SlideShare a Scribd company logo

Building high traffic http front-ends. theo schlossnagle. зал 1

R
rit2011

This document discusses high-performance HTTP front-ends. It covers why HTTP is commonly used, performance expectations and achievements including supporting 500k concurrent users and 100k requests/second on a single server. Availability is achieved through routing protocols and redundancy rather than stateful failover. Future improvements may come from protocols like SPDY that allow multiplexing requests to reduce latency.

Technology
1 of 17
Downloaded 25 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
High-performance Robust HTTP Front-ends / tips, tricks and expectations Saturday, April 23, 2011
Who am I? @postwait on twitter Author of “Scalable Internet Architectures” Pearson, ISBN: 067232699X Contributor to “Web Operations” O’Reilly, ISBN: Founder of OmniTI, Message Systems, Fontdeck, & Circonus I like to tackle problems that are “always on” and “always growing.” I am an Engineer A practitioner of academic computing. IEEE member and Senior ACM member. On the Editorial Board of ACM’s Queue magazine. 2 Saturday, April 23, 2011
Agenda • Why only HTTP? • HTTP-like protocols • Performance • Availability Saturday, April 23, 2011
HTTP • Why only HTTP... it’s what we do. • User-based, immediate, short-lived transactions occupy my life. • So, not just HTTP. • HTTPS • SPDY (... we’ll get to this) Saturday, April 23, 2011
Performance • ATS (Apache Traffic Server) • supports SSL • battle-hardened codebase • very multi-code capable • Varnish • VCL adds unparalleled flexibility • no SSL! • nginx • I don’t see much of this out on the edge Saturday, April 23, 2011
Performance Expectations • from a single server, you should be able to: • support 500k concurrent users • this is only 40k sockets/core • push in excess of 100k requests/second • this is only 9k requests/core*second • push close to 10 gigabits • this is why 10G was invented Saturday, April 23, 2011
Performance Achievements • Good load balancers achieve this performance • with dual socket Westmere processors, we’re able to achieve in software on general purpose hardware what was only possible in hardware ASICs. • ATS and Varnish can do this today. Saturday, April 23, 2011
The Basic Rules: Content • You must serve content from cache • Your cache should fit in memory • If it does not, it should spill to SSD, not spinning media. Saturday, April 23, 2011
The Basic Rules: CPU • You must cache SSL sessions • SSL key negotiation is expensive. • SSL encryption is not* • Common cases must not cause state on the firewall. • It’s hard enough to serve 150k requests/second. • You will spend too much time in kernel in iptables, ipf, or pf. • allow port 80 and port 443. • enable SYN flood prevention * crypto obviously costs CPU; symmetric crypto is relatively cheap Saturday, April 23, 2011
The Basic Rules: Network • You must not run a stateful firewall in front • too expensive • too little value • You must be directly behind capable router(s) • expect anywhere from 1MM to 20MM packets per second • we need to run BGP for availability Saturday, April 23, 2011
Availability • We learned in the performance section: • 1 machine / 10Gbps uplink performs well enough • We need redundancy: • Linux HA? • VRRP/HSRP? • CARP? • No... Saturday, April 23, 2011
Availability: Constraints • Client TCP sessions are relatively short lived. • The web is a largely idempotent place. • Clients are capable of retrying on failure. • This means: • forget stateful failover. • focus on availability for new connections. Saturday, April 23, 2011
Availability: Setup • You are behind a capable router (it was a rule) • Use routing protocols (BGP) to maintain availability. BGP 10.1.0.0/24 10.1.1.0/24 10.1.0.0/23 10.1.0.0/23 Saturday, April 23, 2011
Working Stacks • Linux (OS/TCP stack) • Illumos (OS/TCP stack) • Varnish (HTTP) • ATS (HTTP/HTTPS) • Quagga (BGP) • Quagga (BGP) Saturday, April 23, 2011
Future! • This stuff is fast. • In the end, we’re not looking for faster servers, we’re looking for improved user experience. • Enter SPDY • Google’s multi-channel HTTP super-protocol • Allows multiplexing of concurrent HTTP(like) request/response on a single TCP session. • Defeats slow startup • Allows for content prioritization on server Saturday, April 23, 2011
Future: my thoughts • SPDY is relatively simple to implement on the server • SPDY is very very hard to leverage on the server • If ATS implemented SPDY in and out • and provided a robust configuration language to leverage it ... the future would be today. Saturday, April 23, 2011
Thank you. • Thank you Олег Бунин • Thanks to the Varnish and ATS developers. • Спасибо. Saturday, April 23, 2011

