Manual Chapter : Managing HTTP Traffic with the HTTP2 Profile

Applies To:

Show Versions Show Versions

BIG-IP AAM

  • 14.1.3, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0

BIG-IP APM

  • 14.1.3, 14.1.2, 14.0.1, 14.0.0, 13.1.5, 13.1.4, 13.1.3, 13.1.1, 13.1.0, 13.0.1, 13.0.0
Manual Chapter

Overview: Managing HTTP traffic with the HTTP2 profile

You can configure a virtual server with the BIG-IP® Local Traffic Manager™ (LTM®) HTTP/2 profile to provide gateway functionality for HTTP 2.0 traffic, minimizing the latency of requests by multiplexing streams and compressing headers.

You can configure the BIG-IP® Acceleration HTTP/2 profile to provide full-proxy functionality for HTTP 2.0 traffic, minimizing the latency of requests by multiplexing streams and compressing headers.

Important: The BIG-IP system supports HTTP/2 for client-side traffic only. More specifically, when client-side HTTP traffic reaches a virtual server with an HTTP/2 profile assigned to it, the BIG-IP system sends the server-side traffic to the pool members over HTTP/1.1.

A client initiates an HTTP/2 request to the BIG-IP system, the HTTP/2 virtual server receives the request on port 443, and sends the request to the appropriate server. When the server provides a response, the BIG-IP system compresses and caches it, and sends the response to the client.

Note: Source address persistence is not supported by the HTTP/2 profile.

Summary of HTTP/2 profile functionality

By using the HTTP/2 profile, the BIG-IP system provides the following functionality for HTTP/2 requests.

Creating concurrent streams for each connection.
You can specify the maximum number of concurrent HTTP requests that are accepted on a HTTP/2 connection. If this maximum number is exceeded, the system closes the connection.
Limiting the duration of idle connections.
You can specify the maximum duration for an idle HTTP/2 connection. If this maximum duration is exceeded, the system closes the connection.
Enabling a virtual server to process HTTP/2 requests.
You can configure the HTTP/2 profile on the virtual server to receive HTTP and HTTP/2 traffic, or to receive only HTTP/2 traffic, based in the activation mode you select. (Note the HTTP/2 profile to receive only HTTP/2 traffic is primarily intended for troubleshooting.)
Inserting a header into the request.
You can insert a header with a specific name into the request. The default name for the header is X-HTTP/2.
Important: The HTTP/2 protocol is incompatible with NTLM protocols. Do not use the HTTP/2 protocol with NTLM protocols.

Task summary

About HTTP/2 profiles

The BIG-IP® system includes an HTTP/2 profile type that you can use to manage HTTP/2 traffic, improving the efficiency of network resources while reducing the perceived latency of requests and responses. The LTM HTTP/2 profile enables you to achieve these advantages by multiplexing streams and compressing headers with Transport Layer Security (TLS) or Secure Sockets Layer (SSL) security.

The BIG-IP® system's Acceleration functionality includes an HTTP/2 profile type that you can use to manage HTTP/2 traffic, improving the efficiency of network resources while reducing the perceived latency of requests and responses. The Acceleration HTTP/2 profile enables you to achieve these advantages by multiplexing streams and compressing headers with Transport Layer Security (TLS) or Secure Sockets Layer (SSL) security.

Important: The BIG-IP system supports HTTP/2 for client-side traffic only. More specifically, when client-side HTTP traffic reaches a virtual server with an HTTP/2 profile assigned to it, the BIG-IP system sends the server-side traffic to the pool members over HTTP/1.1.

The HTTP/2 protocol uses a binary framing layer that defines a frame type and purpose in managing requests and responses. The binary framing layer determines how HTTP messages are encapsulated and transferred between the client and server, a significant benefit of HTTP 2.0 when compared to earlier versions.

All HTTP/2 communication occurs by means of a connection with bidirectional streams. Each stream includes messages, consisting of one or more frames, that can be interleaved and reassembled using the embedded stream identifier within each frame's header. The HTTP/2 profile enables you to specify a maximum frame size and write size, which controls the total size of combined data frames, to improve network utilization.

Multiplexing streams

You can use the HTTP/2 profile to multiplex streams (interleaving and reassembling the streams), by specifying a maximum number of concurrent streams permitted for a single connection.

