More Related Content Similar to Why care about a CDN? (20) Why care about a CDN?1. 1
Workshops and Conference: May 9-11, 2016
2016
Stockholm
Let us know
what you think!
Click“Engage”
to rate a session.
If you rate 12 sessions
you get a cool GOTO prize!
2. Why the fuck care about a CDN?
Artur Bergman, CEO/Founder, Fastly
3. © 2016 All rights reservedGoto Stockholm 2016
• CEO && Founder
• Wikia CTO
• SixApart/LiveJournal
• Velocity conference
• Opensource developer
• From Stockholm!
• @crucially
Artur Bergman
4. © 2016 All rights reservedGoto Stockholm 2016
2008 @ Wikia
5. © 2016 All rights reservedGoto Stockholm 2016
• 5 years old
• San Francisco HQ
• London, Tokyo, New York, Denver
• 270 employees
Fastly
6. © 2016 All rights reservedGoto Stockholm 2016
HTTP?
use a CDN
7. © 2016 All rights reservedGoto Stockholm 2016
CDN??
9. © 2016 All rights reservedGoto Stockholm 2016
"Any sufficiently advanced
technology is indistinguishable
from magic." -- Arthur C Clarke
10. © 2016 All rights reservedGoto Stockholm 2016
"Any sufficiently advanced
technology is indistinguishable
from magic." -- Arthur C Clarke
"Any technology that is
indistinguishable from magic for
you is one you don't understand"
-- Artur Bergman
11. © 2016 All rights reservedGoto Stockholm 2016
No Magic
12. © 2016 All rights reservedGoto Stockholm 2016
• nginx
• haproxy
• squid
• varnish
• apache mod_proxy
• apache traffic server
• ELB
• F5 (terrible)
Reverse proxy
13. © 2016 All rights reservedGoto Stockholm 2016
• offloads TLS
• load balances
• long running connections
• rule based dispatch
Reverse proxy
Client Reverse proxy
App server
App server
App server
14. © 2016 All rights reservedGoto Stockholm 2016
CDN
Client
Reverse proxy
App server
App server
App server
Reverse proxy
Reverse proxy
Reverse proxy
Reverse proxy
Reverse proxy
15. © 2016 All rights reservedGoto Stockholm 2016
Client
App server
16. © 2016 All rights reservedGoto Stockholm 2016
• offloads TLS
• load balances
• long running connections
• rule based dispatch
• cache (pass through)
Caching reverse proxy
Client Reverse proxy
App server
App server
App server
Big awesome
cache
17. © 2016 All rights reservedGoto Stockholm 2016
Client
App server
18. © 2016 All rights reservedGoto Stockholm 2016
Client
App server
19. © 2016 All rights reservedGoto Stockholm 2016
• 2x 2697v4 18+18 cores
• 768 GB RAM (12 TB)
• 48 TB of SSD (786 TB)
• 40 Gbit/ethernet (640 Gbit)
• 16 per rack
Big awesome cache
Love the future
20. © 2016 All rights reservedGoto Stockholm 2016
User
DNS
CDN Pop
Origin
21. © 2016 All rights reservedGoto Stockholm 2016
User
DNS
CDN Pop
Origin
22. © 2016 All rights reservedGoto Stockholm 2016
User
DNS
CDN Pop
Origin
23. © 2016 All rights reservedGoto Stockholm 2016
User
DNS
CDN Pop
Origin
Cache miss
24. © 2016 All rights reservedGoto Stockholm 2016
User
DNS
CDN Pop
Origin
Cache miss
25. © 2016 All rights reservedGoto Stockholm 2016
User
DNS
CDN Pop
Origin
Cache miss
26. © 2016 All rights reservedGoto Stockholm 2016
User
DNS
CDN Pop
Origin
Cache hit
27. © 2016 All rights reservedGoto Stockholm 2016
• Like memcache/redis
• Except
• Outside your datacenter
• Passthrough
• Close to user
Inside-out cache
28. © 2016 All rights reservedGoto Stockholm 2016
• My content is
• Private
• Unique
• Un-cacheable
• Special snow flake
But but but
29. © 2016 All rights reservedGoto Stockholm 2016
• My content is
• Private
• Unique
• Un-cacheable
• Special snow flake
But but but
Yeah right!
