HTTP

The Traffic Manager’s HTTP virtual server protocol type contains a number of optimizations and specializations for HTTP traffic:

•The Traffic Manager manages client-side and server-side connections independently, re-using keepalive connections on the server side whenever possible to reduce the number of established and new TCP connections to the server. This minimizes the number of concurrent connections the servers need to handle, and brings big performance and capacity gains.

Note that features such as HTTP POSTs and missing content lengths can make keepalives unsafe to use; the Traffic Manager detects when this occurs and creates new connections appropriately. NTLM authentication specifically requires that keepalives are enabled.

•The Traffic Manager conceals the use of keepalives and pipelining from the administrator, so that traffic management rules need only concentrate on the simple request-response nature of an HTTP transaction. Every HTTP transactions is processed and handled independently, regardless of whether or not it is in a keepalive connection.

•The Traffic Manager automatically handles HTTP encodings, such as gzip and deflate content compression and chunked transfer encoding. For example, if you inspect an HTTP response using the http.getResponseBody() TrafficScript function or from within a Java Extension, the Traffic Manager will automatically de-chunk and uncompress the response so that it can be easily manipulated.

•The Traffic Manager includes a large set of specialized HTTP TrafficScript functions that make it easy to process HTTP requests and responses. For example, functions are provided to manipulate HTTP cookies, read HTTP headers (such as the host header) and process URLs without having to understand the underlying encodings, variations in format and protocol details that complicate these tasks.

The Traffic Manager additionally offers client-side support for the HTTP/2 protocol (see RFC7540 and RFC7541). HTTP/2 is intended as a replacement for HTTP/1.x and is designed to improve page-load times over high latency connections, most notably by supporting transaction multiplexing over a single TCP connection.

The Traffic Manager supports HTTP/2 with the following considerations:

•Some browsers do not support HTTP/2 over an unencrypted connection. To maximize the number of users who can access the service using HTTP/2, Ivanti recommends that you enable the Traffic Manager's SSL decryption feature for your applicable virtual servers.

•HTTP/2 over a secure connection requires TLS 1.2 or later, the SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher, the P256 elliptic curve, and does not support renegotiation after connection establishment. These options are enabled by default, but might have been disabled after upgrading your Traffic Manager from an older release. Clients using an obsolete cipher or older TLS version can only send HTTP/1.x requests when connecting to a virtual server with HTTP/2 enabled.

•The Traffic Manager does not support Pulse Secure Web Accelerator content optimization on HTTP/2 transactions.

•The Traffic Manager translates HTTP/2 data received from a client to HTTP/1.1 before processing it and forwarding it to the virtual server's pool nodes. This ensures that you can continue to use HTTP/2 functionality in the Traffic Manager without your back-end nodes being required to support HTTP/2 themselves.

•TrafficScript functions work transparently with HTTP/2 connections. Note that:

•To determine the HTTP version the client connection is using, use the TrafficScript function http.getClientVersionNumber().

•Ivanti recommends exercising caution when using connection.discard() with HTTP virtual servers. HTTP/2 allows transactions to be multiplexed over a single connection, so discarding a connection interrupts all of its ongoing transactions.

•The TrafficScript function connection.close() is deprecated for all HTTP/1.x and HTTP/2 services. Ivanti recommends modifying any applicable TrafficScript rules that use this function to use instead http.sendResponse() and http.discardClientKeepalive(). For further information, see the Pulse Secure Virtual Traffic Manager: TrafficScript Guide available from the Ivanti Web site (www.ivanti.com).

To inspect which HTTP version clients are using, view either "Request Tracing" or "Request Details" when selecting a connection under Activity > Connections. Additionally, use the %r or %H logging macros to report on HTTP/2 usage, or refer to the SNMP counter "virtualserverTotalHTTP2Requests" which is incremented for every HTTP/2 request.