Why care about a CDN?

1
Workshops and Conference: May 9-11, 2016
2016
Stockholm
Let us know
what you think!
Click“Engage”
to rate a session.
If you rate 12 sessions
you get a cool GOTO prize!

Why the fuck care about a CDN?
Artur Bergman, CEO/Founder, Fastly

© 2016 All rights reservedGoto Stockholm 2016
• CEO && Founder

• Wikia CTO

• SixApart/LiveJournal

• Velocity conference

• Opensource developer

• From Stockholm!

• @crucially
Artur Bergman

2008 @ Wikia

• 5 years old

• San Francisco HQ

• London, Tokyo, New York, Denver

• 270 employees
Fastly

HTTP?
use a CDN

CDN??

"Any sufficiently advanced
technology is indistinguishable
from magic." -- Arthur C Clarke

"Any sufficiently advanced
technology is indistinguishable
from magic." -- Arthur C Clarke
"Any technology that is
indistinguishable from magic for
you is one you don't understand"
-- Artur Bergman

No Magic

• nginx

• haproxy

• squid

• varnish

• apache mod_proxy

• apache traffic server

• ELB

• F5 (terrible)
Reverse proxy

• offloads TLS

• load balances

• long running connections

• rule based dispatch
Reverse proxy
Client Reverse proxy
App server
App server
App server

CDN
Client
Reverse proxy
App server
App server
App server
Reverse proxy
Reverse proxy
Reverse proxy
Reverse proxy
Reverse proxy

Client
App server

• offloads TLS

• load balances

• long running connections

• rule based dispatch

• cache (pass through)
Caching reverse proxy
Client Reverse proxy
App server
App server
App server
Big awesome
cache

• 2x 2697v4 18+18 cores

• 768 GB RAM (12 TB)

• 48 TB of SSD (786 TB)

• 40 Gbit/ethernet (640 Gbit)

• 16 per rack
Big awesome cache
Love the future

User
DNS
CDN Pop
Origin

User
DNS
CDN Pop
Origin
Cache miss

User
DNS
CDN Pop
Origin
Cache hit

• Like memcache/redis

• Except

• Outside your datacenter

• Passthrough

• Close to user
Inside-out cache

• My content is

• Private

• Unique

• Un-cacheable

• Special snow flake
But but but

• My content is

• Private

• Unique

• Un-cacheable

• Special snow flake
But but but
Yeah right!
Don’t worry

Why?

Performance
Security
Availability

Latency is a measure of time delay experienced in a system, the precise
definition of which depends on the system and the time being measured. In
communications, the lower limit of latency is determined by the medium
being used for communications.
AKA waiting for shit.
Latency is the little-death that
bring total obliteration

299 792 458 m / s

Fastly
Cache it locally

?????

160 Gbps DDOS

• Layer 3/4 DDOS protection

• UDP/ICMP/SYN

• Layer 7 DDOS protection

• Inspect http traffic

• Block/Redirect

• Instant visibility in edge traffic

• Edge firewall rules
Security

SYN from China!

• Outsource your emotional burden

• More capacity than attacker is all that matters

• Distributed capacity

• Largest seen

• > 200 million packets per second

• > 400 Gbps

• If it is cached, its easy to serve very high request rate
A word on DDOS

DDOS?

Prince died :(

Prince died :(
140k rps
16k rps

Prince died :(
140k rps
16k rps
autoscale lol!

• CDN handles entire spike

• news sites

• download sites

• cache it and it doesn’t matter

• stale-if-error

• stale-while-revalidate
No origin load

• Fastly

• Telia

• NTT

• Cogent

• Comcast

• Level3

• + Peering
CDNs have many ISPs

• “Faster than the internet”

• “Route around problems”

• Continuously choose the best path

• Between customer and us

• Between us and origin
CDNs have many ISPs

• Beat speed of light

• Move data close to the user

• Personalize the data close to the user

• Defend against attacks close to the attacker

• DDOS is ever growing thread

• Only way to expand into new markets without significant
capital or operational outlay and risk
Do things at the edge

you use all the time

• Python Software Foundation

• NPM

• Ruby Core

• Ruby Gems

• Metacpan

• MIT Scratch

• kernel.org
opensource

• Hashicorp

• New Relic

• Maven

• Github

• Package cloud

• Check your build systems firewall log :)
developer tools

why do you care?
about future of CDN

Dynamic Site Acceleration
• Not just magic lies

• TCP

• HTTP

• TLS

SYN 100 ms

SYN 100 ms
SYNACK 100 ms

SYN 100 ms
SYNACK 100 ms
TLS HS 100 ms

SYN 100 ms
SYNACK 100 ms
TLS HS 100 ms
TLS HS 100 ms

SYN 100 ms
SYNACK 100 ms
TLS HS 100 ms
TLS HS 100 ms
Request 100 ms

SYN 100 ms
SYNACK 100 ms
TLS HS 100 ms
TLS HS 100 ms
Request 100 ms
Response 100 ms

