Embed Size (px)
Citation preview
Putting the Network to WorkManish Vachharajani
Senior Architect, F5 Networks
© F5 Networks, Inc 2
The Internet
Servers
Your App vs. the Network
Devices
Users
© F5 Networks, Inc 3
The Internet
• Limited Bandwidth
• Long Round Trip Times (RTT, aka Ping Time)
• Poor protocol and web browser interactions
Your App vs. the Network (2)
Devices
Users
Servers
Router Firewall
© F5 Networks, Inc 4
High Performance Websites in One Slide• Avoid Render Blocking by Scripts
• Avoid Render Blocking by CSS
• Minify HTML
• Minify Javascript
• Minify CSS
• Optimize Images
• Avoid Landing Page Redirects
• Prioritize Visible Content
• Leverage Browser Caching
• Reduce Server Response Time
• Optimize TCP for client networks
• Route clients to the best datacenter
• Use SSL False start
• Enable SSL Reuse
• Use OCSP stapling
• Use HSTS
© F5 Networks, Inc 5
• Web Page Test (www.webpagetest.org)
Network Waterfall Timing Diagram
© F5 Networks, Inc 6
Javascript and the Network
© F5 Networks, Inc 7
Transport CompressionAfter compression
Before Compression
INCREASED LATENCY
1.5 seconds faster
© F5 Networks, Inc 8
CSS and the Network
© F5 Networks, Inc 9
Images, other External Resources and the Network
150 KB IMAGES
CSS CASCADE
© F5 Networks, Inc 10
Semantic Compression – Minification and JPGPNG IS BETTER
JPG IS BETTER
UGLIFYCSS, …
UGLIFYJS, …
© F5 Networks, Inc 11
Inlining Content GROSS!
BUT EFFECTIVE!
• SPDY AND HTTP/2.0 RESOLVE CONNECTION BLOCKING WITH MULTIPLE STREAMS PER CONNECTION
© F5 Networks, Inc 12
• RTT is primarily controlled by ISP infrastructure
• Cannot reduce RTT• Except by moving TCP end points closer to the client• CDN, proper DNS resolution to closest datacenter
RTT and Connection Establishment
Client
ServerSYN
SYN/ACK
ACK
HTTP Request
Speed Of Light, NY to London is 28 ms
1.5 RTT = 84ms
56 ms
© F5 Networks, Inc 13
Now add TLS/SSL
Client
ServerSYN
SYN/ACK
ACK/Client Hello
224 msServer Hello/Cert/etc.
ClientKeyExchange/Ciphers
Ciphers
HTTP Request
© F5 Networks, Inc 14
• Score your site: https://www.ssllabs.com/ssltest/
• See istlsfastyet.com for suggestions• Session resumption (i.e., reuse, caching ok, tickets preferred) reduces
RTs• To 168 ms in prior example (1 RT)
• SSL False Start• Concurrently transmit application data with ClientKeyExchange• Overlaps application data transfer with session establishment,
hiding latency• Early Termination• Terminate connections closer to the end client
• OCSP Stapling• Eliminate network traffic for client to validate server certificate
• HTTP Strict Transport Security• Avoid HTTP to HTTPS redirect on subsequent visits
Optimize SSL
Lots of Other Stuff
There are dozens of talks about how to best do each of these things, and avoid the problems. There are other effects and optmizations I have not even discussed here, and are not covered by Google Page Speed and other tools
© F5 Networks, Inc 16
The Internet
F5 BIG IP
Devices
Users
Servers
DNS, Firewall, Load Balancing, Content Optimization, TCP
optimization, SSL Acceleration, …
BIG-IP Platform
© F5 Networks, Inc 17
BIG IP Examples
Devices
Servers
DNS, Firewall, Load Balancing, Content Optimization, TCP
optimization, SSL Acceleration, …
BIG-IP Platform
The Internet
GET /index.html HTTP/1.1 GET /index.html HTTP/1.1
GET /index.css HTTP/1.1
GET /index.js HTTP/1.1
Returns minified index.html minified inlined index.css, inlined imports inlined and minified index.js inlined images, etc. (inlining, minification configurable)
• TCP OPTIMIZED• SSL OPTIMIZED• CACHE HEADERS ADDED• OPTIONAL CACHING• URL REWRITING (CDN,
ETC.)• SPDY, HTTP/2.0• …
© F5 Networks, Inc 18
• Hardware, Virtual Machine, Cloud Marketplace• VMWare, Xen, KVM, and AWS Marketplace, BYOL in other clouds• More deployment options going forward
BIG IP Form Factors and Availability
© F5 Networks, Inc 19
• Node.js in the datapath• Bare Metal or VM (high performance or high density)• Fully automated deployment via true REST API• Download and buy at linerate.f5.com
LineRate
Booth #508
