Skip to Content

In this blog, I am going to share my experience on big user experience improvement after enabled HTTP/2 feature in NetWeaver Gateway and Web Dispatcher in my recent two SAPUI5 and Fiori implementation projects.

HTTP vs HTTP/2

If you have done any web page/site/application design and development, you must know HTTP 1.1 protocol. This is the communication protocol between browser and web server. Browser sends one resource request to web server and then web server returns requested resource to browser. So, in general one request for one resource, static content (image, JavaScript, CSS, and audio/video…etc.) gets to cache in user’s computer disc to shorten waiting time when opening web page, because one round-trip can only request a file.

HTTP/2 (AKA h2 or HTTP 2.0) is the second major version of HTTP communication protocol. The protocol got approved in 2015 by IETF (Internet Engineering Task Force), and is widely adapted by all major web sites and browsers (IE, Firefox, Chrome, Safari,…). You can check RFC 7540 for more detail information. New version brings many improvements comparing to its previous version, and one new features call ‘Multiplexing’ helps browser sending multiple resource requests in parallel inside single HTTP/2 connection. See below diagram to get a quick understand of this.

Above diagram explains that under HTTP/2, browser can send multiple resource requests in in parallel inside one TCP connection. This improvement brings less waiting time, quicker response and users get better user experience from your solution.

How to enable HTTP/2 in NetWeaver Gateway and Web Dispatcher?

NetWeaver Gateway version 7.51, Web Dispatcher 7.49 both support HTTP/2 (please cross check blog https://blogs.sap.com/2016/10/19/connectivity-news-abap-7.51/).

add profile parameter icm/HTTP/support_http2=true to the system profile.

There is a prerequisite for running communication under HTTP/2, it must be HTTPS with at least TLS 1.2 encryption. Although in IETF RFC 7540, it doesn’t mention that HTTP/2 has to run under HTTPS but the reality is that all browser vendors make it only work when communication is in encryption mode. Apart from above, if you want to use TLS 1.1 or higher, COMMONCRYPTOLIB version 8.4.31 or higher is required.

Observe the difference from Fiori/SAPUI5 projects

Below screenshot shows a Fiori launchpad loading history in Chrome. Browser is connecting to a Fiori Launchpad via SAP Web Dispatcher 7.49 from the Internet. You can see column “Protocol” is showing what protocol is used by browser to request the resources. h2 means HTTP/2. The 5 JavaScript resources requests after first FioriLaunchpad.html request are all running in parallel as you can see they all start at same time in column “Waterfall”. In summary, from first request to Launchpad display finished, it transferred 2.3 MB, 27 web requests and spent only 1.59 seconds. Other browsers (IE11, Edge, FireFox) have similar result.

Below screenshot is captured from same server plus with HTTP/1.1. 28 HTTP requests, transferred same amount of data, but took 9.78 second to finish Fiori Launchpad loading. 6 times longer than running under HTTP/2. This is a huge difference and my client was quite amazed by this small change but bring great experience.

 

Summary

If you are using Apache or IIS to be your frontline proxy server. That’s ok, there are lots of information on the Internet about how to enable HTTP/2 support. You just need to find out whether you need to update the server or do some changes to enable it.

I was told by some clients that they felt their Fiori solution is running bit sluggish, especially when opening the app. My initial guess is because that’s the time when browser download SAPUI5 library files. But, I must say app running slow might be the result of many reasons. It could be developer didn’t create component-preload.js, could be bad programming, could be OData service got performance issue. If the app is developed by following SAP Design Guideline and taught in SAPUI5: UI Development Toolkit for HTML5 plus HTTP/2, then your users will not ask you why it’s so slow to open the app.

 

References

 

To report this post you need to login first.

18 Comments

You must be Logged on to comment or reply to a post.

  1. Nick Yang Post author

    Hi Bartosz,

    Please let us know how it improves your scenario. Thanks.

     

    PS) your S/4HANA serious blogs are awesome.

     

    Kind regards,

    Nick

     

    (0) 
  2. Former Member

    Great Blog Nick!!! Very useful. Any idea on how to enable this for SAP Cloud Platform ? I just observed in chrome dev tools that SAP CP is still using HTTP 1.1

    Regards,

    Parag

    (0) 
    1. Nick Yang Post author

      Hi Parag,

      As far as I know we have no option to enable HTTP/2 on SAP Cloud Platform. Because this feature is something enable from web server configuration level but not a software-as-a-service level like SAP CP. I have sent email to SAP to seek answer. I saw another SAP cloud solution (ByDesign) is running under HTTP/2 protocol and it’s quick! Hopeful this will be available on SAP CP soon. Cheers.

