[cf-dev] Looking for users with user cases for HTTP/2

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[cf-dev] Looking for users with user cases for HTTP/2

Shannon Coen
The CF Routing team has been working on a productized integration with Istio+Envoy for Cloud Foundry. One of the first features we could deliver using this integration is support for HTTP/2. We’d like to hear from users with uses case for this feature, and/or who would be willing to test the feature in an experimental stage and give us feedback.

We’d like to learn:
  • Do you have workloads that currently leverage HTTP/2, or for which you would like to leverage H2?
  • What problem does HTTP/2 solve for you?
  • Do these apps require access to the certificate of the originating client (mutual auth), or is one-way TLS sufficient?
  • Is HTTP/2 without TLS viable for any use cases?
  • Are you using TCP routing to run apps on PAS that leverage H2?
  • If TCP Routing is not a viable solution, why?
Note: Current support for TCP Routing may enable running some workloads that require HTTP/2 or GRPC on Cloud Foundry. As the TCP Router is L4 and so agnostic to application protocols, this solution requires forfeiting HTTP features like context path routing. Also the TCP Router does not currently support TLS termination.

Thank you!

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.
_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#7725) | [hidden email] | [hidden email] | Mute This Topic | New Topic

Change Your Subscription
Group Home
[hidden email]
Terms Of Service
Unsubscribe From This Group

_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Looking for users with user cases for HTTP/2

Shannon Coen
I should clarify that we are looking at ingress use cases initially; HTTP/2 from external clients to apps on CF.

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.

On Mon, Feb 12, 2018 at 5:41 PM, Shannon Coen <[hidden email]> wrote:
The CF Routing team has been working on a productized integration with Istio+Envoy for Cloud Foundry. One of the first features we could deliver using this integration is support for HTTP/2. We’d like to hear from users with uses case for this feature, and/or who would be willing to test the feature in an experimental stage and give us feedback.

We’d like to learn:
  • Do you have workloads that currently leverage HTTP/2, or for which you would like to leverage H2?
  • What problem does HTTP/2 solve for you?
  • Do these apps require access to the certificate of the originating client (mutual auth), or is one-way TLS sufficient?
  • Is HTTP/2 without TLS viable for any use cases?
  • Are you using TCP routing to run apps on PAS that leverage H2?
  • If TCP Routing is not a viable solution, why?
Note: Current support for TCP Routing may enable running some workloads that require HTTP/2 or GRPC on Cloud Foundry. As the TCP Router is L4 and so agnostic to application protocols, this solution requires forfeiting HTTP features like context path routing. Also the TCP Router does not currently support TLS termination.

Thank you!

Shannon Coen
Product Manager, Cloud Foundry
Pivotal, Inc.


_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#7726) | [hidden email] | [hidden email] | Mute This Topic | New Topic

Change Your Subscription
Group Home
[hidden email]
Terms Of Service
Unsubscribe From This Group

_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Looking for users with user cases for HTTP/2

Carlo Alberto Ferraris-3
Shannon,
great to hear things are starting to move.

  • Do you have workloads that currently leverage HTTP/2, or for which you would like to leverage H2?
  • What problem does HTTP/2 solve for you?
  • Are you using TCP routing to run apps on PAS that leverage H2?
  • If TCP Routing is not a viable solution, why?
From https://github.com/cloudfoundry/gorouter/issues/195#issuecomment-345648001:
gRPC support is one of the most commonly requested features even from our customers. Sure, they can use TCP routing but then they lose a whole lot of the gorouter out-of-the-box experience (path/hostname routing, logging, TLS termination, ...)
We haven't rolled out TCP routing yet precisely because we don't want to push users looking for H2 in the direction of having to reimplement the same functionalities over and over. This is something that the platform should definitely do on their behalf.

  • Do these apps require access to the certificate of the originating client (mutual auth), or is one-way TLS sufficient?
one-way would be sufficient in our case

  • Is HTTP/2 without TLS viable for any use cases?
Currently, we do TLS termination before the gorouter. I can think of a single reason we may want to move away from this approach, and that is if gorouter was *required* to terminate TLS (e.g. in case of user-provided TLS certificates we discussed in Basel)

I'm available for any further discussion, here or on slack.

Carlo

_._,_._,_

Links:

You receive all messages sent to this group.

View/Reply Online (#7750) | [hidden email] | [hidden email] | Mute This Topic | New Topic

Change Your Subscription
Group Home
[hidden email]
Terms Of Service
Unsubscribe From This Group

_._,_._,_
Reply | Threaded
Open this post in threaded view
|

Re: [cf-dev] Looking for users with user cases for HTTP/2

Étourneau Gwenn
Carlos, 

About gRPC http2 is an hard requirement, did you get a try to https://blog.twitch.tv/twirp-a-sweet-new-rpc-framework-for-go-5f2febbf35f ?

