cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Are the HTTP/2 profile defaults sound?

flalar
Altocumulus
Altocumulus

The current default for the HTTP/2 profile has a Concurrent Streams Per Connection default of 10. This seems a bit conservative. IETF recommended that this value being no smaller than 100, so as to not unnecessarily limit parallelism https://tools.ietf.org/html/rfc7540#section-6.5.2 Also, NGINX for example has a default of 128 for while Citrix Netscaler has 100 as default maximum number of concurrent HTTP/2 streams in a connection.

 

So, should we tune this value up from 10 to say 100? What effects will that have on the appliance? Also, should we then also tune any of the other default params for better performance?

 

 

3 REPLIES 3

Hi Flalar

 

Short answer: No, performance-wise 10 concurrent connections are too little. I'd definitely set it to 100+.

 

F5 is already aware of this and there's an RFE tracked by ID 848545 internally that suggests such changes to comply with RFC's recommendation but at the moment there's no target version so I believe we should still see the default of 10 for a while.

 

I believe we should eventually move the default settings to 100 and that makes the most of HTTP/2 parallelism. I don't see any downside from increasing number of concurrent connections. However, In the event of an attack, for example, in scenarios such as H2/H1 (HTTP/2 Gateway), an attacker could potentially be able to exhaust BIG-IP resources faster. 

Thank you for you reply . Based on what you are writing, we interpret that increasing concurrent streams per connection is recommended for increased user performance and that this has also been done during product testing by F5.

If so we will go forward with increasing concurrent streams in steps of 25, 50, 75, 100 to ensure we don't hit any limits in the appliance or anything like that.

Hi Flalar,

 

Just to let you know that this is not an authoritative F5 answer, ok? I'm an F5 employee but this is just my opinion based on my experience of years working for F5's Engineering Services and interacting with HTTP/2 Product Development team. I would (myself) recommend increasing concurrent streams per connection to 100+. I don't think it can cause any negative impact on performance at all. In fact, it's the opposite! It should be much better since your TCP/HTTPS/HTTP/2 connection can potentially be reused for multiple streams rather than having to establish multiple connections as is the case with old HTTP/1.1 protocol. A regular browser typically opens multiple HTTP/1.1 connections to a website to improve user experience by loading things simultaneously/in parallel. HTTP/2 ready browsers can do the same in 1 TCP/HTTPS/HTTP/2 connection instead by using multiple streams. I personally don't think you will hit any limits in the appliance by increasing concurrent streams.

 

All the best,

Rodrigo