More Related Content

PDF
Designing for Massive Scalability at BackType #bigdatacamp
Michael Montano
 
PDF
WHIP WebRTC Broadcasting @ FOSDEM 2022
Lorenzo Miniero
 
PDF
FOSDEM2018 Janus Lua plugin presentation
Lorenzo Miniero
 
PDF
Janus + Audio @ Open Source World
Lorenzo Miniero
 
PDF
How to video.
Cotap Engineering
 
PDF
Multistream in Janus @ CommCon 2019
Lorenzo Miniero
 
PDF
Stackato v2
Jonas Brømsø
 
PDF
An SFU/MCU integration for heterogeneous environments
Giacomo Vacca
 
Designing for Massive Scalability at BackType #bigdatacamp
Michael Montano
 
WHIP WebRTC Broadcasting @ FOSDEM 2022
Lorenzo Miniero
 
FOSDEM2018 Janus Lua plugin presentation
Lorenzo Miniero
 
Janus + Audio @ Open Source World
Lorenzo Miniero
 
How to video.
Cotap Engineering
 
Multistream in Janus @ CommCon 2019
Lorenzo Miniero
 
Stackato v2
Jonas Brømsø
 
An SFU/MCU integration for heterogeneous environments
Giacomo Vacca
 

What's hot (20)

PDF
Persistent storage tailored for containers #dockersummit
Infinit
 
PPTX
What’s the Deal with Containers, Anyway?
Stephen Foskett
 
PDF
OSGi In Anger - Tara Simpson
mfrancis
 
PDF
Highly concurrent yet natural programming
Infinit
 
PPTX
Building the carrier grade nfv infrastructure
OPNFV
 
PDF
Docker volume plugins and Infinit – Mini-conf Docker Paris #1
Infinit
 
PDF
One
Martin Alfke
 
PPTX
A tour of Java and the JVM
Alex Birch
 
PDF
Dist::Zilla - A very brief introduction
Dean Hamstead
 
PDF
Balázs Bucsay - XFLTReaT: Building a Tunnel
hacktivity
 
PPTX
Networking in the cloud: An SDN primer
Midokura
 
PDF
Improving POD Usage in Labs, CI and Testing
OPNFV
 
PPTX
Realtime traffic analyser
Alex Moskvin
 
PPTX
Breaking down a monolith
GeekNightHyderabad
 
PDF
2012 workshop wed_ethernet_servicesoveri_poib
strelecru
 
PPTX
RabbitMQ and AMQP Model
Rajitha Gunawardhane
 
PDF
Iwmn architecture
Lenz Gschwendtner
 
PDF
Adding Real-time Features to PHP Applications
Ronny López
 
PPT
All About IPv6
Issac Goldstand
 
PDF
Report on OFELIA
FIBRE Testbed
 
Persistent storage tailored for containers #dockersummit
Infinit
 
What’s the Deal with Containers, Anyway?
Stephen Foskett
 
OSGi In Anger - Tara Simpson
mfrancis
 
Highly concurrent yet natural programming
Infinit
 
Building the carrier grade nfv infrastructure
OPNFV
 
Docker volume plugins and Infinit – Mini-conf Docker Paris #1
Infinit
 
One
Martin Alfke
 
A tour of Java and the JVM
Alex Birch
 
Dist::Zilla - A very brief introduction
Dean Hamstead
 
Balázs Bucsay - XFLTReaT: Building a Tunnel
hacktivity
 
Networking in the cloud: An SDN primer
Midokura
 
Improving POD Usage in Labs, CI and Testing
OPNFV
 
Realtime traffic analyser
Alex Moskvin
 
Breaking down a monolith
GeekNightHyderabad
 
2012 workshop wed_ethernet_servicesoveri_poib
strelecru
 
RabbitMQ and AMQP Model
Rajitha Gunawardhane
 
Iwmn architecture
Lenz Gschwendtner
 
Adding Real-time Features to PHP Applications
Ronny López
 
All About IPv6
Issac Goldstand
 
Report on OFELIA
FIBRE Testbed
 
Ad

Viewers also liked (9)