Don’t worry
30. © 2016 All rights reservedGoto Stockholm 2016
Why?
31. © 2016 All rights reservedGoto Stockholm 2016
Performance
Security
Availability
33. © 2015 All rights reservedThe Future of Content DeliveryThe Future of Content Delivery
34. © 2015 All rights reservedThe Future of Content DeliveryThe Future of Content Delivery
Latency is a measure of time delay experienced in a system, the precise
definition of which depends on the system and the time being measured. In
communications, the lower limit of latency is determined by the medium
being used for communications.
AKA waiting for shit.
Latency is the little-death that
bring total obliteration
35. © 2015 All rights reservedThe Future of Content DeliveryThe Future of Content Delivery
299 792 458 m / s
36. © 2016 All rights reservedGoto Stockholm 2016
Fastly
Cache it locally
37. © 2016 All rights reservedGoto Stockholm 2016
Performance
Security
Availability
38. © 2016 All rights reservedGoto Stockholm 2016
?????
39. © 2016 All rights reservedGoto Stockholm 2016
160 Gbps DDOS
40. © 2016 All rights reservedGoto Stockholm 2016
• Layer 3/4 DDOS protection
• UDP/ICMP/SYN
• Layer 7 DDOS protection
• Inspect http traffic
• Block/Redirect
• Instant visibility in edge traffic
• Edge firewall rules
Security
43. © 2016 All rights reservedGoto Stockholm 2016
SYN from China!
44. © 2016 All rights reservedGoto Stockholm 2016
• Outsource your emotional burden
• More capacity than attacker is all that matters
• Distributed capacity
• Largest seen
• > 200 million packets per second
• > 400 Gbps
• If it is cached, its easy to serve very high request rate
A word on DDOS
45. © 2016 All rights reservedGoto Stockholm 2016
Performance
Security
Availability
46. © 2016 All rights reservedGoto Stockholm 2016
DDOS?
47. © 2016 All rights reservedGoto Stockholm 2016
Prince died :(
48. © 2016 All rights reservedGoto Stockholm 2016
Prince died :(
140k rps
16k rps
49. © 2016 All rights reservedGoto Stockholm 2016
Prince died :(
140k rps
16k rps
autoscale lol!
50. © 2016 All rights reservedGoto Stockholm 2016
• CDN handles entire spike
• news sites
• download sites
• cache it and it doesn’t matter
• stale-if-error
• stale-while-revalidate
No origin load
51. © 2016 All rights reservedGoto Stockholm 2016
• Fastly
• Telia
• NTT
• Cogent
• Comcast
• Level3
• + Peering
CDNs have many ISPs
52. © 2016 All rights reservedGoto Stockholm 2016
• “Faster than the internet”
• “Route around problems”
• Continuously choose the best path
• Between customer and us
• Between us and origin
CDNs have many ISPs
53. © 2016 All rights reservedGoto Stockholm 2016
• Beat speed of light
• Move data close to the user
• Personalize the data close to the user
• Defend against attacks close to the attacker
• DDOS is ever growing thread
• Only way to expand into new markets without significant
capital or operational outlay and risk
Do things at the edge
54. © 2016 All rights reservedGoto Stockholm 2016
you use all the time
55. © 2016 All rights reservedGoto Stockholm 2016
• Python Software Foundation
• NPM
• Ruby Core
• Ruby Gems
• Metacpan
• MIT Scratch
• kernel.org
opensource
56. © 2016 All rights reservedGoto Stockholm 2016
• Hashicorp
• New Relic
• Maven
• Github
• Package cloud
• Check your build systems firewall log :)
developer tools
57. © 2016 All rights reservedGoto Stockholm 2016
why do you care?
about future of CDN
58. © 2016 All rights reservedGoto Stockholm 2016
• My content is
• Private
• Unique
• Un-cacheable
• Special snow flake
But but but
Yeah right!
