HTTP/2 configuration
Note:The HTTP/2 functionality is supported on the Citrix ADC MPX, VPX, and SDX models. In a Citrix ADC VPX appliance, the HTTP/2 functionality is supported from Citrix ADC version 11.0 onwards.
The problem with web application performance is directly related to the trend toward increasing the page size and the number of objects on the webpages. HTTP/1.1 was developed to support smaller webpages, slower Internet connections, and more limited server hardware than are common today. It is not suitable for new technologies such as JavaScript and cascading style sheets (CSS) or new media types such as Flash videos and graphics-rich images. This is because it can request only one resource per connection to the server. The limitation significantly increases the number of round trips, causing longer page-rendering and reduced network performance.
The HTTP/2 protocol addresses these limitations by allowing communication to occur with less data transmitted over the network, and providing the ability to send multiple requests and responses across a single connection. At its core, HTTP/2 addresses the key limitations of HTTP/1.1 by using the underlying network connections more efficiently. It changes the way requests and responses travel over the network.
HTTP/2 is a binary protocol. It is more efficient to parse, more compact on the wire, and most importantly, it is less error-prone, compared to textual protocols like HTTP/1.1. The HTTP/2 protocol uses a binary framing layer that defines the frame type and how HTTP messages are encapsulated and transferred between the client and server. The HTTP/2 functionality supports the use of the CONNECT method to establish a tunnel connection through a single HTTP/2 stream to a remote host.
The HTTP/2 protocol includes many performance-enhancing changes that significantly improve performance, particularly for clients connecting over a mobile network.
The following table lists the major improvements in HTTP/2 over HTTP/1.1:
| HTTP/2 features | Description |
|---|---|
| Header Compression | HTTP headers have much repetitive information and therefore consume unnecessary bandwidth during data transmission. HTTP/2 reduces bandwidth requirements by compressing the header and minimizing the requirement to transport HTTP headers with every request and response. |
| Connection Multiplexing | Latency can have a huge impact on page load times and the end user experience. Connection multiplexing overcomes this problem by sending multiple requests and responses across a single connection. |
| Server Push | 服务器推送使服务器主动推送content to the client browser, avoiding round trip delay. This feature caches the responses it thinks the client needs, reduces the number round trips, and improves the page rendering time. Important: The Citrix ADC appliance does not support the server push functionality. |
| No Head-of-line Blocking | Under HTTP 1.1, browsers can download one resource at a time per connection. When a browser has to download a large resource, it blocks all other resources from downloading until the first download is complete. HTTP/2 overcomes this problem with a multiplexing approach. It allows the client browser to download other web components in parallel over the same connection and display them as they become available. |
| Request Prioritization | 不是所有的资源都有平等优先当兄弟wser renders a webpage. To accelerate the load time, all modern browsers prioritize requests by type of asset, their location on the page, and even by learned priority from previous visits. With HTTP/1.1, the browser has limited ability to use the priority data, because this protocol does not support multiplexing, and there is no way to communicate request prioritization by the server. The result is unnecessary network latency. HTTP/2 overcomes this problem by allowing the browser to dispatch all requests. The browser can communicate its stream prioritization preference via stream dependencies and weights, enabling the servers to optimize response delivery. Important: The Citrix ADC appliance does not support the request prioritization functionality. |
How HTTP/2 works
A Citrix ADC appliance supports HTTP/2 on the client side as well on the server side. On the client side, the Citrix ADC appliance acts as a server that hosts an HTTP/HTTPS virtual server for HTTP/2. On the back-end side, the Citrix ADC acts as a client to the servers that are bound to the virtual server.
Therefore, the Citrix ADC appliance maintains separate connections on the client side as well on the server side. The Citrix ADC appliance has separate HTTP/2 configurations for the client side and the server side.
