Boost Istio Service Mesh by upgrading to HTTP 2 — Part 2
If you are looking at ways to increase the efficiency of your service mesh then this post is part 2 of a 2 part series. The previous post discussed about how to upgrade all connections in a Service Mesh from HTTP 1.1 to HTTP/2.
This post will talk about Option 2: Upgrade the destination rules 1 service at a time.
Implementation
Option 2
Install Istio and then the Book Info Application.
Product App (Before upgrade)
kubectl logs -f productpage-v1–64794f5db4-fqpgp -c istio-proxy[2021-01-07T10:24:37.568Z] "GET /details/0 HTTP/1.1" 200 - "-" 0 178 5 4 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15" "ee2a4bcb-ed3a-923e-8dc7-663f861ef2c6" "details:9080" "10.1.1.64:9080" outbound|9080||details.default.svc.cluster.local 10.1.1.71:43828 10.99.56.191:9080 10.1.1.71:34782 - default[2021-01-07T10:24:37.577Z] "GET /reviews/0 HTTP/1.1" 200 - "-" 0 375 26 26 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15" "ee2a4bcb-ed3a-923e-8dc7-663f861ef2c6" "reviews:9080" "10.1.1.69:9080" outbound|9080||reviews.default.svc.cluster.local 10.1.1.71:60474 10.101.5.33:9080 10.1.1.71:43712 - default[2021-01-07T10:24:37.564Z] "GET /productpage HTTP/1.1" 200 - "-" 0 5179 41 41 "192.168.65.3" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15" "ee2a4bcb-ed3a-923e-8dc7-663f861ef2c6" "localhost" "127.0.0.1:9080" inbound|9080|| 127.0.0.1:40024 10.1.1.71:9080 192.168.65.3:0 outbound_.9080_._.productpage.default.svc.cluster.local default
Details App (Before Upgrade)
kubectl logs -f details-v1-5974b67c8-rcnr9 -c istio-proxy[2021-01-07T10:24:37.571Z] "GET /details/0 HTTP/1.1" 200 - "-" 0 178 1 1 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15" "ee2a4bcb-ed3a-923e-8dc7-663f861ef2c6" "details:9080" "127.0.0.1:9080" inbound|9080|| 127.0.0.1:40030 10.1.1.64:9080 10.1.1.71:43828 outbound_.9080_._.details.default.svc.cluster.local default
Notice how all the connections — both inbound and outbound — are on HTTP 1.1.
Now, lets modify the destination rules for Details App to upgrade all incoming connections to HTTP/2.
details-destinationrules-upgrade.yamlapiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
name: details
spec:
host: details
subsets:
- name: v1
labels:
version: v1
- name: v2
labels:
version: v2
trafficPolicy:
tls:
mode: ISTIO_MUTUAL
connectionPool:
http:
h2UpgradePolicy: UPGRADE
This instructs Istio to upgrade all connections which are aimed at Details
kubectl apply -f /details-destinationrules-upgrade.yamlProduct App (After upgrade)
kubectl logs -f productpage-v1–64794f5db4-fqpgp -c istio-proxy[2021-01-07T10:35:01.692Z] "GET /details/0 HTTP/1.1" 200 - "-" 0 178 16 16 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15" "1817e0a2-2fa2-9689-9f97-60d989011c98" "details:9080" "10.1.1.64:9080" outbound|9080||details.default.svc.cluster.local 10.1.1.71:52792 10.99.56.191:9080 10.1.1.71:43746 - default[2021-01-07T10:35:01.712Z] "GET /reviews/0 HTTP/1.1" 200 - "-" 0 375 52 51 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15" "1817e0a2-2fa2-9689-9f97-60d989011c98" "reviews:9080" "10.1.1.69:9080" outbound|9080||reviews.default.svc.cluster.local 10.1.1.71:41206 10.101.5.33:9080 10.1.1.71:52676 - default[2021-01-07T10:35:01.688Z] "GET /productpage HTTP/1.1" 200 - "-" 0 5179 78 78 "192.168.65.3" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15" "1817e0a2-2fa2-9689-9f97-60d989011c98" "localhost" "127.0.0.1:9080" inbound|9080|| 127.0.0.1:48988 10.1.1.71:9080 192.168.65.3:0 outbound_.9080_._.productpage.default.svc.cluster.local default
Since, the Product App is using an HTTP/ReST client library which is on HTTP 1.1, the outbound starts off on the HTTP 1.1, but Istio should upgrade the connection to HTTP/2. Lets check Details App logs to verify.
Details App (After upgrade)
kubectl logs -f details-v1-5974b67c8-rcnr9 -c istio-proxy[2021-01-07T10:35:01.696Z] "GET /details/0 HTTP/2" 200 - "-" 0 178 13 12 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.5 Safari/605.1.15" "1817e0a2-2fa2-9689-9f97-60d989011c98" "details:9080" "127.0.0.1:9080" inbound|9080|| 127.0.0.1:48994 10.1.1.64:9080 10.1.1.71:52792 outbound_.9080_._.details.default.svc.cluster.local default
Istio has upgraded the call to HTTP/2!
Conclusion
Option 2 is viable when you can’t update the configurations at a global level. However, like mentioned in the previous post, we should also avoid the upgrade altogether by using libraries which use HTTP/2.
