Header Compression Consumes CPU and Memory Resources
Total Page:16
File Type:pdf, Size:1020Kb
K4707: Choosing appropriate profiles for HTTP traffic Non-Diagnostic Original Publication Date: May 13, 2019 Update Date: Aug 12, 2019 Topic The BIG-IP system allows you to process HTTP traffic using various profiles, including TCP+HTTP, HTTP /2, Fast HTTP, and FastL4. Each profile, or combination of profiles, offers distinct advantages, limitations, and features. F5 recommends that you assess the needs of each HTTP virtual server individually, using the following information, to determine which profile, or profile combination, best meets the requirements for each virtual server. Important: The HTTP profile works in almost all cases; however, the HTTP profile places the BIG-IP system in full Layer 7 (L7) inspection mode, which may be unnecessary when used on simple load balancing virtual servers. Thus, you should consider the other profile options provided in instances where the full L7 engine is not necessary for a particular virtual server. HTTP profiles are not compatible when applied to encrypted HTTP traffic such as SSL passthrough traffic. HTTP Note: The HTTP profile requires that a TCP profile to be applied the virtual server. Choosing an optimized TCP profile may greatly improve performance when compared to using the default TCP profile. For more information, refer to K03553427: Using optimized TCP profiles. Advantage: The HTTP profile can take full advantage of all of BIG-IP system's Layers 4 - 7 HTTP/HTTPS features. When to use: The HTTP profile is used when any of the following features are required: IPv6 support TCP Express and content spooling features reduce server load Full OneConnect functionality (including HTTP 1.0 transformations) L7 persistence (cookie, hash, universal, and iRules) Full HTTP iRules logic Cache and Web Acceleration features HTTP Compression HTTP pipelining Virtual Server Authentication Redirect Rewriting SPDY protocol support (11.3.0 through 12.1.2 only) Limitations More CPU-intensive Memory usage: Cache/Web Acceleration The caching/web acceleration features provision user-defined memory for cache content for each virtual server that uses the given HTTP and Cache profiles. Compression Larger buffer sizes can increase memory usage when compressing large objects. TCP offloading/content spooling This can increase memory usage in cases where either the client-side or the server-side of the connection is slower than the other. The BIG-IP system holds the data in the buffer until the slower side of the connection is able to retrieve it. HTTP/2 Note: The HTTP/2 profile was introduced in BIG-IP 11.6.0 as an experimental feature and was fully implemented in BIG-IP 12.0.0. Note: The HTTP/2 profile requires that you apply a TCP, HTTP, and client-side SSL profile to the virtual server. Advantage: The HTTP/2 profile allows you to take advantage of the improvements provided by the Hypertext Transfer Protocol Version 2 specification (RFC 7540 and RFC 7541). When to use: The HTTP/2 profile allows the BIG-IP system to serve as a gateway for HTTP/2 traffic. By multiplexing streams and compressing headers, the perceived latency of requests and responses is reduced and the overall efficiency of the network is improved. The HTTP/2 profile can be used to provide the following: Multiplexed request/response streams with flow control for improved network usage Automatic header compression Binary instead of textual message framing for efficient message processing Support for SPDY, HTTP/1.1, and HTTP/2 protocol selection Proactive server response push to client iRules logic for HTTP/2 Limitations Header compression consumes CPU and memory resources No support for source address persistence prior to BIG-IP 15.0.0 Not compatible with NT LAN Manager (NTLM) protocols Not compatible with SSL profile (Client) renegotiation Fast HTTP Profile: Fast HTTP Advantage: Faster than HTTP profile When to use: Fast HTTP profile is recommended when it is not necessary to use persistence and or maintain source IP addresses. Fast HTTP also adds a subset of OneConnect features to reduce the number of connections opened to the backend HTTP servers. The Fast HTTP profile requires that the clients' source addresses are translated. If an explicit secure network address translation (SNAT) or SNAT pool is not specified, the appropriate self IP address is used. Note: Typically, server efficiency increases as the number of SNAT addresses that are available to the virtual server increases. At the same time, the increase in SNAT addresses that are available to the virtual server also decreases the likelihood that the virtual server will reach the point of ephemeral port exhaustion (65535 open connections per SNAT address). Limitations Requires client source address translation Not compatible with persistence until BIG-IP 10.0.0 Limited iRules support L4 and are limited to a subset of HTTP header operations, and pool/pool member selection No compression No virtual server authentication No support for HTTP pipelining No TCP optimizations No IPv6 support Note: Fast HTTP is optimized for ideal traffic conditions, but may not be an appropriate profile to use when network conditions are less than optimal. In most cases, when processing Internet-based traffic, F5 recommends the HTTP profile. For more information about the Fast HTTP profile, refer to K8024: Overview of the Fast HTTP profile. FastL4 Profile: FastL4 Advantage: Accelerates packet processing When to use: FastL4 is limited in functionality to socket level decisions (for example, src_ip:port dst_ip:port). Thus, you can use FastL4 only when socket level information for each connection is required for the virtual server. Limitations No HTTP optimizations No TCP optimizations for server offloading SNAT/SNAT pools demote PVA acceleration setting level to Assisted iRules limited to L4 events, such as CLIENT_ACCEPTED and SERVER_CONNECTED No OneConnect Limited persistence options: Source address Destination address Universal Hash (BIG-IP 9.x only) No compression No Virtual Server Authentication No support for HTTP pipelining Supplemental Information K29377715: Overview of the TCP profile (14.x) K10711911: Overview of the TCP profile (13.x) K70025261: Overview of the TCP profile (12.x) K13924148: Overview of the TCP profile (11.x) K7559: Overview of the TCP profile (9.x - 10.x) K12078: FastL4 virtual servers stop processing traffic after a Hash persistence profile is applied K16446: The BIG-IP system now allows a Performance (Layer 4) virtual server to have an associated HTTP profile K58959262: SPDY, IIOP, and MSSQL profile types are not available in BIG-IP 13.x K12015: Configuration requirements for SSL virtual servers, profiles, pools, and monitors K04412053: Overview of the BIG-IP HTTP/2 profile K40243113: Overview of the HTTP profile K8024: Overview of the Fast HTTP profile K09948701: Overview of the FastL4 profile Applies to: Product: BIG-IP, BIG-IP AAM, BIG-IP AFM, BIG-IP APM, BIG-IP ASM, BIG-IP LTM, BIG-IP PEM 15.X.X, 14.X.X, 13.X.X, 12.X.X, 11.X.X, 10.X.X, 9.X.X Product: Legacy Products, BIG-IP Edge Gateway, BIG-IP PSM, BIG-IP WebAccelerator, BIG-IP WOM 15.X.X, 14.X.X, 13.X.X, 12.X.X, 11.X.X, 10.X.X, 9.X.X.