HTTP/2 for HTTPS (SSL) load balancing configuration
For an HTTPS load balancing configuration, the Citrix ADC appliance uses the TLS ALPN extension (RFC 7301) to determine whether the client/server supports HTTP/2. If it does, the appliance chooses HTTP/2 as the application-layer protocol to transmit data (as described in RFC 7540 - Section 3.3) on the client/server side. The appliance uses the following order of preference when choosing the application-layer protocol through the TLS ALPN extension:
- HTTP/2 (if enabled in the HTTP profile)
- SPDY (if enabled in the HTTP profile)
- HTTP/1.1
HTTP/2 for HTTP load balancing configuration
For an HTTP load balancing configuration, the Citrix ADC appliance uses one of the following methods to start communicating with the client/server using HTTP/2.
Note:
In the following method descriptions, client and server are generals terms for an HTTP/2 connection. For example, for a load balancing setup of a Citrix ADC appliance using HTTP/2, the Citrix ADC appliance acts as a server on the client side and acts as a client to the server side.
HTTP/2 Upgrade. A client sends an HTTP/1.1 request to a server. The request includes an upgrade header, which asks the server for upgrading the connection to HTTP/2. If the server supports HTTP/2, the server accepts the upgrade request and notifies it in its response. The client and the server start communicating using HTTP/2 after the client receives the upgrade confirmation response.
直接HTTP / 2. A client directly starts communicating to a server in HTTP/2 instead of using the HTTP/2 upgrade method. If the server does not support HTTP/2 or is not configured to directly accept HTTP/2 requests, it drops the HTTP/2 packets from the client. This method is helpful if the admin of the client device already knows that the server supports HTTP/2.
直接HTTP / 2using Alternative Service (ALT-SVC).A server advertises that it supports HTTP/2 to a client by including an Alternative Service (ALT-SVC) field in its HTTP/1.1 response. If the client is configured to understand the ALT-SVC field, the client and the server start directly communicating using HTTP/2 after the client receives the response.
Citrix ADC设备提供了可配置的选择ions in an HTTP profile for the HTTP/2 methods. These HTTP/2 options can be applied to the client side as well to the server side of an HTTPS or HTTP load balancing setup. For more information for HTTP/2 methods and options, refer to theHTTP/2 optionsPDF.
Before you Begin
Before you begin configuring HTTP/2 on a Citrix ADC appliance, note the following points:
- The Citrix ADC appliance supports HTTP/2 on the client side as well on the server side.
- The Citrix ADC appliance does not support the HTTP/2 server push functionality.
- The Citrix ADC appliance does not support the HTTP/2 request prioritization functionality.
- The Citrix ADC appliance does not support HTTP/2 SSL renegotiation for HTTPS load balancing setups.
- The Citrix ADC appliance does not support HTTP/2 NTLM authentication.
- With HTTP/2 enabled, connection multiplexing disabled (like USIP enabled) and one to one mapping of client and server TCP connections, close events such as FIN, reset (RST) are forwarded from the client or server connection to the linked peer connection.
Configuring HTTP/2
Configuring HTTP/2 for a load balancing setup (HTTPS or HTTP) consists of the following tasks:
Enable HTTP/2 and set optional HTTP/2 parameters in an HTTP Profile. Enable HTTP/2 in an HTTP profile. When you only enable HTTP/2 in an HTTP profile, the Citrix ADC appliance uses only the upgrade method (for HTTP) or TLS ALPN method (for HTTPS) for communicating in HTTP/2.
For the Citrix ADC appliance to use the direct HTTP/2 method,直接HTTP / 2option must be enabled in the HTTP profile. For the Citrix ADC appliance to use the direct HTTP/2 using the alternative service method, theAlternative Service (altsvc)option must be enabled in the HTTP profile.
Bind the HTTP profile to a virtual server or a service. Bind the HTTP profile to a virtual server to configure HTTP/2 for the client side of the load balancing setup. Bind the HTTP profile to a service to configure HTTP2 for the server side of the load balancing setup.
Note:
Citrix recommends binding separate HTTP profiles for the client side and the server side.
Enable the global parameter for HTTP/2 server side support. Enable theHTTP/2 Service Side(HTTP2Serverside) global HTTP parameter for enabling the HTTP/2 support on the server side of all the load balancing setups that has HTTP/2 configured.
HTTP/2 does not work on the server side of any load balancing setups ifHTTP/2 Service Sideis disabled even if theHTTP/2is enabled on the HTTP profile bound to the related load balancing services.
