HTTP/2 is now in General Availability

We’re pleased to announce that HTTP/2 is now in General Availability (GA). Our team has been working diligently to tightly integrate HTTP/2 support into our existing environment. We’ve taken measures to ensure that our design and testing of this component adheres to the HTTP/2 protocol standards and can be seamlessly deployed across our entire network.

Enabling HTTP/2

Customers on our shared as well as dedicated and hosted certificates have the option to use HTTP/2 right away. All new customers and certificate entries will be HTTP/2 enabled by default.

Shared SAN certificate customers

To enable HTTP/2 for your Shared SAN certificate, please take the corresponding CNAME record you use (for instance, m.ssl.fastly.net) and use the corresponding letter followed by *.shared, so m.ssl.fastly.net would become m.shared.global.fastly.net. If you’re using a US-EU only CNAME map, substitute “global” with “us-eu,” which would appear as m.shared.us-eu.fastly.net.

For example, these are the CNAME map formats you can use today:

• Today’s map (which will remain active with HTTP/1.1): m.ssl.fastly.net
• Global HTTP/2 map: m.shared.global.fastly.net
• US-EU only HTTP/2 map: m.shared.us-eu.fastly.net

If you’re using k.ssl.fastly.net currently, your available CNAME map formats would become:

• Today’s map (which will remain active with HTTP/1.1): k.ssl.fastly.net
• Global HTTP/2 map: k.shared.global.fastly.net
• US-EU only HTTP/2 map: k.shared.us-eu.fastly.net

Remember that your existing maps, which will remain HTTP/1.1 only, will not be going away anytime soon – you can test HTTP/2 at your own convenience. Your maps are ready to use immediately.

Dedicated certificate customers

To enable HTTP/2 for your account, just let us know via a support ticket that you’re ready for HTTP/2 and we’ll modify your certificate so it becomes HTTP/2 by default.

Anycast IP addresses for Apex domains

If you use our Anycast IP addresses for Apex domains and are interested in HTTP/2, please let us know via a support ticket, and we’ll provide HTTP/2-enabled Anycast IP addresses for your use.

Free TLS Customers

We will change all free TLS customers to HTTP/2 in Q1 of 2017.

Benefits of HTTP/2 on Fastly

Fastly supports all standard as well as some optional features for HTTP/2. You’ll see various benefits as compared to HTTP/1.1 (many of which are outlined in VP of Technology Hooman Beheshti’s talk on HTTP/2), including:

• A handful of new and useful VCL variables for HTTP/2 and TLS, which will allow customers to identify HTTP/2 requests, stream IDs, whether the request was pushed, the TLS cipher suite, and more.
• Single connection with multiplexed streams: your browser will now use a single TCP connection with multiplexed streams — instead of using techniques such as domain sharding which opens up multiple connections (thus incurring more TCP overhead) and forcing the browser to wait for requests to finish, browsers can now fetch all assets concurrently, over a single connection. HTTP/2 also eliminates head-of-line blocking through interleaving and out-of-order delivery.
• HPACK Compression: for pages with large headers (like some cookies, for instance), HTTP/2 Header Compression will decrease bandwidth due to header size.
• Server Push: HTTP/2 also introduces Server Push functionality, which allows servers to preemptively send assets to a client before the client requests them, accelerating the delivery of essential resources to the browser.

Fastly’s Server Push implementation uses HTTP Link headers with relation type “preload” to signal the edge cache for Server Push. If you’re using Custom VCL, you can simply drop something like the following configuration into vcl_deliver:

We’ll dig into Server Push in a future blog post – stay tuned.

Going forward

There is no need for you to make any changes to your Fastly configurations in order to start using HTTP/2 on the Fastly platform. Once you’re enabled for HTTP/2, compatible browsers will use the protocol to communicate with your Fastly service. In Chrome, for example, you can confirm this through the ‘protocol’ column in DevTools, like the example below:

You can also navigate to chrome://net-internals/#http2 to see more details about existing HTTP/2 connections.

For better visibility into protocol features, you can use Fastly’s real-time log streaming to observe various attributes of TLS and HTTP/2 requests through the addition of several new Fastly VCL variables. For example:

In this example, the above VCL would log the following HTTP/2 request to GCS, representing the client’s IP, hostname, URL path, whether it’s an HTTP/2 request, if it’s an HTTP/2 push, the stream ID of the request, and the TLS cipher suite, producing a log line similar to the following:

As always, if you have any questions, don’t hesitate to contact us.

Product, News, Performance

Author  

Jason Evans | Director Product | Managing Director - NYC         

Jason Evans is the Director of Product, Delivery as well as Managing Director of Fastly New York. Prior to Fastly, he co-founded Stackpop, an infrastructure-focused start-up, in 2011. Jason spent the previous 13 years building, scaling, and managing infrastructure teams at companies like MediaMath, Panther Express CDN, and GLG. jasonhevans