Re: Q: about HTTP/2

[Steven Le Roux]

Hi,

I have a concret use case that need http/2 : one ssl frontend with
multiple heterogeneous (h2,http/1.1) backends

gRPC is http2 only and if you have to use it behind a single domain
you need to be able to route http/2 traffic among http/1.1.

In this case, I need to apply some http specific rules (e.g. path_beg)
that require mode http to be enabled.
In the same time, I need to route http2 traffic to the right backend.

The problem is that the http2 backend is not mode http compliant so
there is a conflict between backends given the routing issue I have.

What I did to do this is having :

frontend f_https
  mode tcp
  bind ... alpn h2,http/1.1
  ...
  acl is_h2 ssl_fc_alpn -i h2
  use_backend b_grpc if h2
  use_backend b_http if !h2

frontend f_http
  mode http
  bind 127.0.0.1:80
  acl p_1 path_beg /1
  acl p_2 path_beg /2
  use_backend b_1 if p_1
  use_backend b_2 if p_2

backend b_http
   server internal 127.0.0.1:80

backend b_1
  mode http
  server api_1 10.0.0.1:8081
  server api_2 10.0.0.2:8081
backend b_2
  mode http
  server ws_1  10.0.0.1:8082
  server ws_2 10.0.0.2:8082
backend b_grpc
  mode tcp
  server grpc_1  10.0.0.1:8082
  server grpc_2  10.0.0.2:8082


Having HPACK parsing with mode http over h2 would simplify this by
just using HTTP ACLs and ALPN detection in the same frontend.

On Sat, Apr 9, 2016 at 11:30 AM, Pavlos Parissis
 wrote:
> On 07/04/2016 06:01 μμ, Willy Tarreau wrote:
>> Hi Aleks,
>>
>> On Fri, Apr 01, 2016 at 12:18:54PM +0200, Aleksandar Lazic wrote:
>>> Hi Willy & other core devs/pms.
>>>
>>> I know that HTTP/2 is on the road-map but not ready yet.
>>>
>>> Would you be so kind and share some of your thoughts, stats and plans for
>>> HTTP/2.
>>
>> Well, the plan is to have *at least* HTTP/2 with the client and HTTP/1 with
>> the server. Maybe we'll find that doing H2->H2 is easy enough but given our
>> past experiences guessing that two sides are only slightly more difficult
>> than a single one, I'd prefer to remain careful.
>>
>> Regarding the timing, I'm trying hard to get something for 1.7 next fall.
>> But to be very honnest, 90% of my time spent on haproxy is spent chasing
>> bugs these days, the last 10% are spent on code review.
>
> And this is very much appreciated by a lot of people(including my self).
> It increases the confidence level on the software when you know that
> devs are actively working on properly fixing bugs and avoid putting
> yet another monkey patch, so they can go back to development of new
> cool things.
>
> Having said, I would love to see H2 on client side and a _more_ proper
> connection pooling on the server side in 1.7 version.
>
> Cheers,
> Pavlos
>
>



-- 
Steven Le Roux
Jabber-ID : ste...@jabber.fr
0x39494CCB 
2FF7 226B 552E 4709 03F0  6281 72D7 A010 3949 4CCB

Re: Q: about HTTP/2

[Pavlos Parissis]

On 07/04/2016 06:01 μμ, Willy Tarreau wrote:
> Hi Aleks,
> 
> On Fri, Apr 01, 2016 at 12:18:54PM +0200, Aleksandar Lazic wrote:
>> Hi Willy & other core devs/pms.
>>
>> I know that HTTP/2 is on the road-map but not ready yet.
>>
>> Would you be so kind and share some of your thoughts, stats and plans for
>> HTTP/2.
> 
> Well, the plan is to have *at least* HTTP/2 with the client and HTTP/1 with
> the server. Maybe we'll find that doing H2->H2 is easy enough but given our
> past experiences guessing that two sides are only slightly more difficult
> than a single one, I'd prefer to remain careful.
> 
> Regarding the timing, I'm trying hard to get something for 1.7 next fall.
> But to be very honnest, 90% of my time spent on haproxy is spent chasing
> bugs these days, the last 10% are spent on code review.

And this is very much appreciated by a lot of people(including my self).
It increases the confidence level on the software when you know that
devs are actively working on properly fixing bugs and avoid putting
yet another monkey patch, so they can go back to development of new
cool things.

Having said, I would love to see H2 on client side and a _more_ proper
connection pooling on the server side in 1.7 version.

Cheers,
Pavlos




signature.asc
Description: OpenPGP digital signature

Re: Q: about HTTP/2

[Willy Tarreau]

Hi Aleks,

On Fri, Apr 01, 2016 at 12:18:54PM +0200, Aleksandar Lazic wrote:
> Hi Willy & other core devs/pms.
> 
> I know that HTTP/2 is on the road-map but not ready yet.
> 
> Would you be so kind and share some of your thoughts, stats and plans for
> HTTP/2.