Citrix ADC Command Line procedures:
To enable HTTP/2 and set HTTP/2 parameters by using the Citrix ADC command line
- To enable HTTP/2 and set HTTP/2 parameters while adding an HTTP profile, at the command prompt, type:
add ns httpProfile show ns httpProfile
- To enable HTTP/2 and set HTTP/2 parameters while modifying an HTTP profile, at the command prompt, type:
set ns httpProfile show ns httpProfile
To bind the HTTP profile to a virtual server by using the Citrix ADC command line
At the command prompt, type:
set lb vserver show lb vserver
To bind the HTTP profile to a load balancing service by using the Citrix ADC command line
At the command prompt, type:
set service show service
To enable HTTP/2 support globally on the server side by using the Citrix ADC command line
At the command prompt, type:
set ns httpParam -HTTP2Serverside( ENABLED | DISABLED )show ns httpParam
To enable HTTP/2 and set HTTP/2 parameters by using the Citrix ADC GUI
- Navigate toSystem>Profiles, and clickHTTP Profilestab.
- EnableHTTP/2while adding an HTTP profile or modifying an existing HTTP profile.
To bind the HTTP profile to a virtual server by using the Citrix ADC GUI
- Navigate toTraffic Management>Load Balancing>Virtual Servers, and open the virtual server.
- InAdvanced Settings, click+ HTTP Profileto bind the created HTTP profile to the virtual server.
To bind the HTTP profile to a load balancing service by using the Citrix ADC GUI
- Navigate toTraffic Management>Load Balancing>Service, and open the service.
- InAdvanced Settings, click+ HTTP Profileto bind the created HTTP profile to the service.
To enable HTTP/2 support globally on the server side by using the GUI
Navigate toSystem>Settings, clickChange HTTP parametersand enableHTTP/2 Server Side.
Sample configurations
In the following sample configuration, HTTP/2 and direct HTTP/2 is enabled on HTTP profile HTTP-PROFILE-HTTP2-CLIENT-SIDE. The profile is bound to virtual server LB-VS-1.
set ns httpProfile HTTP-PROFILE-HTTP2-CLIENT-SIDE -http2 enabled -http2Direct enabled Done set lb vserver LB-VS-1 -httpProfileName HTTP-PROFILE-HTTP2-CLIENT-SIDE Done In the following sample configuration, HTTP/2 and alternative service (ALT-SVC) is enabled on HTTP profile HTTP-PROFILE-HTTP2-SERVER-SIDE. The profile is bound to service LB-SERVICE-1.
set ns httpparam -HTTP2Serverside ENABLED Done set ns httpProfile HTTP-PROFILE-HTTP2-SERVER-SIDE -http2 ENABLED -altsvc ENABLED Done set service LB-SERVICE-1 -httpProfileName HTTP-PROFILE-HTTP2-SERVER-SIDE Done Configure HTTP/2 initial connection window size
As per RFC 7540, the flow-control window for HTTP2 stream and connection must be set to 64 K (65535) octets, and any change made to this value must be communicated to the peer. The ADC appliance communicates the change in flow-control window size as follows:
- Using the
SETTINGSframe for the stream. - Using the
WINDOW_UPDATEframe for the connection.
In an HTTP profile, you must configure thehttp2InitialWindowSizeparameter to set the initial window size at the stream level. Because of an internal system error, the ADC appliance initializes the flow-control window for the connection also. When there is a change in the configured flow-control window for the stream, the ADC appliance communicates to the peer using the SETTINGS frame. But the ADC appliance fails to communicate the change in flow-control window for the connection using theWINDOW_UPDATEframe. This leads to a connection freeze.
To overcome the issue, thehttp2InitialConnWindowSizeparameter (in bytes) is now added to control the flow-control window for connection. By using separate configurable parameters, you can now enable the appliance to send updates for changed window size at both stream and connection levels.
Configure the HTTP/2 initial connection window size parameter by using the CLI
At the command prompt, type:
set http profile p1 -http2InitialConnWindowSize 8290 Initial window size for stream level flow control, in bytes. Default value: 65535 Minimum value: 8192 Maximum value: 20971520