Discussion:
enabling H2 slows down my webapp, how to use keep-alive on backend ssl connection?
PiBa-NL
2018-10-28 22:46:32 UTC
Permalink
Hi List,

When i enable H2 'alpn h2,http/1.1' on haproxy bind line with offloading
'mode http'. The overall loading of a web-application i use takes longer
than without. (Tried with 1.9-dev5 and previous versions)

The webapp loads around 25 objects of css/js/images on a page, and when
using H1 it uses 4 keep-alive connections to retrieve all objects.

However when enabling H2 on the frontend the connection to the webserver
(which itself is also made with SSL encryption) is made for every single
requested object i suspect this is the main reason for the slowdown, it
now needs to perform the ssl handshake on the backend 25 times.

Is this by (current) design? Is it planned/possible this will be changed
before 1.9 release?

Or is it likely my configuration / conclusion is wrong?

I've added a little vtc trying to simulate the behavior, it currently
fails on "---- s4    0.2 HTTP rx failed (fd:10 read: Connection reset by
peer)" while that is where the s4 server expects a second request over
its keep-alive connection. (assuming i wrote the test correctly..) While
it 'should' fail on the s3 server.

Regards,

PiBa-NL (Pieter)
Lukas Tribus
2018-10-29 15:39:40 UTC
Permalink
Hi,
Post by PiBa-NL
Hi List,
When i enable H2 'alpn h2,http/1.1' on haproxy bind line with offloading
'mode http'. The overall loading of a web-application i use takes longer
than without. (Tried with 1.9-dev5 and previous versions)
The webapp loads around 25 objects of css/js/images on a page, and when
using H1 it uses 4 keep-alive connections to retrieve all objects.
However when enabling H2 on the frontend the connection to the webserver
(which itself is also made with SSL encryption) is made for every single
requested object i suspect this is the main reason for the slowdown, it
now needs to perform the ssl handshake on the backend 25 times.
Is this by (current) design? Is it planned/possible this will be changed
before 1.9 release?
Yes and yes, this is what will be fixed be the native HTTP
representation (codenamed HTX), hopefully this is something we will be
able to play with in 1.9-dev6.


Regards,
Lukas
PiBa-NL
2018-10-29 19:16:29 UTC
Permalink
Hi Lukas,
Post by Lukas Tribus
Hi,
Post by PiBa-NL
Hi List,
When i enable H2 'alpn h2,http/1.1' on haproxy bind line with offloading
'mode http'. The overall loading of a web-application i use takes longer
than without. (Tried with 1.9-dev5 and previous versions)
The webapp loads around 25 objects of css/js/images on a page, and when
using H1 it uses 4 keep-alive connections to retrieve all objects.
However when enabling H2 on the frontend the connection to the webserver
(which itself is also made with SSL encryption) is made for every single
requested object i suspect this is the main reason for the slowdown, it
now needs to perform the ssl handshake on the backend 25 times.
Is this by (current) design? Is it planned/possible this will be changed
before 1.9 release?
Yes and yes, this is what will be fixed be the native HTTP
representation (codenamed HTX), hopefully this is something we will be
able to play with in 1.9-dev6.
Regards,
Lukas
I wasn't sure if the H1 keep-alive connection on backend was supposed to
work already (coming through a H2 frontend).
Ill give it another try with dev6 or above.

Thanks for your confirmation that this part is still a work in progress :).

Regards,
PiBa-NL (Pieter)
Igor Cicimov
2018-10-29 22:55:17 UTC
Permalink
Hi Lukas,
Post by Lukas Tribus
Hi,
Post by PiBa-NL
Hi List,
When i enable H2 'alpn h2,http/1.1' on haproxy bind line with offloading
'mode http'. The overall loading of a web-application i use takes longer
than without. (Tried with 1.9-dev5 and previous versions)
The webapp loads around 25 objects of css/js/images on a page, and when
using H1 it uses 4 keep-alive connections to retrieve all objects.
However when enabling H2 on the frontend the connection to the webserver
(which itself is also made with SSL encryption) is made for every single
requested object i suspect this is the main reason for the slowdown, it
now needs to perform the ssl handshake on the backend 25 times.
Is this by (current) design? Is it planned/possible this will be changed
before 1.9 release?
Yes and yes, this is what will be fixed be the native HTTP
representation (codenamed HTX), hopefully this is something we will be
able to play with in 1.9-dev6.
Regards,
Lukas
Is this the case with 1.8 also atm?
Lukas Tribus
2018-10-29 23:15:19 UTC
Permalink
On Mon, 29 Oct 2018 at 23:55, Igor Cicimov
Post by Igor Cicimov
Post by Lukas Tribus
Post by PiBa-NL
However when enabling H2 on the frontend the connection to the webserver
(which itself is also made with SSL encryption) is made for every single
requested object i suspect this is the main reason for the slowdown, it
now needs to perform the ssl handshake on the backend 25 times.
Is this by (current) design? Is it planned/possible this will be changed
before 1.9 release?
Yes and yes, this is what will be fixed be the native HTTP
representation (codenamed HTX), hopefully this is something we will be
able to play with in 1.9-dev6.
Regards,
Lukas
Is this the case with 1.8 also atm?
Yes, and 1.8 will stay that way, this is not backport material.


Lukas
Igor Cicimov
2018-10-29 23:16:57 UTC
Permalink
Post by Lukas Tribus
On Mon, 29 Oct 2018 at 23:55, Igor Cicimov
Post by Igor Cicimov
Post by Lukas Tribus
Post by PiBa-NL
However when enabling H2 on the frontend the connection to the
webserver
Post by Igor Cicimov
Post by Lukas Tribus
Post by PiBa-NL
(which itself is also made with SSL encryption) is made for every
single
Post by Igor Cicimov
Post by Lukas Tribus
Post by PiBa-NL
requested object i suspect this is the main reason for the slowdown,
it
Post by Igor Cicimov
Post by Lukas Tribus
Post by PiBa-NL
now needs to perform the ssl handshake on the backend 25 times.
Is this by (current) design? Is it planned/possible this will be
changed
Post by Igor Cicimov
Post by Lukas Tribus
Post by PiBa-NL
before 1.9 release?
Yes and yes, this is what will be fixed be the native HTTP
representation (codenamed HTX), hopefully this is something we will be
able to play with in 1.9-dev6.
Regards,
Lukas
Is this the case with 1.8 also atm?
Yes, and 1.8 will stay that way, this is not backport material.
Lukas
:-(

Loading...