Putting the Network to Work Manish Vachharajani Senior Architect, F5 Networks.

Putting the Network to WorkManish Vachharajani

Senior Architect, F5 Networks

© F5 Networks, Inc 2

The Internet

Servers

Your App vs. the Network

Devices

Users

© F5 Networks, Inc 3

The Internet

• Limited Bandwidth

• Long Round Trip Times (RTT, aka Ping Time)

• Poor protocol and web browser interactions

Your App vs. the Network (2)

Devices

Users

Servers

Router Firewall

© F5 Networks, Inc 4

High Performance Websites in One Slide• Avoid Render Blocking by Scripts

• Avoid Render Blocking by CSS

• Minify HTML

• Minify Javascript

• Minify CSS

• Optimize Images

• Avoid Landing Page Redirects

• Prioritize Visible Content

• Leverage Browser Caching

• Reduce Server Response Time

• Optimize TCP for client networks

• Route clients to the best datacenter

• Use SSL False start

• Enable SSL Reuse

• Use OCSP stapling

• Use HSTS

© F5 Networks, Inc 5

• Web Page Test (www.webpagetest.org)

Network Waterfall Timing Diagram

© F5 Networks, Inc 6

Javascript and the Network

© F5 Networks, Inc 7

Transport CompressionAfter compression

Before Compression

INCREASED LATENCY

1.5 seconds faster

© F5 Networks, Inc 8

CSS and the Network

© F5 Networks, Inc 9

Images, other External Resources and the Network

150 KB IMAGES

CSS CASCADE

© F5 Networks, Inc 10

Semantic Compression – Minification and JPGPNG IS BETTER

JPG IS BETTER

UGLIFYCSS, …

UGLIFYJS, …

© F5 Networks, Inc 11

Inlining Content GROSS!

BUT EFFECTIVE!

• SPDY AND HTTP/2.0 RESOLVE CONNECTION BLOCKING WITH MULTIPLE STREAMS PER CONNECTION

© F5 Networks, Inc 12

• RTT is primarily controlled by ISP infrastructure

• Cannot reduce RTT• Except by moving TCP end points closer to the client• CDN, proper DNS resolution to closest datacenter

RTT and Connection Establishment

Client

ServerSYN

SYN/ACK

ACK

HTTP Request

Speed Of Light, NY to London is 28 ms

1.5 RTT = 84ms

56 ms

© F5 Networks, Inc 13

Now add TLS/SSL

Client

ServerSYN

SYN/ACK

ACK/Client Hello

224 msServer Hello/Cert/etc.

ClientKeyExchange/Ciphers

Ciphers

HTTP Request

© F5 Networks, Inc 14

• Score your site: https://www.ssllabs.com/ssltest/

• See istlsfastyet.com for suggestions• Session resumption (i.e., reuse, caching ok, tickets preferred) reduces

RTs• To 168 ms in prior example (1 RT)

• SSL False Start• Concurrently transmit application data with ClientKeyExchange• Overlaps application data transfer with session establishment,

hiding latency• Early Termination• Terminate connections closer to the end client

• OCSP Stapling• Eliminate network traffic for client to validate server certificate

• HTTP Strict Transport Security• Avoid HTTP to HTTPS redirect on subsequent visits

Optimize SSL

Lots of Other Stuff

There are dozens of talks about how to best do each of these things, and avoid the problems. There are other effects and optmizations I have not even discussed here, and are not covered by Google Page Speed and other tools

© F5 Networks, Inc 16

The Internet

F5 BIG IP

Devices

Users

Servers

DNS, Firewall, Load Balancing, Content Optimization, TCP

optimization, SSL Acceleration, …

BIG-IP Platform

© F5 Networks, Inc 17

BIG IP Examples

Devices

Servers

DNS, Firewall, Load Balancing, Content Optimization, TCP

optimization, SSL Acceleration, …

BIG-IP Platform

The Internet

GET /index.html HTTP/1.1 GET /index.html HTTP/1.1

GET /index.css HTTP/1.1

GET /index.js HTTP/1.1

Returns minified index.html minified inlined index.css, inlined imports inlined and minified index.js inlined images, etc. (inlining, minification configurable)

• TCP OPTIMIZED• SSL OPTIMIZED• CACHE HEADERS ADDED• OPTIONAL CACHING• URL REWRITING (CDN,

ETC.)• SPDY, HTTP/2.0• …

© F5 Networks, Inc 18

• Hardware, Virtual Machine, Cloud Marketplace• VMWare, Xen, KVM, and AWS Marketplace, BYOL in other clouds• More deployment options going forward

BIG IP Form Factors and Availability

© F5 Networks, Inc 19

• Node.js in the datapath• Bare Metal or VM (high performance or high density)• Fully automated deployment via true REST API• Download and buy at linerate.f5.com

LineRate

Booth #508