Re: Q: about HTTP/2
Hi, I have a concret use case that need http/2 : one ssl frontend with multiple heterogeneous (h2,http/1.1) backends gRPC is http2 only and if you have to use it behind a single domain you need to be able to route http/2 traffic among http/1.1. In this case, I need to apply some http specific rules (e.g. path_beg) that require mode http to be enabled. In the same time, I need to route http2 traffic to the right backend. The problem is that the http2 backend is not mode http compliant so there is a conflict between backends given the routing issue I have. What I did to do this is having : frontend f_https mode tcp bind ... alpn h2,http/1.1 ... acl is_h2 ssl_fc_alpn -i h2 use_backend b_grpc if h2 use_backend b_http if !h2 frontend f_http mode http bind 127.0.0.1:80 acl p_1 path_beg /1 acl p_2 path_beg /2 use_backend b_1 if p_1 use_backend b_2 if p_2 backend b_http server internal 127.0.0.1:80 backend b_1 mode http server api_1 10.0.0.1:8081 server api_2 10.0.0.2:8081 backend b_2 mode http server ws_1 10.0.0.1:8082 server ws_2 10.0.0.2:8082 backend b_grpc mode tcp server grpc_1 10.0.0.1:8082 server grpc_2 10.0.0.2:8082 Having HPACK parsing with mode http over h2 would simplify this by just using HTTP ACLs and ALPN detection in the same frontend. On Sat, Apr 9, 2016 at 11:30 AM, Pavlos Parissiswrote: > On 07/04/2016 06:01 μμ, Willy Tarreau wrote: >> Hi Aleks, >> >> On Fri, Apr 01, 2016 at 12:18:54PM +0200, Aleksandar Lazic wrote: >>> Hi Willy & other core devs/pms. >>> >>> I know that HTTP/2 is on the road-map but not ready yet. >>> >>> Would you be so kind and share some of your thoughts, stats and plans for >>> HTTP/2. >> >> Well, the plan is to have *at least* HTTP/2 with the client and HTTP/1 with >> the server. Maybe we'll find that doing H2->H2 is easy enough but given our >> past experiences guessing that two sides are only slightly more difficult >> than a single one, I'd prefer to remain careful. >> >> Regarding the timing, I'm trying hard to get something for 1.7 next fall. >> But to be very honnest, 90% of my time spent on haproxy is spent chasing >> bugs these days, the last 10% are spent on code review. > > And this is very much appreciated by a lot of people(including my self). > It increases the confidence level on the software when you know that > devs are actively working on properly fixing bugs and avoid putting > yet another monkey patch, so they can go back to development of new > cool things. > > Having said, I would love to see H2 on client side and a _more_ proper > connection pooling on the server side in 1.7 version. > > Cheers, > Pavlos > > -- Steven Le Roux Jabber-ID : ste...@jabber.fr 0x39494CCB 2FF7 226B 552E 4709 03F0 6281 72D7 A010 3949 4CCB
Re: Q: about HTTP/2
On 07/04/2016 06:01 μμ, Willy Tarreau wrote: > Hi Aleks, > > On Fri, Apr 01, 2016 at 12:18:54PM +0200, Aleksandar Lazic wrote: >> Hi Willy & other core devs/pms. >> >> I know that HTTP/2 is on the road-map but not ready yet. >> >> Would you be so kind and share some of your thoughts, stats and plans for >> HTTP/2. > > Well, the plan is to have *at least* HTTP/2 with the client and HTTP/1 with > the server. Maybe we'll find that doing H2->H2 is easy enough but given our > past experiences guessing that two sides are only slightly more difficult > than a single one, I'd prefer to remain careful. > > Regarding the timing, I'm trying hard to get something for 1.7 next fall. > But to be very honnest, 90% of my time spent on haproxy is spent chasing > bugs these days, the last 10% are spent on code review. And this is very much appreciated by a lot of people(including my self). It increases the confidence level on the software when you know that devs are actively working on properly fixing bugs and avoid putting yet another monkey patch, so they can go back to development of new cool things. Having said, I would love to see H2 on client side and a _more_ proper connection pooling on the server side in 1.7 version. Cheers, Pavlos signature.asc Description: OpenPGP digital signature
Re: Q: about HTTP/2