PDF
The CMO 2.0
B2B Marketing
 
PPTX
Social Media Benchmarking Report - preview of findings
B2B Marketing
 
PDF
How digital can build your brand
B2B Marketing
 
PPT
How to get value from your multi-channel lead gen programme - Cyance
B2B Marketing
 
PDF
인간의 경험 공유를 위한 태스크 및 컨텍스트 추출 및 표현
Haklae Kim
 
PPTX
What makes excellent B2B Marketing? The Evidence Uncovered
B2B Marketing
 
PDF
Cappuccino 3 Slide Illustration
Ashish Goel
 
PDF
CASE STUDY: Inbound: building trust into your marketing strategy
B2B Marketing
 
PDF
модульное тестирование для Perl. алексей шруб. зал 4
rit2011
 
The CMO 2.0
B2B Marketing
 
Social Media Benchmarking Report - preview of findings
B2B Marketing
 
How digital can build your brand
B2B Marketing
 
How to get value from your multi-channel lead gen programme - Cyance
B2B Marketing
 
인간의 경험 공유를 위한 태스크 및 컨텍스트 추출 및 표현
Haklae Kim
 
What makes excellent B2B Marketing? The Evidence Uncovered
B2B Marketing
 
Cappuccino 3 Slide Illustration
Ashish Goel
 
CASE STUDY: Inbound: building trust into your marketing strategy
B2B Marketing
 
модульное тестирование для Perl. алексей шруб. зал 4
rit2011
 
Ad

Similar to Building high traffic http front-ends. theo schlossnagle. зал 1 (20)

PDF
NFV Infrastructure Manager with High Performance Software Switch Lagopus
Hirofumi Ichihara
 
PDF
Stardog talk-dc-march-17
Clark & Parsia LLC
 
PPTX
Realtime web2012
Timothy Fitz
 
PDF
How DreamHost builds a Public Cloud with OpenStack
Carl Perry
 
PDF
How DreamHost builds a public cloud with OpenStack.pdf
OpenStack Foundation
 
KEY
Actors and Threads
mperham
 
PDF
Trick or XFLTReaT a.k.a. Tunnel All The Things
Balazs Bucsay
 
PDF
Xen and-the-art-of-rails-deployment2640
Newlink
 
PDF
Xen and-the-art-of-rails-deployment2640
Newlink
 
PDF
Xen and-the-art-of-rails-deployment2640
Newlink
 
PDF
Xen and-the-art-of-rails-deployment2640
LLC NewLink
 
PDF
Xen and-the-art-of-rails-deployment2640
Newlink
 
KEY
Ruby Concurrency Realities
Mike Subelsky
 
PPTX
Ext osad initial-eval-march2015
Daneyon Hansen
 
PDF
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
Balazs Bucsay
 
PDF
pps Matters
Bangladesh Network Operators Group
 
PDF
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
LinkedIn
 
KEY
Real time system_performance_mon
Tomas Doran
 
KEY
High performance network programming on the jvm oscon 2012
Erik Onnen
 
PDF
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)
Balazs Bucsay
 
NFV Infrastructure Manager with High Performance Software Switch Lagopus
Hirofumi Ichihara
 
Stardog talk-dc-march-17
Clark & Parsia LLC
 
Realtime web2012
Timothy Fitz
 
How DreamHost builds a Public Cloud with OpenStack
Carl Perry
 
How DreamHost builds a public cloud with OpenStack.pdf
OpenStack Foundation
 
Actors and Threads
mperham
 
Trick or XFLTReaT a.k.a. Tunnel All The Things
Balazs Bucsay
 
Xen and-the-art-of-rails-deployment2640
Newlink
 
Xen and-the-art-of-rails-deployment2640
Newlink
 
Xen and-the-art-of-rails-deployment2640
Newlink
 
Xen and-the-art-of-rails-deployment2640
LLC NewLink
 
Xen and-the-art-of-rails-deployment2640
Newlink
 
Ruby Concurrency Realities
Mike Subelsky
 
Ext osad initial-eval-march2015
Daneyon Hansen
 
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
Balazs Bucsay
 
pps Matters
Bangladesh Network Operators Group
 
Jay Kreps on Project Voldemort Scaling Simple Storage At LinkedIn
LinkedIn
 
Real time system_performance_mon
Tomas Doran
 
High performance network programming on the jvm oscon 2012
Erik Onnen
 
XFLTReaT: A New Dimension in Tunneling (Shakacon 2017)
Balazs Bucsay
 

More from rit2011 (20)

