiplexing of content over
single TCP connections
‒ More efficient: headers
Things to be aware of
‒ Major browsers require TLS for
HTTP/2
‒ HTTP/2 & HTTP/1.1 can co-exist
‒ Does not improve single file
transfers
‒ Many of the HTTP/1.x developer
hacks are no longer required
12

13. If a picture tells a thousand words…
13
vTM = Brocade Virtual Traffic Manager
ELB = AWS Elastic Load Balancer

14. Page Load Time Comparisons
HTTP/2 vs HTTPS 1.1 for index.html + 96 small images
14
Delay (ms) HTTP/2 HTTPS 1.1 Faster?
0 438 ms 1,035 ms 233%
20 618 ms 1,590 ms 257%
50 750 ms 2,607 ms 348%
100 837 ms 3,484 ms 416%
200 1,199 ms 5,409 ms 451%
300 1,435 ms 7,971 ms 555%
Note: Base latency of 35ms from a residence in Sydney to AWS Sydney

15. Backbone latency from Sydney, Australia
15
150ms
121ms
100ms
131ms
300+ms
163ms
23ms
12ms
27ms
46ms
12ms
229ms
453ms
467ms
Mobile Latency
2G 150-300ms
3G 40-100ms
4G 20ms

16. HTTP/2 readiness
16
Source: http://caniuse.com/#search=HTTP%2F2

17. Performance improvements with HTTP/2
How can the ELB Sandwich design impact performance and visibility?
17
External ELB
in HTTPS mode. SNAT
with XFF
HTTP/2 Gateway
Internal ELB
External ELB
in TCP mode.
SNAT with proxy protocol
HTTP 1.x
HTTP 1.1
HTTP 1.x & HTTP/2
HTTP 1.1
HTTP 1.x & HTTP/2
HTTP 1.1
HTTP/2 HTTP/2 HTTP/2
Note: Proxy/gateway must
support proxy protocol to
interpret real client IP
Note: Proxy/gateway sees the
real client IP directly
No External ELB
Clients talk directly to the
proxy/gateway
Elastic IP

18. Two More Examples
18

19. TrafficScript Examples
• Investigate Failed Client Connections:
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 19
# Let's look at each connection and see if it completed or not:
$reasonCode = connection.getCompletionReasonCode();
# If the connection did not complete, let’s include it in Traffic Manager’s
# “Recent Connections” connection tracing table so we can investigate more thoroughly
if ( $reasonCode != "COMPLETE" ) {
recentconns.include();
}
# Or we could look into why the connection failed:
$info = connection.getCompletionReasonInfo();
# And log the failure code and detailed description of why the connection failed:
if( $info['iserror'] ) {
log.info( "Transaction error detected. Code: " .
$info['code'] . " Message: " .
$info['message']
);
}

20. TrafficScript Examples
• Treat Platinum Frequent Flyers like Royalty:
© 2015 BROCADE COMMUNICATIONS SYSTEMS, INC. INTERNAL USE ONLY 20
# Let's extract the Frequent Flyer number from the URL
$FFNumber = http.getFormParam("FFID");
# Let's look them up in a special web form to see what level Frequent Flyer they are:
$FFLookup = http.request.get("http://fflookup.airline.com/ffLookup.php?FFID=".$FFNumber);
# If they are Platinum Frequent Flyer, let's roll out the Red Carpet:
if(string.containsI($FFLookup, "platinum")){
# We have a dedicated pool of servers for Platinum Frequent Flyers:
pool.select("pool_Platinum_FF");
# And apply a pair of special Bandwidth Classes so we don’t slow them down
# when the site is under load like everyone else:
request.setBandwidthClass("BW_Platinum_FF_REQ");
response.setBandwidthClass("BW_Platinum_FF_RES");
}

21. • Fix embedded content
• Provide better scale
• Accelerate your web-based applications
ADCs can help to:

22. How to try vADC
• Download from http://brocade.com/vadc/
‒ Developer mode: 1Mbps throughput, all features available
• Use free trial AMI available from the marketplace:
https://goo.gl/iDZrGO
• Come talk to us!
22

23. Fill out the feedback form
and go in a draw to win a
drone today.
Drone to be Won Today!

24. Thank you