SYN 100 ms
SYNACK 100 ms
TLS HS 100 ms
TLS HS 100 ms
Request 100 ms
Response 100 ms
Total 600 ms to slow start

SYN 20 ms
SYNACK 20 ms
TLS HS 20 ms
TLS HS 20 ms
Request 20 ms
Response 20 ms

SYN 20 ms
SYNACK 20 ms
TLS HS 20 ms
TLS HS 20 ms
Request 20 ms
Response 20 ms
Request 100 ms
Response 100 ms

SYN 20 ms
SYNACK 20 ms
TLS HS 20 ms
TLS HS 20 ms
Request 20 ms
Response 20 ms
Request 100 ms
Response 100 ms
Total 320 ms
and no slow start

• Location based

• Time based

• Changes based on user or machine input

• Separate public and private APIs

• Reuse on mobile and progressive web apps
Usually cacheable

• Instant purge (cache-invalidation)

• Instant configuration

• Instant stats

• Instant logs

• Edge dictionaries

• Very large edge caches == higher hit rate
Key developer friendly features

curl -X PURGE https://www.fastly.com/
• 150 ms to purge world wide

• dramatically changes what you can cache if you can invalidate
Instant purge

Instant purge
• News articles

• Inventory data

• Sport scores

• Wikis

• Blogs

• API metadata

Surrogate-Key invalidation
Surrogate-Key: tag1 tag2 tag3
• Purge by tag

• All objects matching tag gets wipe

• let us handle the cache dependencies (secondary index)

• track collections by objects that went into them

Instant config
• Varnish VCL

• 100% API accesible

• Deploy around the world in 5 seconds

• Load balancing rules

• IP blocks

• Custom edge logic

Instant logfiles
• Streaming log files (1-2 seconds delay)

• syslog

• S3/GCS

• Fluentd

• Splunk

• elk

• We don’t store any logs on a permanent basis

Instant stats
• Realtime stream

• Hook into your alerting for instant notice on bad deploys

Programmatic edge
• Load balance between cloud providers

• (get rid of your load balancers)

• Route to different services based on any attribute in the
request

• Handle failover

• Edge authentication using edge dictionaries (key-value store)

• Offload offload offload

Client Fastly

Client Fastly
Authentication
service

Client Fastly
Authentication
service
Segmentation
Service
Authentication headers provided

Client Fastly
Authentication
service
Segmentation
Service

Client Fastly
Authentication
service
Segmentation
Service
API service
Authentication + Segmentatio
headers provided

Client Fastly
Authentication
service
Segmentation
Service
API service

Client Fastly
Authentication
service
Segmentation
Service
API service
Cacheable
Cacheable

Client Fastly
Authentication
service
Segmentation
Service
API service
Second request

Client Fastly
Authentication
service
Segmentation
Service
API service
Revoke access
Send surrogate-key
purge for user

HOW??

1. The network is reliable.

2. Latency is zero.

3. Bandwidth is inﬁnite.

4. The network is secure.

5. Topology doesn't change.

6. There is one administrator.

7. Transport cost is zero.

8. The network is homogeneous.
Fallacies of distributed systems

1. The network is reliable.

2. Latency is zero.

3. Bandwidth is inﬁnite.

4. The network is secure.

5. Topology doesn't change.

6. There is one administrator.

7. Transport cost is zero.

8. The network is homogeneous.
At Fastly

• Very little oﬀ the shelf software works for us

• Most software written for 2-3 nearby datacenter

• No virtualization

• Most things not written for our scale (up)

• Apparently few people continuously push 20 Gbps/server
Technologies

• haproxy (TLS termination)

• h2o (http2)

• varnish (caching)

• bird (bgp daemon)

• knot (dns daemon)

• ubuntu linux

• C / Go / Ruby mix
Technologies

• Hate speciﬁc built hardware

• Routers

• Load balancers

• Firewalls

• Arista / Cumulus

• Linux on a switch with an API

• BGP on the caches themselves

• Treat it all as code
Networking

• Purging based on bimodal multicast

• Other services rely on purging

• Example conﬁg push => purge => fetch of new conﬁg

• Need to be extremely resilient in face of the internet
Coordination Technologies

• Physical hardware for forwarding plane

• Google Bigtable/Bigquery for analytics

• AWS for control plane

• Datadog for monitoring
Providers

• Varnish on AWS around the world

• Route53 to send to closest user

• You have a simple CDN!
Just! build your own

EITHER WAY
USE ONE

Thank you!

=
103
Workshops and Conference: May 9-11, 2016
2016
Stockholm
Please remember to
rate this session
...Thank You!

Why care about a CDN?

Recommended

Recommended

More Related Content

Similar to Why care about a CDN?

Similar to Why care about a CDN? (20)

Recently uploaded

Recently uploaded (20)

Why care about a CDN?