Hi Aleks, On Fri, Apr 01, 2016 at 12:18:54PM +0200, Aleksandar Lazic wrote: > Hi Willy & other core devs/pms. > > I know that HTTP/2 is on the road-map but not ready yet. > > Would you be so kind and share some of your thoughts, stats and plans for > HTTP/2. Well, the plan is to have *at least* HTTP/2 with the client and HTTP/1 with the server. Maybe we'll find that doing H2->H2 is easy enough but given our past experiences guessing that two sides are only slightly more difficult than a single one, I'd prefer to remain careful. Regarding the timing, I'm trying hard to get something for 1.7 next fall. But to be very honnest, 90% of my time spent on haproxy is spent chasing bugs these days, the last 10% are spent on code review. We've reached a level of complexity that is high enough to keep bug hunters busy and that's slowing us down. For the first time we even released a version with several known bugs that were not yet addressed by lack of time. So I'm trying to compose between fixing bugs and developing. I have some paper drafts about what to do, when I read the date on them I realize that time flies (2014 for some of them). A significant part of the internal architecture is ready (split between streams and sessions), some of it still needs to be done (make an applet able to use normal load balancing just like a regular client), we need to implement the H2<->H1 MUX which will itself work almost like a proxy with various states depending what side closes first etc. And then to address all the shortcomings that will result from this (eg: tcp-request contents having to be applied on the clear text only, etc). Also among the requirements we can count one which is that the applets are fixed regarding the issue we currently have with peers which can stall. H2 will have the same problem so we must ensure we find a correct fix for the peers before going full throttle the H2 way if we don't want to modify the architecture again. That's the most accurate vision I can give for the moment. Cheers, Willy
Re: Q: about HTTP/2
On 4/2/2016 6:23 AM, Dennis Jacobfeuerborn wrote: > What about the multiplexing of connections? If you use http 1.x to > communicate with the servers you effectively nullify that 2.0 feature. > At least in theory in order to actually get all the benefits from http/2 > you need support for the client side and unencrypted support on the > server side to prevent having to re-encrypt data (or some form of > persistent connection pooling to minimize the new establishment of > connections to the server). Although having multiplexing support for the backend would certainly help performance, normally a LAN is fast enough that the only significant cost to establishing many connections is the number of simultaneous open sockets. This *is* a worry for extremely high traffic sites, but many sites (including mine) do not receive enough traffic for that to be a problem. Latency for a LAN is probably one millisecond or less, while on the Internet side latencies up to several hundred milliseconds are possible. If everything from the client to haproxy is using one HTTP/2 connection, performance on my LAN backend should be very good even if it's running HTTP/1.1 without keepalive. Eventually, I'd upgrade the backend to HTTP/2 as well. If I were to upgrade both at the same time, and there was a problem, I would not know which change *caused* the problem. I think that HTTP/2 server support (facing the Internet) is *slightly* more important in haproxy than HTTP/2 client support (facing the servers), but only slightly. High-traffic sites need both. Thanks, Shawn
Re: Q: about HTTP/2
On 01/04/2016 12:25 μμ, Baptiste wrote: > On Fri, Apr 1, 2016 at 12:18 PM, Aleksandar Lazicwrote: >> Hi Willy & other core devs/pms. >> >> I know that HTTP/2 is on the road-map but not ready yet. >> >> Would you be so kind and share some of your thoughts, stats and plans for >> HTTP/2. >> >> Thank you very much. >> >> Best regards >> Aleks >> > > > Do you guys, on the ML, really need HTTP/2? > If so what's your deadline?? > > Baptiste > Support has already landed on several HTTP servers(nginx, apache, caddy). It has arrived on several clients(including programming languages( Go 1.6, hyper in Python)) as well. I have several people at work asking about it, but not very hard(yet). But, it has been mentioned before here that support for ht2 will bring also connection pooling on the backend. This is quite important for installation on PoPs, as you don't want to open a connection to the remote DC for each client connection. So, it is time to see support on HAProxy for ht 2 as well:-) My 2cents, Pavlos signature.asc Description: OpenPGP digital signature
Re: Q: about HTTP/2