Thanks
Gwenn

Le lun. 19 févr. 2018 à 10:38, Carlo Alberto Ferraris <[hidden email]> a écrit :
Shannon,
great to hear things are starting to move.

    • Do you have workloads that currently leverage HTTP/2, or for which you would like to leverage H2?
    • What problem does HTTP/2 solve for you?
    • Are you using TCP routing to run apps on PAS that leverage H2?
    • If TCP Routing is not a viable solution, why?
      From https://github.com/cloudfoundry/gorouter/issues/195#issuecomment-345648001:
      gRPC support is one of the most commonly requested features even from our customers. Sure, they can use TCP routing but then they lose a whole lot of the gorouter out-of-the-box experience (path/hostname routing, logging, TLS termination, ...)
      We haven't rolled out TCP routing yet precisely because we don't want to push users looking for H2 in the direction of having to reimplement the same functionalities over and over. This is something that the platform should definitely do on their behalf.

      • Do these apps require access to the certificate of the originating client (mutual auth), or is one-way TLS sufficient?
      one-way would be sufficient in our case

      • Is HTTP/2 without TLS viable for any use cases?
      Currently, we do TLS termination before the gorouter. I can think of a single reason we may want to move away from this approach, and that is if gorouter was *required* to terminate TLS (e.g. in case of user-provided TLS certificates we discussed in Basel)

      I'm available for any further discussion, here or on slack.

      Carlo

      _._,_._,_

      Links:

      You receive all messages sent to this group.

      View/Reply Online (#7751) | [hidden email] | [hidden email] | Mute This Topic | New Topic

      Change Your Subscription
      Group Home
      [hidden email]
      Terms Of Service
      Unsubscribe From This Group

      _._,_._,_
      Reply | Threaded
      Open this post in threaded view
      |

      Re: [cf-dev] Looking for users with user cases for HTTP/2

      Carlo Alberto Ferraris-3
      Gwenn,
      pushing users to RPC alternatives that can run on top of HTTP/1.1 or websockets is our current course of action.

      Not all users are happy with the limitation though. Some have existing apps exposing gRPC endpoints, and they have therefore a hard requirement on this, but they are a minority. Others would prefer to have the option to make use of H2 features in the future (push support was mentioned in a few cases).

      Obviously, all of these use cases can be addressed in other ways (e.g. by not using gRPC but Twirp, or by using Websockets to implement push) but in addition to user requirements, there's also the users' perception of CF having (at least so far) an "unjustifiedly unclear position" on whether HTTP/2 is going to be supported (I'm using the term "unjustifiedly" because of the wide availability of HTTP/2 in most supported middlewares/frameworks).
      _._,_._,_

      Links:

      You receive all messages sent to this group.

      View/Reply Online (#7753) | [hidden email] | [hidden email] | Mute This Topic | New Topic

      Change Your Subscription
      Group Home
      [hidden email]
      Terms Of Service
      Unsubscribe From This Group

      _._,_._,_
      Reply | Threaded
      Open this post in threaded view
      |

      Re: [cf-dev] Looking for users with user cases for HTTP/2

      Shannon Coen
      Carlo,

      Just saw this feedback. Thank you very much for your response.

      Best,

      Shannon Coen
      Product Manager, Cloud Foundry
      Pivotal, Inc.

      On Mon, Feb 19, 2018 at 5:26 PM, Carlo Alberto Ferraris <[hidden email]> wrote:
      Gwenn,
      pushing users to RPC alternatives that can run on top of HTTP/1.1 or websockets is our current course of action.

      Not all users are happy with the limitation though. Some have existing apps exposing gRPC endpoints, and they have therefore a hard requirement on this, but they are a minority. Others would prefer to have the option to make use of H2 features in the future (push support was mentioned in a few cases).

      Obviously, all of these use cases can be addressed in other ways (e.g. by not using gRPC but Twirp, or by using Websockets to implement push) but in addition to user requirements, there's also the users' perception of CF having (at least so far) an "unjustifiedly unclear position" on whether HTTP/2 is going to be supported (I'm using the term "unjustifiedly" because of the wide availability of HTTP/2 in most supported middlewares/frameworks).


      _._,_._,_

      Links:

      You receive all messages sent to this group.

      View/Reply Online (#7803) | [hidden email] | [hidden email] | Mute This Topic | New Topic

      Change Your Subscription
      Group Home
      [hidden email]
      Terms Of Service
      Unsubscribe From This Group

      _._,_._,_