A Gateway to the New Internet: What to Know about HTTP/2 (And How to Use it Now)


Since HTTP 1.1 was introduced 17 years ago, the Internet has evolved.  This evolution introduced many changes, among them the development and delivery of rich content to users. These improvements enhanced the online experience, but did come at a cost – and the currency was performance. Performance challenges that HTTP 1.1 was never designed to handle.

In February 2015 the Internet Engineering Task Force (IETF), who develops and promotes voluntary Internet standards, released a new HTTP/2 version to cope with those challenges and to adapt to the evolution that internet content has undergone.

Here’s what you need to know about the challenges HTTP 1.1 faced and the improvements that HTTP/2 has introduced.

Challenge

HTTP 1.1 allowed the client to send only one object request per TCP connection at a time. Request for the next object could only be sent after the first request received the complete reply from the server.

Improvement

HTTP/2 enables transaction multiplexing – so that the browser can send any number of requests and receive the responses interleaved and out of order. As a result, the use of the TCP connection between the browser and the server is much more efficient, the wait between subsequent requests and replies is eliminated and this all leads to faster page load times.

Challenge

When visiting most webpages, the browser is requested to provide a lot of information about the session, such as transaction info (i.e. encoding used, cache control), user/server identification, cookies, etc. This information has to be provided in the HTTP header with each HTTP transaction. This can add up to a lot of data, adding more delay to the page download time.

Improvement

HTTP/2 introduces a new symmetrical header compression capability, where both the client and the server use an advanced header compression algorithm to reduce the header’s payload. In addition, with HTTP/2, it’s enough to send the full header only once per page, and not per transaction, reducing even further the uplink payload from the client to the server. The result again is faster webpage download time.

Challenge

With HTTP 1.1, communication could only be initiated by the client, which meant that the server could only push resources to the client, after the client has asked for them.

Improvement

With HTTP/2 the server can also initiate resource push to the client, even before the client knows they will need those resources. This bi-directional communication can reduce the number of “Get” transactions, and use the available bandwidth between the server and the client much more efficiently, leading again to faster web application response times.

Why Upgrade to HTTP/2?

HTTP/2 is an important upgrade that can provide performance improvements for your web applications. It can reduce the amount of bandwidth required to support the same amount of users on your site through enabling better header compression and fewer requests. This means that web applications can have faster response times and serve your users better. Nearly 60% of leading web browsers (including Chrome, Firefox, Internet Explorer, Safari, Opera and others) already natively support HTTP/2 – so your audience is ready for it!

Is HTTP/2 Right for any Web Application?

While the IETF doesn’t mandate encrypted (HTTPS) web communication for HTTP/2, all browser implementation of HTTP/2 does require a secured (HTTPS – SSL/TLS encrypted HTTP) connection.

This means that if a site doesn’t support HTTPS URLs, or can’t be upgraded to support HTTPS, it can’t use the new protocol. In many cases, even if the site can use encrypted HTTPS communication, it may have some severe performance penalties, having to encrypt all communication to/from the server. So only sites that have a good infrastructure that can efficiently handle HTTPS communication will be able to de-facto benefit from the performance boost HTTP/2 has to offer.

Another challenge that exists with HTTP/2 is that unlike the majority of browsers that already have mature support for HTTP/2, many web server platforms don’t offer stable and mature support for the new protocol.  The implementations of HTTP/2 support also often still suffer from unexpected behavior, partially due to the lack of testing tools that supports HTTP/2 protocol analysis.

Moreover, one of the capabilities that HTTP/2 offers in order to improve performance is server push – where the server pushes resources to the client, before the client asks for them. To leverage this capability the server needs the ability to determine which resources to push, to make the web transaction faster. Understanding which objects to push before the user asks for them, ensuring those objects don’t already exist in the browsers’ cache (otherwise – it will make the transaction slower not faster), is a capability no web servers natively have today.

These limitations may cause some site owners to delay their adoption of HTTP/2, but there are solutions that can help.

How Do I Accelerate HTTP/2 Adoption For My Web Applications?

One way to accelerate adoption is by making new use of your application delivery controller (ADC). Some ADCs provide an embedded functionality of HTTP/2 gateway, enabling protocol translation from HTTP/2 on the client side to HTTP 1.1 on the server side, and vice versa. Using such a solution, ensures the ADC vendor has already ensured its HTTP/2 gateway is fully debugged, operational and ready for production environments, eliminating the risk of deploying immature code in the web server platform.

Some ADC HTTP/2 gateways go even further than just providing a checkmark on HTTP/2 protocol support by adding more intelligence to their implementation. A good example is Radware’s embedded HTTP/2 Gateway on the Alteon ADC. This solution leverages performance optimization technology and algorithms to determine which objects to push to the client – helping to enable the new server push capability the HTTP/2 protocol offers. This added value offered by the external gateway is something that can add significant acceleration to your website and ease your transition so you and your site users can start experiencing the benefits of this enhanced protocol.

Yaron Azerual

Yaron Azerual is a senior product marketing manager at Radware bringing 27 years of engineering, product management and product marketing experience from both large corporations such as Lucent, Avaya as well as from smaller companies and startups such as Alvarion and Wavion. Yaron brings deep understanding of both the development aspects of communication and security products and of the customer challenges those products should solve. He holds a bachelor's in electrical engineering from Tel Aviv University.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Locations
Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

CyberPedia

An Online Encyclopedia Of Cyberattack and Cybersecurity Terms

CyberPedia
What is WAF?
What is DDoS?
Bot Detection
ARP Spoofing

Get Social

Connect with experts and join the conversation about Radware technologies.

Blog
Security Research Center