Additionally, you can specify the way that the HTTP/2 profile controls the flow of streams. The Receive Window setting allows HTTP/2 to stall individual upload streams, as needed. For example, if the BIG-IP system is unable to process a slow stream on a connection, but is able to process other streams on the connection, it can use the Receive Window setting to specify a frame size for the slow stream, thus delaying that upload stream until the size is met and the receiver is able to process it, while concurrently proceeding to process frames for another stream.

Compressing headers

When you configure the HTTP/2 profile's Header Table Size setting, you can compress HTTP headers to conserve bandwidth. Compressing HTTP headers reduces the object size, which reduces required bandwidth. For example, you can specify a larger table value for better compression, but at the expense of using more memory.

HTTP/2 profile settings

This table provides descriptions of the HTTP/2 profile settings.

Setting Default Description
Name   Specifies the name of the HTTP/2 profile.
Parent Profile http2 Specifies the profile that you want to use as the parent profile. Your new profile inherits all settings and values from the parent profile specified.
Concurrent Streams Per Connection 10 Specifies the number of concurrent requests allowed to be outstanding on a single HTTP/2 connection.
Connection Idle Timeout 300 Specifies the number of seconds an HTTP/2 connection is left open idly before it is closed.
Insert Header Disabled Specifies whether an HTTP header that indicates the use of HTTP/2 is inserted into the request sent to the origin web server.
Insert Header Name X-HTTP/2 Specifies the name of the HTTP header controlled by the Insert Header Name setting.
Activation Modes Select Modes Specifies how a connection is established as a HTTP/2 connection.
Selected Modes ALPN NPN Used only with an Activation Modes selection of Select Modes, specifies the extension used in the HTTP/2 profile. The order of the extensions in the Selected Modes Enabled list ranges from most preferred (first) to least preferred (last). Clients typically use the first supported extension. At least one HTTP/2 mode must be included in the Enabled list. The values ALPN and NPN specify that the TLS Application Layer Protocol Negotiation (ALPN) and Next Protocol Negotiation (NPN) will be used. Clients that use TLS, but only support HTTP will work as if HTTP/2 is not present. The value Always specifies that all connections function as HTTP/2 connections. Selecting Always in the Activation Mode list is primarily intended for troubleshooting.
Receive Window 32 Specifies the receive window, which is HTTP/2 protocol functionality that controls flow, in KB. The receive window allows the HTTP/2 protocol to stall individual upload streams when needed.
Frame Size 2048 Specifies the size of the data frames, in bytes, that the HTTP/2 protocol sends to the client. Larger frame sizes improve network utilization, but can affect concurrency.
Write Size 16384 Specifies the total size of combined data frames, in bytes, that the HTTP/2 protocol sends in a single write function. This setting controls the size of the TLS records when the HTTP/2 protocol is used over Secure Sockets Layer (SSL). A large write size causes the HTTP/2 protocol to buffer more data and improves network utilization.
Header Table Size 4096 Specifies the size of the header table, in KB. The HTTP/2 protocol compresses HTTP headers to save bandwidth. A larger table size allows better compression, but requires more memory.

Creating a pool to manage HTTPS traffic

You can create a pool (a logical set of devices, such as web servers, that you group together to receive and process HTTPS traffic) to efficiently distribute the load on your server resources.
  1. On the Main tab, click Local Traffic > Pools .
    The Pool List screen opens.
  2. Click Create.
    The New Pool screen opens.
  3. In the Name field, type a unique name for the pool.
  4. For the Health Monitors setting, assign https or https_443 by moving it from the Available list to the Active list.
  5. From the Load Balancing Method list, select how the system distributes traffic to members of this pool.
    The default is Round Robin.
  6. For the Priority Group Activation setting, specify how to handle priority groups:
    • Select Disabled to disable priority groups. This is the default option.
    • Select Less than, and in the Available Members field type the minimum number of members that must remain available in each priority group in order for traffic to remain confined to that group.
  7. Use the New Members setting to add each resource that you want to include in the pool:
    1. In the Address field, type an IP address.
    2. In the Service Port field type 443 , or select HTTPS from the list.
    3. (Optional) Type a priority number in the Priority field.
    4. Click Add.
  8. Click Finished.
The HTTPS load balancing pool appears in the Pool List screen.