      Regards,

      Nick

       

      (0) 
  3. Fabio Di Micco
    Hi Nick,
       thanks for your interesting blog. We’ve followed your suggestions and profiled our S/4HANA 1610 with kernel 7.49 and patch 200 in order to use HTTP2.
    We’ve measured the time during the start of SAP Launchpad, the tile ‘Query View’ (launched Design Studio) and Procurement Overview page. We’ve looked for a complex web page with many CSS and JS to exalt the optimisation of HTTP2 protocol.
    Unfortunately we’ve not seen consistent reduction of time and even if many request uses h2 protocol, many other *.js files use http1 yet.
    Maybe we miss something?
    At the moment we haven’t configured a web dispatcher.
    Best Regards
    Fabio
    (0) 
    1. Nick Yang Post author

      Hi Fabio,

      It’s great to see you have made http2 working in your S/4HANA 1610 environment. What I can see from your screenshot is there are total 274 requests for loading Fiori Launchpad in 28.85 seconds. Almost 10 requests per second. I would say if it’s under HTTP 1.1, you might probably end up a much longer waiting time.

      For your question, could you please past a screenshot that highlight those requests running HTTP 1.1 protocol?

      And one thing to confirm is that you added http2-enable parameters in your S/4HANA  instance profile, right?

      If yes, I think maybe you can setup a rule to redirect any incoming HTTP request to HTTPS. This might help I suppose.

      Cheers.

       

      Regards,

      Nick

       

      (0) 
      1. Fabio Di Micco

        Hi Nick,

        we have enable the parameter http2-enable (icm/HTTP/support_http2 = TRUE) and also redirect all HTTP requests to HTTPS but the result is worst as before (parameter: icm/HTTP/redirect_0 = PREFIX=/, FROM=*, FROMPROT=http, PROT=https, HOST=<myhostname>)

        Here below you can see the screenshot of the result:

        and here the HTTP 1.1 and HTTP2 requests:

        Have you any other suggestions or idea?

         

        Thanks a lot

        Best Regards

        Fabio

         

        (0) 
        1. Nick Yang Post author

          Hi Fabio,

          I figured out the reason why some connections are still using HTTP/1.1 protocol. These connections are triggered by Fiori Javascript and browser cannot confirm they are running under HTTPS. You can select any one of HTTP/1.1 connections and check its detail in developer console like below.

          You will see all HTTP/2 connections have clear remote address information, which means browser knows it is connecting to a HTTPS server, but HTTP/1.1 connections don’t. I also traced down to abap.js and saw it’s something about the way that jQuery sends XMLHTTPRequests, which is something controlled by SAP.

          I think probably your account has too many roles. So, it takes time to load metadata, dynamic numbers,and made many OData service calls. Use an account with just few roles, I would say response time will be very good. Thanks.

           

          Regards,

          Nick

          (0) 
  4. Alexander Sperling

    Hi Nick,

     

    first of all thanks for the information in this blog. Really useful.

    Now, I’ve recently enabled h/2 in our NetWeaver system. All mentioned preconditions seem to be ok, e.g. kernel and commoncryptolib versions. Parameter ssl/ciphersuites seems to be fine as well. Still Chrome Dev Tools show HTTP 1.1 being used (and TLS 1.2 accoding to the security info).

    I’ve not seen any information in the ICM trace on why h/2 is not in use, however I do see an open h/2 connection to my client workstation in the connections overview of ICM. Chrome Dev Tools seem to suggest that this connection is not used.

    Any idea where to continue my investigation? Could cipher suites used/maintaine in e.g. transaction SPNEGO be an issue and need to be updated?

    Thanks,
    Alex

    (0) 
    1. Nick Yang Post author

      Hi Alex,

      May I know what component you used to enable HTTP/2 and its version? Are you running Fiori Launchpad or standalone SAPUI5 application? Also, please provide screenshot of Chrome Dev tools for me to have a look.

      I don’t think HTTP/2 has anything to do with SPNEGO but maybe cipher suites could potential stop establishing HTTP/2 communication. Try to add below parameter into the component to see if it kicks HTTP/2 communication off.

      ssl/ciphersuites = 135:PFS:HIGH:!aNULL

      Cheers.