Well, the plan is to have *at least* HTTP/2 with the client and HTTP/1 with
the server. Maybe we'll find that doing H2->H2 is easy enough but given our
past experiences guessing that two sides are only slightly more difficult
than a single one, I'd prefer to remain careful.

Regarding the timing, I'm trying hard to get something for 1.7 next fall.
But to be very honnest, 90% of my time spent on haproxy is spent chasing
bugs these days, the last 10% are spent on code review. We've reached a
level of complexity that is high enough to keep bug hunters busy and that's
slowing us down. For the first time we even released a version with several
known bugs that were not yet addressed by lack of time. So I'm trying to
compose between fixing bugs and developing.

I have some paper drafts about what to do, when I read the date on them I
realize that time flies (2014 for some of them). A significant part of the
internal architecture is ready (split between streams and sessions), some
of it still needs to be done (make an applet able to use normal load balancing
just like a regular client), we need to implement the H2<->H1 MUX which will
itself work almost like a proxy with various states depending what side closes
first etc. And then to address all the shortcomings that will result from this
(eg: tcp-request contents having to be applied on the clear text only, etc).

Also among the requirements we can count one which is that the applets are
fixed regarding the issue we currently have with peers which can stall. H2
will have the same problem so we must ensure we find a correct fix for the
peers before going full throttle the H2 way if we don't want to modify the
architecture again.

That's the most accurate vision I can give for the moment.

Cheers,
Willy

Re: Q: about HTTP/2

[Shawn Heisey]

On 4/2/2016 6:23 AM, Dennis Jacobfeuerborn wrote:
> What about the multiplexing of connections? If you use http 1.x to
> communicate with the servers you effectively nullify that 2.0 feature.
> At least in theory in order to actually get all the benefits from http/2
> you need support for the client side and unencrypted support on the
> server side to prevent having to re-encrypt data (or some form of
> persistent connection pooling to minimize the new establishment of
> connections to the server).

Although having multiplexing support for the backend would certainly
help performance, normally a LAN is fast enough that the only
significant cost to establishing many connections is the number of
simultaneous open sockets.  This *is* a worry for extremely high traffic
sites, but many sites (including mine) do not receive enough traffic for
that to be a problem.

Latency for a LAN is probably one millisecond or less, while on the
Internet side latencies up to several hundred milliseconds are
possible.  If everything from the client to haproxy is using one HTTP/2
connection, performance on my LAN backend should be very good even if
it's running HTTP/1.1 without keepalive.  Eventually, I'd upgrade the
backend to HTTP/2 as well.  If I were to upgrade both at the same time,
and there was a problem, I would not know which change *caused* the problem.

I think that HTTP/2 server support (facing the Internet) is *slightly*
more important in haproxy than HTTP/2 client support (facing the
servers), but only slightly.  High-traffic sites need both.

Thanks,
Shawn

Re: Q: about HTTP/2

[Pavlos Parissis]

On 01/04/2016 12:25 μμ, Baptiste wrote:
> On Fri, Apr 1, 2016 at 12:18 PM, Aleksandar Lazic  wrote:
>> Hi Willy & other core devs/pms.
>>
>> I know that HTTP/2 is on the road-map but not ready yet.
>>
>> Would you be so kind and share some of your thoughts, stats and plans for
>> HTTP/2.
>>
>> Thank you very much.
>>
>> Best regards
>> Aleks
>>
> 
> 
> Do you guys, on the ML, really need HTTP/2?
> If so what's your deadline??
> 
> Baptiste
> 


Support has already landed on several HTTP servers(nginx, apache,
caddy). It has arrived on several clients(including programming
languages( Go 1.6, hyper in Python)) as well.

I have several people at work asking about it, but not very hard(yet).

But, it has been mentioned before here that support for ht2 will bring
also connection pooling on the backend. This is quite important for
installation on PoPs, as you don't want to open a connection to the
remote DC for each client connection.

So, it is time to see support on HAProxy for ht 2 as well:-)

My 2cents,
Pavlos




signature.asc
Description: OpenPGP digital signature

Re: Q: about HTTP/2

[Dennis Jacobfeuerborn]

On 01.04.2016 16:35, Shawn Heisey wrote:
> On 4/1/2016 4:25 AM, Baptiste wrote:
>> Do you guys, on the ML, really need HTTP/2? If so what's your deadline?? 
> 
> Need?  Perhaps not.  Want?  Very much so.  Deadline: ASAP, but don't be
> in a hurry.  I definitely prefer to have a battle-tested solution that
> takes a year than a lousy implementation delivered tomorrow.
> 
> We have been experimenting with technologies to make pages load faster
> -- combining and minifying JS/CSS files, mod_pagespeed for Apache, etc. 
> A lot of those tricks won't be necessary once HTTP/2 support is
> available.  If I understand the situation correctly, we only need that
> support in haproxy.  I think the backend webservers can continue to run
> older software, because latency is the killer, and there's not much
> latency on a LAN.