Creating a virtual server to manage HTTP traffic

You can create a virtual server to manage HTTP traffic redirected from an HTTP/2 virtual server.
  1. On the Main tab, click Local Traffic > Virtual Servers .
    The Virtual Server List screen opens.
  2. Click the Create button.
    The New Virtual Server screen opens.
  3. In the Name field, type a unique name for the virtual server.
  4. In the Destination Address field, type the IP address in CIDR format.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is 10.0.0.1 or 10.0.0.0/24, and an IPv6 address/prefix is ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP® system automatically uses a /32 prefix.
    Note: The IP address for this field needs to be on the same subnet as the external self-IP.
  5. In the Service Port field, type 443 or select HTTPS from the list.
  6. From the HTTP Profile list, select http.
  7. For the SSL Profile (Client) setting, from the Available list, select clientssl, and using the Move button, move the name to the Selected list.
  8. In the Resources area of the screen, from the Default Pool list, select the relevant pool name.
  9. Click Finished.
The HTTP virtual server is now available with the specified settings.

Creating an HTTP/2 profile

You can create an HTTP/2 profile for a virtual server, which responds to clients that send HTTP/2 requests.
  1. On the Main tab, click Local Traffic > Profiles > Services > HTTP/2 .
    The HTTP/2 profile list screen opens.
  2. On the Main tab, click Acceleration > Profiles > HTTP/2 .
    The HTTP/2 profile list screen opens.
  3. Click Create.
    The New HTTP/2 Profile screen opens.
  4. In the Name field, type a unique name for the profile.
  5. From the Configuration list, select Advanced.
  6. Select the Custom check box.
  7. In the Concurrent Streams Per Connection field, type the number of concurrent connections to allow on a single HTTP/2 connection.
  8. In the Connection Idle Timeout field, type the number of seconds that a HTTP/2 connection is left open idly before it is closed.
  9. Optional: From the Insert Header list, select Enabled to insert a header name into the request sent to the origin web server.
  10. Optional: In the Insert Header Name field, type a header name to insert into the request sent to the origin web server.
  11. From the Activation Modes list, accept the default enabled modes.
  12. In the Selected Modes setting, select the protocol modes that you want to enable.
    Option Description
    All Modes Enabled Enables all supported protocol versions: HTTP/2 and HTTP1.1.
    Select Modes Enables one or more specific protocol versions that you specify. For the Selected Modes setting, select a protocol entry in the Available field, and move the entry to the Selected field using the Move button.
  13. From the Priority Handling list, select how the HTTP/2 profile handles priorities of concurrent streams within the same connection.
    Option Description
    Strict Processes higher priority streams to completion before processing lower priority streams.
    Fair Enables higher priority streams to use more bandwidth than lower priority streams, without completely blocking the lower priority streams.
  14. In the Receive Window field, type the flow-control size for upload streams, in KB.
  15. In the Frame Size field, type the size of the data frames, in bytes, that the HTTP/2 protocol sends to the client.
  16. In the Write Size field, type the total size of combined data frames, in bytes, that the HTTP/2 protocol sends in a single write function.
  17. In the Header Table Size field, type the size of the header table, in KB, for the HTTP headers that the HTTP/2 protocol compresses to save bandwidth.
  18. Click Finished.
An HTTP/2 profile is now available with the specified settings.

Creating a virtual server to manage HTTP/2 traffic

You can create a virtual server to manage HTTP/2 traffic.
Important: Do not use the HTTP/2 protocol with NTLM protocols as they are incompatible.
  1. On the Main tab, click Local Traffic > Virtual Servers .
    The Virtual Server List screen opens.
  2. Click the Create button.
    The New Virtual Server screen opens.
  3. In the Name field, type a unique name for the virtual server.
  4. In the Destination Address field, type the IP address in CIDR format.
    The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is 10.0.0.1 or 10.0.0.0/24, and an IPv6 address/prefix is ffe1::0020/64 or 2001:ed8:77b5:2:10:10:100:42/64. When you use an IPv4 address without specifying a prefix, the BIG-IP® system automatically uses a /32 prefix.
    Note: The IP address you type must be available and not in the loopback network.
  5. In the Service Port field, type 443 or select HTTPS from the list.
  6. From the HTTP Profile list, select http.
  7. For the SSL Profile (Client) setting, from the Available list, select clientssl, and using the Move button, move the name to the Selected list.
  8. From the Acceleration list, select Advanced.
  9. From the HTTP/2 Profile list, select http2, or a user-defined HTTP/2 profile.
  10. From the Default Pool list, select a pool that is configured for an HTTP/2 profile.
  11. Click Finished.
The HTTP/2 virtual server is now ready to manage HTTP/2 traffic.