Don’t worry
59. © 2016 All rights reservedGoto Stockholm 2016
Dynamic Site Acceleration
• Not just magic lies
• TCP
• HTTP
• TLS
60. © 2016 All rights reservedGoto Stockholm 2016
SYN 100 ms
61. © 2016 All rights reservedGoto Stockholm 2016
SYN 100 ms
SYNACK 100 ms
62. © 2016 All rights reservedGoto Stockholm 2016
SYN 100 ms
SYNACK 100 ms
TLS HS 100 ms
63. © 2016 All rights reservedGoto Stockholm 2016
SYN 100 ms
SYNACK 100 ms
TLS HS 100 ms
TLS HS 100 ms
64. © 2016 All rights reservedGoto Stockholm 2016
SYN 100 ms
SYNACK 100 ms
TLS HS 100 ms
TLS HS 100 ms
Request 100 ms
65. © 2016 All rights reservedGoto Stockholm 2016
SYN 100 ms
SYNACK 100 ms
TLS HS 100 ms
TLS HS 100 ms
Request 100 ms
Response 100 ms
66. © 2016 All rights reservedGoto Stockholm 2016
SYN 100 ms
SYNACK 100 ms
TLS HS 100 ms
TLS HS 100 ms
Request 100 ms
Response 100 ms
Total 600 ms to slow start
67. © 2016 All rights reservedGoto Stockholm 2016
SYN 20 ms
SYNACK 20 ms
TLS HS 20 ms
TLS HS 20 ms
Request 20 ms
Response 20 ms
68. © 2016 All rights reservedGoto Stockholm 2016
SYN 20 ms
SYNACK 20 ms
TLS HS 20 ms
TLS HS 20 ms
Request 20 ms
Response 20 ms
Request 100 ms
Response 100 ms
69. © 2016 All rights reservedGoto Stockholm 2016
SYN 20 ms
SYNACK 20 ms
TLS HS 20 ms
TLS HS 20 ms
Request 20 ms
Response 20 ms
Request 100 ms
Response 100 ms
Total 320 ms
and no slow start
70. © 2016 All rights reservedGoto Stockholm 2016
• Location based
• Time based
• Changes based on user or machine input
• Separate public and private APIs
• Reuse on mobile and progressive web apps
Usually cacheable
71. © 2016 All rights reservedGoto Stockholm 2016
• Instant purge (cache-invalidation)
• Instant configuration
• Instant stats
• Instant logs
• Edge dictionaries
• Very large edge caches == higher hit rate
Key developer friendly features
72. © 2016 All rights reservedGoto Stockholm 2016
curl -X PURGE https://www.fastly.com/
• 150 ms to purge world wide
• dramatically changes what you can cache if you can invalidate
Instant purge
73. © 2016 All rights reservedGoto Stockholm 2016
Instant purge
• News articles
• Inventory data
• Sport scores
• Wikis
• Blogs
• API metadata
74. © 2016 All rights reservedGoto Stockholm 2016
Surrogate-Key invalidation
Surrogate-Key: tag1 tag2 tag3
• Purge by tag
• All objects matching tag gets wipe
• let us handle the cache dependencies (secondary index)
• track collections by objects that went into them
75. © 2016 All rights reservedGoto Stockholm 2016
Instant config
• Varnish VCL
• 100% API accesible
• Deploy around the world in 5 seconds
• Load balancing rules
• IP blocks
• Custom edge logic
76. © 2016 All rights reservedGoto Stockholm 2016
Instant logfiles
• Streaming log files (1-2 seconds delay)
• syslog
• S3/GCS
• Fluentd
• Splunk
• elk
• We don’t store any logs on a permanent basis
77. © 2016 All rights reservedGoto Stockholm 2016
Instant stats
• Realtime stream
• Hook into your alerting for instant notice on bad deploys
80. © 2016 All rights reservedGoto Stockholm 2016
Programmatic edge
• Load balance between cloud providers
• (get rid of your load balancers)
• Route to different services based on any attribute in the
request
• Handle failover
• Edge authentication using edge dictionaries (key-value store)
• Offload offload offload
81. © 2016 All rights reservedGoto Stockholm 2016
Client Fastly