What about the multiplexing of connections? If you use http 1.x to
communicate with the servers you effectively nullify that 2.0 feature.
At least in theory in order to actually get all the benefits from http/2
you need support for the client side and unencrypted support on the
server side to prevent having to re-encrypt data (or some form of
persistent connection pooling to minimize the new establishment of
connections to the server).

Regards,
  Dennis

Re: Q: about HTTP/2

[Shawn Heisey]

On 4/1/2016 4:25 AM, Baptiste wrote:
> Do you guys, on the ML, really need HTTP/2? If so what's your deadline?? 

Need?  Perhaps not.  Want?  Very much so.  Deadline: ASAP, but don't be
in a hurry.  I definitely prefer to have a battle-tested solution that
takes a year than a lousy implementation delivered tomorrow.

We have been experimenting with technologies to make pages load faster
-- combining and minifying JS/CSS files, mod_pagespeed for Apache, etc. 
A lot of those tricks won't be necessary once HTTP/2 support is
available.  If I understand the situation correctly, we only need that
support in haproxy.  I think the backend webservers can continue to run
older software, because latency is the killer, and there's not much
latency on a LAN.

Thanks,
Shawn

Re: Q: about HTTP/2

[Aleksandar Lazic]

Hi Baptiste.

Am 01-04-2016 12:25, schrieb Baptiste:
On Fri, Apr 1, 2016 at 12:18 PM, Aleksandar Lazic  
wrote:

Hi Willy & other core devs/pms.

I know that HTTP/2 is on the road-map but not ready yet.

Would you be so kind and share some of your thoughts, stats and plans 
for

HTTP/2.



Do you guys, on the ML, really need HTTP/2?


In case that a app use async JS communication and http-push what's your 
suggestion to solve this with haproxy current?

Are websockets enough?

A possible solution with jetty can be found here.

https://www.eclipse.org/jetty/documentation/current/http2-configuring-haproxy.html


If so what's your deadline??

Baptiste


BR Aleks

Re: Q: about HTTP/2

[Craig Craig]

Hi,

> Do you guys, on the ML, really need HTTP/2?
> If so what's your deadline??

Yea, we will definitively need it, our customers started asking about it two
months ago. Management will probably start to worry about pissing off premium
managed hosting customers if they keep asking and we can't add HTTP/2 for them
at some point.
It's not really urgent for us, deadline might be the end of the year. It might
be problematic, if we want to take part in a public bidding and someone just
snuck "HTTP/2 support" into the requirements for bidders and we just can't do
that with haproxy.
I'm pretty sure my boss would be willing to invest some €€€ if that helps.

- Craig

Re: Q: about HTTP/2

[Andrew Smalley]

Hello Baptiste,

We have been asked questions about HTTP/2 but it does not seem to be a
block when we say its not fully supported in Layer7


Regards

Andrew Smalley

Loadbalancer.org
http://www.loadbalancer.org

On 1 April 2016 at 11:25, Baptiste  wrote:

> On Fri, Apr 1, 2016 at 12:18 PM, Aleksandar Lazic 
> wrote:
> > Hi Willy & other core devs/pms.
> >
> > I know that HTTP/2 is on the road-map but not ready yet.
> >
> > Would you be so kind and share some of your thoughts, stats and plans for
> > HTTP/2.
> >
> > Thank you very much.
> >
> > Best regards
> > Aleks
> >
>
>
> Do you guys, on the ML, really need HTTP/2?
> If so what's your deadline??
>
> Baptiste
>
>

Re: Q: about HTTP/2

[Baptiste]

On Fri, Apr 1, 2016 at 12:18 PM, Aleksandar Lazic  wrote:
> Hi Willy & other core devs/pms.
>
> I know that HTTP/2 is on the road-map but not ready yet.
>
> Would you be so kind and share some of your thoughts, stats and plans for
> HTTP/2.
>
> Thank you very much.
>
> Best regards
> Aleks
>


Do you guys, on the ML, really need HTTP/2?
If so what's your deadline??

Baptiste

Q: about HTTP/2

[Aleksandar Lazic]

Hi Willy & other core devs/pms.

I know that HTTP/2 is on the road-map but not ready yet.

Would you be so kind and share some of your thoughts, stats and plans 
for HTTP/2.


Thank you very much.

Best regards
Aleks