       

      Regards,

      Nick

       

      (0) 
      1. Alexander Sperling

        Hi Nick,

        I’m not sure what you’re referring to regarding component. I’ve changed profile parameter icm/HTTP/support_http2 to TRUE. I’ve restarded ICM from transaction SMICM afterwards and the trace seems to suggest that http/2 has been enabled.

        Parameter ssl/ciphersuites seems to be default and is set to = HIGH:PFS:MEDIUM:+e3DES:!aNULL

        Regards,

        Alex

        (0) 
        1. Nick Yang Post author

          Hi Alex,

          The component I referred to in my previous reply is either Web Dispatcher or AS ABAP. In my case, I enabled HTTP/2 in web dispatcher and user reachs Fiori Launchpad on Gateway via it. In your environment, it seems you enabled it on a AS ABAP. From the information I read, it shouldn’t have any difference. So, I suggest you go through below two SAP notes, some settings worthy to try.

          2092630 – Turning off SSLv3 on SAP NETWEAVER AS ABAP and AS JAVA, and on SAP HANA XS
          510007 – Setting up SSL on Application Server ABAP

          Regards,

          Nick

           

          (0) 
          1. Alexander Sperling

            Hi Nick,

            yes, in our case it is enabled in our AS ABAP. The idea was to enable in AS ABAP and check performance gains before taking the additional effort of upgrading WebDispatcher. So, I use the hostname of the AS ABAP to connect directly. As said, h/2 is not working as expected although I see an open connection in SMICM connections overview.

            We’ve changed the value of the ciphersuites parameter to reflect what you mentioned above. That didn’t lead to a change.

            I guess I will open a message with SAP on this topic now. Thanks anyway for your help and I will try to provide a quick update in here pointing to the solution for any future visitors.

            Regards,

            Alex

             

            (0) 
            1. Nick Yang Post author

              Hi Alex,

              If your AS ABAP can be accessed from the Internet, then please use below web site to check what cipersuites is supported by the server.

              https://www.ssllabs.com

              Below is the test result for a SAP web dispacher that I have enabled HTTP/2 features. Please check the information in Configuration section. As you can see, it lists all the supported protocols, cipher suites and even better the result of various handshake simulation. Two chrome entries I highlighted are both support HTTP/2, which means configuration in the server is correct and you might want to user different browser or chrome in another computer to check why HTTP/2 is not using.

              Another thing I want to share with you is even after HTTP/2 is used during communication, you might still see many connections running in HTTP 1.1. This part is related to the way of how UI5 framework loading UI components. I mean the framework is designed to load UI component when it is used in Fiori apps. Under HTTP 1.1 protocol, it’s a good way to optimize communication, but in HTTP/2 actually we want to load all used libraries in the beginning to take the improved part of HTTP/2 protocol.

              Below screenshot is an example when preload is used in a custom SAPUI5 application. I specified required UI packages in the index.html bootstrap. So, the framework loads the libraries in the beginning and take advantage of HTTP/2 (loading happens simultaneously). For Fiori Launchpad, it might need some adjustment to get the same result. Hope it helps.

              Regards,

              Nick

               

              (0) 
              1. Alexander Sperling

                Thanks for the additional input. Unfortunately the server is not reachable from outside the firewalls and it is not that easy to quickly open the firewalls for a check. However, one thing appeared yesterday when I was again checking the ICM trace files and may be you have an idea. We access the server on port 8416 (https). For any reason I don’t understand yet I can see in the log that ICM is waiting for data from [client ip]:51247. I’ve no idea where this port is coming from, however I’d would expect this port being closed on the firewall. I cannot imagine the browser (Chrome) to initiate traffic on such a port so would assume it is some other configuration.

                 

                (0) 
                1. Nick Yang Post author

                  Hi Alex,

                  In short, I think it is not a problem or something wrong. The result you observed in the log is how HTTP server handling connection with many clients (browsers). You can see below links talking about how TCP protocol is handling connections between server and client.

                  https://networkengineering.stackexchange.com/questions/39522/how-multiple-client-connections-are-made-to-single-web-server

                  https://serverfault.com/questions/533611/how-do-high-traffic-sites-service-more-than-65535-tcp-connections

                  https://stackoverflow.com/questions/16952625/how-can-a-web-server-handle-multiple-users-incoming-requests-at-a-time-on-a-sin

                  Regards,

                  Nick

                  (0) 

Leave a Reply