TCP is not just TCP – Accelerate websites with Cloudflare

last ned

This blog site has been using Cloudflare for a while to provide acceleration and protection mechanisms in front of the website, I’ve also been working with NetScaler/ADC for a while to optimize crappy websites. One thing that most people hate when browsing, is waiting…. If you also are running a e-commerence website, those seconds of waiting for customers can affect your end revenue. Regardless you should always focus on optimizing where possible.

At a fundamental level there are three things that affect traffic performance when a user is trying to connect to a website.

  • TCP
  • TLS/SSL
  • HTTP

Of course you have other things like jitter, server load, latency which are also factors that play in. But let us assume that you are trying to connect to a website with zero-load and close to 0 latency and no jitter and or packet loss. With most people using Wifi or 4G to connect to the internet there are a lot of packet loss which also affects how fast you can connect to a wesite. Also the browser which the user is using also affect which optimization features and how the browser can handle prioritization on the downloaded content.

Figure 4-2. TLS handshake protocol

Source: https://hpbn.co/transport-layer-security-tls/

Now with TCP which is the main protocol to deliver reliable data across one point to another, when a connection is established we need to use the normal TCP handshake to establish a connection. If the website is secure we would also need to do a TLS/SSL handshake as well to establish a secure connection, and then we can start downloading the content from the website and our browser can render the content (https://blog.cloudflare.com/better-http-2-prioritization-for-a-faster-web/)

There are multiple enhancements made to TLS which can ensure that, the initial handshake doesn’t take as many roundtrips (https://hpbn.co/transport-layer-security-tls/#optimizing-for-tls) also that is can reduce the server load with using TLS. Also with TLS 1.3 with also reduces the amount of handshakes and is faster then TLS 1.2

Bilde

Now back to TCP, since TCP is based upon reliable connections and ACK messages going back and forth. When you are browsing using a mobile device and lose connection the TCP stack will need to start again from the latest received ACK, depending on the congestion algoritm which is used it can also recover a lot faster. Cloudflare has been using CUBIC congestion control (Which is default in the Linux Kernel and Windows Server 2016) https://en.wikipedia.org/wiki/CUBIC_TCP which ensures that a connection can recover a lot faster after packet loss.

We also have HTTP/2 protocol which is a binary protocol compared to regular HTTP/1,  which allows for better multiplexing. This has one downside since the single connection which is used to download all the payloads is equally affected by any packet loss.

Another cool feature in HTTP/2 was header compression (or HPACK) which allows HTTP/2 end-points to reduce the amount of data transmitted over the network by removing redundancies from HTTP requests and responses. (You can see more information about HTTP/2 performance compared to HTTP/1.1 https://css-tricks.com/http2-real-world-performance-test-analysis/

There has also been a lot of development into using a new protocol called QUIC.
QUIC is a new transport which reduces latency compared to that of TCP. On the surface, QUIC is very similar to TCP+TLS+HTTP/2 implemented on UDP. Theoretically, QUIC has taken all the best qualities of TCP connections and TLS encryption and implemented it on UDP.

The issue with QUIC is it cannot be used in combination with HTTP/2, therefore a new standard HTTP/3 has been worked on to provide HTTP over QUIC (https://blog.cloudflare.com/http3-the-past-present-and-future/) which is still in the early phases but seems to be providing similiar performance to HTTP/2 and TLS 1.3 (https://blog.cloudflare.com/http-3-vs-http-2/)

Now when it comes to all these different features which I’ve described in this article, I know from experience that many of these features takes time before they are available for most CDN and or ADC vendors, here is a website which shows some of the features and support from different vendors (https://istlsfastyet.com/)

With Cloudflare most of these features are availble and enabled by default, and some are by flipping the switch

There are also other mechanisms which can be used to transform the actual content on the website to minize the content such as image optimization, lazy loading, auto minify and applying compression using compression algoritm such as brotli

These are just some of the features that Cloudflare provides out of the box. If you have a personal blog like me, they also provide a free account for personal use, which also provides free DDoS protection. Also if you are like me and like to read technical content, Cloudflare has a lot of great content being published in their blog which goes into a lot of technical details on the work they are doing on improving the web –> https://blog.cloudflare.com/

 

 

 

 

 

 

You May Also Like

About the Author: Marius Sandbu

Leave a Reply

Your email address will not be published. Required fields are marked *