PPT
классификация Ddos. александр лямин, артем гавриченков. зал 2
rit2011
 
PDF
Chef. кто на кухне хозяин. концепция devops. а,титов. зал 2
rit2011
 
PPT
как объяснить заказчику, что он не прав. денис тучин. зал 3
rit2011
 
PDF
классификация Ddos. александр лямин, артем гавриченков. зал 2
rit2011
 
PPTX
Kpi разработчика vs kpi разработки. евгения фирсова. зал 1
rit2011
 
PDF
ускорение Front end разработки с помощью haml, sass и compass. андрей ситник....
rit2011
 
PDF
ускорение Front end разработки с помощью haml, sass и compass. андрей ситник....
rit2011
 
PPT
что и почему вы должны программировать на Erlang.максим лапшин. зал 4
rit2011
 
PDF
I pv6 малоизвестные подробности. андрей пантюхин. зал 2
rit2011
 
PPT
безопасность веб приложений сегодня. дмитрий евтеев. зал 4
rit2011
 
PDF
как стать хорошим веб технологом. нарек мкртчян. зал 4
rit2011
 
PPTX
сотни серверов, десятки компонент. автоматизация раскладки и конфигурирования...
rit2011
 
PPT
выращиваем интерфейс своими руками. ольга павлова. зал 3
rit2011
 
PDF
распределенное файловое хранилище (Nginx, zfs, perl). перепелица мамонтов. зал 2
rit2011
 
PPT
от Flash к html5. александр бацуев. зал 4
rit2011
 
PPTX
Ie9 и ie10. алекс могилевский. зал 2
rit2011
 
PPTX
сотни серверов, десятки компонент. автоматизация раскладки и конфигурирования...
rit2011
 
PDF
полмиллиона юзеров в онлайне без падений оптимизация высоконагруженной Server...
rit2011
 
POTX
рисуем тз. эффективный способ коммуникации в веб проектах. артем вольфтруб. з...
rit2011
 
PPTX
типология личности и прогноз отношений по а. афанасьеву. сергей котырев. зал 2
rit2011
 
классификация Ddos. александр лямин, артем гавриченков. зал 2
rit2011
 
Chef. кто на кухне хозяин. концепция devops. а,титов. зал 2
rit2011
 
как объяснить заказчику, что он не прав. денис тучин. зал 3
rit2011
 
классификация Ddos. александр лямин, артем гавриченков. зал 2
rit2011
 
Kpi разработчика vs kpi разработки. евгения фирсова. зал 1
rit2011
 
ускорение Front end разработки с помощью haml, sass и compass. андрей ситник....
rit2011
 
ускорение Front end разработки с помощью haml, sass и compass. андрей ситник....
rit2011
 
что и почему вы должны программировать на Erlang.максим лапшин. зал 4
rit2011
 
I pv6 малоизвестные подробности. андрей пантюхин. зал 2
rit2011
 
безопасность веб приложений сегодня. дмитрий евтеев. зал 4
rit2011
 
как стать хорошим веб технологом. нарек мкртчян. зал 4
rit2011
 
сотни серверов, десятки компонент. автоматизация раскладки и конфигурирования...
rit2011
 
выращиваем интерфейс своими руками. ольга павлова. зал 3
rit2011
 
распределенное файловое хранилище (Nginx, zfs, perl). перепелица мамонтов. зал 2
rit2011
 
от Flash к html5. александр бацуев. зал 4
rit2011
 
Ie9 и ie10. алекс могилевский. зал 2
rit2011
 
сотни серверов, десятки компонент. автоматизация раскладки и конфигурирования...
rit2011
 
полмиллиона юзеров в онлайне без падений оптимизация высоконагруженной Server...
rit2011
 
рисуем тз. эффективный способ коммуникации в веб проектах. артем вольфтруб. з...
rit2011
 
типология личности и прогноз отношений по а. афанасьеву. сергей котырев. зал 2
rit2011
 

Recently uploaded (20)

PDF
KodekX | Application Modernization Development
KodekX
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
PDF
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
KodekX | Application Modernization Development
KodekX
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
Cloud computing and distributed systems.
kkkkkhan
 
Encapsulation theory and applications.pdf
gurumoop
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Encapsulation_ Review paper, used for researhc scholars
gurumoop
 
Optimiser vos workloads AI/ML sur Amazon EC2 et AWS Graviton
Julien SIMON
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 