82. © 2016 All rights reservedGoto Stockholm 2016
Client Fastly
Authentication
service
83. © 2016 All rights reservedGoto Stockholm 2016
Client Fastly
Authentication
service
84. © 2016 All rights reservedGoto Stockholm 2016
Client Fastly
Authentication
service
Segmentation
Service
Authentication headers provided
85. © 2016 All rights reservedGoto Stockholm 2016
Client Fastly
Authentication
service
Segmentation
Service
86. © 2016 All rights reservedGoto Stockholm 2016
Client Fastly
Authentication
service
Segmentation
Service
API service
Authentication + Segmentatio
headers provided
87. © 2016 All rights reservedGoto Stockholm 2016
Client Fastly
Authentication
service
Segmentation
Service
API service
88. © 2016 All rights reservedGoto Stockholm 2016
Client Fastly
Authentication
service
Segmentation
Service
API service
89. © 2016 All rights reservedGoto Stockholm 2016
Client Fastly
Authentication
service
Segmentation
Service
API service
Cacheable
Cacheable
90. © 2016 All rights reservedGoto Stockholm 2016
Client Fastly
Authentication
service
Segmentation
Service
API service
Second request
91. © 2016 All rights reservedGoto Stockholm 2016
Client Fastly
Authentication
service
Segmentation
Service
API service
Revoke access
Send surrogate-key
purge for user
92. © 2016 All rights reservedGoto Stockholm 2016
HOW??
93. © 2016 All rights reservedGoto Stockholm 2016
1. The network is reliable.
2. Latency is zero.
3. Bandwidth is infinite.
4. The network is secure.
5. Topology doesn't change.
6. There is one administrator.
7. Transport cost is zero.
8. The network is homogeneous.
Fallacies of distributed systems
94. © 2016 All rights reservedGoto Stockholm 2016
1. The network is reliable.
2. Latency is zero.
3. Bandwidth is infinite.
4. The network is secure.
5. Topology doesn't change.
6. There is one administrator.
7. Transport cost is zero.
8. The network is homogeneous.
At Fastly
95. © 2016 All rights reservedGoto Stockholm 2016
• Very little off the shelf software works for us
• Most software written for 2-3 nearby datacenter
• No virtualization
• Most things not written for our scale (up)
• Apparently few people continuously push 20 Gbps/server
Technologies
96. © 2016 All rights reservedGoto Stockholm 2016
• haproxy (TLS termination)
• h2o (http2)
• varnish (caching)
• bird (bgp daemon)
• knot (dns daemon)
• ubuntu linux
• C / Go / Ruby mix
Technologies
97. © 2016 All rights reservedGoto Stockholm 2016
• Hate specific built hardware
• Routers
• Load balancers
• Firewalls
• Arista / Cumulus
• Linux on a switch with an API
• BGP on the caches themselves
• Treat it all as code
Networking
98. © 2016 All rights reservedGoto Stockholm 2016
• Purging based on bimodal multicast
• Other services rely on purging
• Example config push => purge => fetch of new config
• Need to be extremely resilient in face of the internet
Coordination Technologies
99. © 2016 All rights reservedGoto Stockholm 2016
• Physical hardware for forwarding plane
• Google Bigtable/Bigquery for analytics
• AWS for control plane
• Datadog for monitoring
Providers
100. © 2016 All rights reservedGoto Stockholm 2016
• Varnish on AWS around the world
• Route53 to send to closest user
• You have a simple CDN!
Just! build your own
101. © 2016 All rights reservedGoto Stockholm 2016
EITHER WAY
USE ONE
102. © 2016 All rights reservedGoto Stockholm 2016
Thank you!