Keeping Up With The Times
There are a lot of services and infrastructure behind GOV.UK. Serving millions of requests on a regular basis requires a whole set of supporting services, as well as a team to look after it all and make sure it performs to its best.
While the main infrastructure team is busy with large migration tasks, we have taken the opportunity to carry out a few housekeeping tasks to make sure we keep up with the latest web technologies, serve users as best as we can, and keep our own infrastructure up-to-date.
IPv6, the successor to IPv4, has been around for a while now. Although uptake at the beginning was very small, and while it still makes up a minority of web traffic, it is clearly the direction of travel for Internet addressing. None of us are expecting IPv4 to go away any time soon, but nevertheless we are doing our part to help ease the pressure on IPv4 and make a statement of intent.
In this spirit, a few weeks ago, we enabled IPv6 for GOV.UK. This means that we now advertise AAAA records for both the main site and all transitioned sites. Most people won’t notice a difference since most internet service providers don’t support IPv6. But if yours does, then you’ll notice that you can now connect to GOV.UK using pure IPv6 all the way from your home connection.
For a long time, HTTP/1.1 was the protocol used for transferring web traffic. Then, a few years ago, Google released an improved experimental protocol named SPDY. This protocol was eventually standardised as HTTP/2, the successor to HTTP/1.1.
Unlike HTTP/1.1, HTTP/2 is a binary protocol which allows for better compression. It also includes mechanisms for server-initiated pushing of content, long-lived connections and “multiplexing”, which in essence allows for many things to be downloaded in parallel, as opposed to the de-facto 6 item limit per subdomain for HTTP/1.1.
In order to speed up performance for the majority of GOV.UK users who use browsers with HTTP/2 compatibility, we have also enabled HTTP/2 across the site, as well as adding browser hints to preload our assets subdomain to further speed up downloads.
We have seen these issues with GOV.UK. Once we carried out some more realistic testing with a warm cache and typical user journeys, we noticed that performance was back on par with or slightly better than HTTP/1.1.
Other areas of interest
We took the opportunity to also look at our CDN configuration across our non-production systems. As a result, we now have identical setups for our integration and staging environments, allowing developers to test their CDN changes before deploying to production. This extends to our assets subdomains for these environments as well.
Next, we’ll be looking at implementing DNSSEC. This will help ensure that DNS results for GOV.UK have an extra layer of security and reduce the risk of DNS hijacking attacks.
If this sounds like a good place to work, take a look at Working for GDS - we’re usually in search of talented people to come and join the team.