Building high traffic http front-ends. theo schlossnagle. зал 1

  • 1. High-performance Robust HTTP Front-ends / tips, tricks and expectations Saturday, April 23, 2011
  • 2. Who am I? @postwait on twitter Author of “Scalable Internet Architectures” Pearson, ISBN: 067232699X Contributor to “Web Operations” O’Reilly, ISBN: Founder of OmniTI, Message Systems, Fontdeck, & Circonus I like to tackle problems that are “always on” and “always growing.” I am an Engineer A practitioner of academic computing. IEEE member and Senior ACM member. On the Editorial Board of ACM’s Queue magazine. 2 Saturday, April 23, 2011
  • 3. Agenda • Why only HTTP? • HTTP-like protocols • Performance • Availability Saturday, April 23, 2011
  • 4. HTTP • Why only HTTP... it’s what we do. • User-based, immediate, short-lived transactions occupy my life. • So, not just HTTP. • HTTPS • SPDY (... we’ll get to this) Saturday, April 23, 2011
  • 5. Performance • ATS (Apache Traffic Server) • supports SSL • battle-hardened codebase • very multi-code capable • Varnish • VCL adds unparalleled flexibility • no SSL! • nginx • I don’t see much of this out on the edge Saturday, April 23, 2011
  • 6. Performance Expectations • from a single server, you should be able to: • support 500k concurrent users • this is only 40k sockets/core • push in excess of 100k requests/second • this is only 9k requests/core*second • push close to 10 gigabits • this is why 10G was invented Saturday, April 23, 2011
  • 7. Performance Achievements • Good load balancers achieve this performance • with dual socket Westmere processors, we’re able to achieve in software on general purpose hardware what was only possible in hardware ASICs. • ATS and Varnish can do this today. Saturday, April 23, 2011
  • 8. The Basic Rules: Content • You must serve content from cache • Your cache should fit in memory • If it does not, it should spill to SSD, not spinning media. Saturday, April 23, 2011
  • 9. The Basic Rules: CPU • You must cache SSL sessions • SSL key negotiation is expensive. • SSL encryption is not* • Common cases must not cause state on the firewall. • It’s hard enough to serve 150k requests/second. • You will spend too much time in kernel in iptables, ipf, or pf. • allow port 80 and port 443. • enable SYN flood prevention * crypto obviously costs CPU; symmetric crypto is relatively cheap Saturday, April 23, 2011
  • 10. The Basic Rules: Network • You must not run a stateful firewall in front • too expensive • too little value • You must be directly behind capable router(s) • expect anywhere from 1MM to 20MM packets per second • we need to run BGP for availability Saturday, April 23, 2011
  • 11. Availability • We learned in the performance section: • 1 machine / 10Gbps uplink performs well enough • We need redundancy: • Linux HA? • VRRP/HSRP? • CARP? • No... Saturday, April 23, 2011
  • 12. Availability: Constraints • Client TCP sessions are relatively short lived. • The web is a largely idempotent place. • Clients are capable of retrying on failure. • This means: • forget stateful failover. • focus on availability for new connections. Saturday, April 23, 2011
  • 13. Availability: Setup • You are behind a capable router (it was a rule) • Use routing protocols (BGP) to maintain availability. BGP 10.1.0.0/24 10.1.1.0/24 10.1.0.0/23 10.1.0.0/23 Saturday, April 23, 2011
  • 14. Working Stacks • Linux (OS/TCP stack) • Illumos (OS/TCP stack) • Varnish (HTTP) • ATS (HTTP/HTTPS) • Quagga (BGP) • Quagga (BGP) Saturday, April 23, 2011
  • 15. Future! • This stuff is fast. • In the end, we’re not looking for faster servers, we’re looking for improved user experience. • Enter SPDY • Google’s multi-channel HTTP super-protocol • Allows multiplexing of concurrent HTTP(like) request/response on a single TCP session. • Defeats slow startup • Allows for content prioritization on server Saturday, April 23, 2011
  • 16. Future: my thoughts • SPDY is relatively simple to implement on the server • SPDY is very very hard to leverage on the server • If ATS implemented SPDY in and out • and provided a robust configuration language to leverage it ... the future would be today. Saturday, April 23, 2011
  • 17. Thank you. • Thank you Олег Бунин • Thanks to the Varnish and ATS developers. • Спасибо. Saturday, April 23, 2011