On 01.04.2016 16:35, Shawn Heisey wrote: > On 4/1/2016 4:25 AM, Baptiste wrote: >> Do you guys, on the ML, really need HTTP/2? If so what's your deadline?? > > Need? Perhaps not. Want? Very much so. Deadline: ASAP, but don't be > in a hurry. I definitely prefer to have a battle-tested solution that > takes a year than a lousy implementation delivered tomorrow. > > We have been experimenting with technologies to make pages load faster > -- combining and minifying JS/CSS files, mod_pagespeed for Apache, etc. > A lot of those tricks won't be necessary once HTTP/2 support is > available. If I understand the situation correctly, we only need that > support in haproxy. I think the backend webservers can continue to run > older software, because latency is the killer, and there's not much > latency on a LAN. What about the multiplexing of connections? If you use http 1.x to communicate with the servers you effectively nullify that 2.0 feature. At least in theory in order to actually get all the benefits from http/2 you need support for the client side and unencrypted support on the server side to prevent having to re-encrypt data (or some form of persistent connection pooling to minimize the new establishment of connections to the server). Regards, Dennis
Re: Q: about HTTP/2
On 4/1/2016 4:25 AM, Baptiste wrote: > Do you guys, on the ML, really need HTTP/2? If so what's your deadline?? Need? Perhaps not. Want? Very much so. Deadline: ASAP, but don't be in a hurry. I definitely prefer to have a battle-tested solution that takes a year than a lousy implementation delivered tomorrow. We have been experimenting with technologies to make pages load faster -- combining and minifying JS/CSS files, mod_pagespeed for Apache, etc. A lot of those tricks won't be necessary once HTTP/2 support is available. If I understand the situation correctly, we only need that support in haproxy. I think the backend webservers can continue to run older software, because latency is the killer, and there's not much latency on a LAN. Thanks, Shawn
Re: Q: about HTTP/2
Hi Baptiste. Am 01-04-2016 12:25, schrieb Baptiste: On Fri, Apr 1, 2016 at 12:18 PM, Aleksandar Lazicwrote: Hi Willy & other core devs/pms. I know that HTTP/2 is on the road-map but not ready yet. Would you be so kind and share some of your thoughts, stats and plans for HTTP/2. Do you guys, on the ML, really need HTTP/2? In case that a app use async JS communication and http-push what's your suggestion to solve this with haproxy current? Are websockets enough? A possible solution with jetty can be found here. https://www.eclipse.org/jetty/documentation/current/http2-configuring-haproxy.html If so what's your deadline?? Baptiste BR Aleks
Re: Q: about HTTP/2
Hi, > Do you guys, on the ML, really need HTTP/2? > If so what's your deadline?? Yea, we will definitively need it, our customers started asking about it two months ago. Management will probably start to worry about pissing off premium managed hosting customers if they keep asking and we can't add HTTP/2 for them at some point. It's not really urgent for us, deadline might be the end of the year. It might be problematic, if we want to take part in a public bidding and someone just snuck "HTTP/2 support" into the requirements for bidders and we just can't do that with haproxy. I'm pretty sure my boss would be willing to invest some €€€ if that helps. - Craig
Re: Q: about HTTP/2
Hello Baptiste, We have been asked questions about HTTP/2 but it does not seem to be a block when we say its not fully supported in Layer7 Regards Andrew Smalley Loadbalancer.org http://www.loadbalancer.org On 1 April 2016 at 11:25, Baptistewrote: > On Fri, Apr 1, 2016 at 12:18 PM, Aleksandar Lazic > wrote: > > Hi Willy & other core devs/pms. > > > > I know that HTTP/2 is on the road-map but not ready yet. > > > > Would you be so kind and share some of your thoughts, stats and plans for > > HTTP/2. > > > > Thank you very much. > > > > Best regards > > Aleks > > > > > Do you guys, on the ML, really need HTTP/2? > If so what's your deadline?? > > Baptiste > >
Re: Q: about HTTP/2
On Fri, Apr 1, 2016 at 12:18 PM, Aleksandar Lazicwrote: > Hi Willy & other core devs/pms. > > I know that HTTP/2 is on the road-map but not ready yet. > > Would you be so kind and share some of your thoughts, stats and plans for > HTTP/2. > > Thank you very much. > > Best regards > Aleks > Do you guys, on the ML, really need HTTP/2? If so what's your deadline?? Baptiste
Q: about HTTP/2
Hi Willy & other core devs/pms. I know that HTTP/2 is on the road-map but not ready yet. Would you be so kind and share some of your thoughts, stats and plans for HTTP/2. Thank you very much. Best regards Aleks