For Lovers of Packets and Jumbo FramesRedis Networking Nerd Down

Intro

John BullardVP Engineering

Benji TaylorDevOps Lead

We Block BotsDistil

How the Distil Bot Detection Solution Works

As web traffic passes through Distil, the system

1. Fingerprints each incoming connection and compares it to our Known Violators Database

2. If it’s a new fingerprint, validates the browser to determine if it’s a Bot or Not

3. Based on your preferences, automatically tags, challenges, or blocks the bot

Bad Bots Cause Problems

Fortune 500 & Alexa Global 10,000 CustomersEcommerce

Travel

Publishers

Directories

Traditional Media

Marketplace

Services

We Block BotsDistil Architecture

Distil Architecture

Topology - Single Master

Topology - Master : Master

Topology - Master : Slave

Every Packet MattersCustomer Story

Customer Story

○Large Online MarketplaceHigh traffic volume Approaching seasonal peak - 3x trafficAWS EC2 Classic

○ Soft 100k PPS Limit○ Customer concern

Customer Story

○Scaling Up + OutMaster : Slave Topology

○ 9 Node: 1 Master, 8 SlavesC3.8xlarge Instances

○ 36 vCPU, 60 GiB, 10 GigabitProof of Concept

○ Onboard <5% of traffic

POC - Slave Measurements

POC - Master Measurements

POC - Master Measurements

Customer Story

Customer Story

Customer Story

○Bottleneck - Master PPSRedis Master : Write + Replicate

○ All nodes write○ All writes replicate to all nodes

○RequirementsMaster PPS < 100kNo partitioningEC2 Classic$0 Cost Increase

We Block BotsPackets

Packets

Packets

Packets

Packets

Overview

○Jumbo CaveatsNot supported everywhere (Virtualbox)“Jumbo” differs among vendorsEvery component on path must support itSwitches - drop jumbo framesRouters - must support ingress and egress

Overview

○ Tuning - Jumbo frames - AWS Support for jumbo frames:

○ Compute optimized: C3, C4, CC2 ○ General purpose: M3, M4, T2 - GPU: CG1, G2 ○ Memory optimized: CR1, R3 ○ Storage optimized: D2, HI1, HS1, I2

MTU 9001 bytes

Packets

Packets

Packets

Packets

Packets

○TCP Small Packet ProblemApplication sending 1 byte packetsTCP packets have a 40 byte header

○ 20 bytes for TCP○ 20 bytes for IPv4

41 byte packet ○ For 1 byte of useful information

Packets

○Nagle’s algorithm (RFC 896)Combine small outgoing messages

Reduce # of packetsImprove TCP/IP efficiency Trade-off: increased latency

○ Problematic for real-time systems○ Per-socket: TCP_NODELAY

Packets

# Disable TCP_NODELAY on the slave socket after SYNC?## If you select "yes" Redis will use a smaller number of TCP packets and# less bandwidth to send data to slaves. But this can add a delay for# the data to appear on the slave side, up to 40 milliseconds with# Linux kernels using a default configuration.## If you select "no" the delay for data to appear on the slave side will# be reduced but more bandwidth will be used for replication.## By default we optimize for low latency, but in very high traffic conditions# or when the master and slaves are many hops away, turning this to "yes" may# be a good idea.repl-disable-tcp-nodelay no

Packets

Packets

Packets

Master/Slave ChainsCommon Architecture for Read Intensive

ScenariosBalance Write Duplication to Read-SlavesShift PPS to Read-SlavesConfiguration Change - No DevNo Added Cost

○ 1 Master 2 Read-Slaves 6 Edgenodes

Customer Story

Customer Story

Packets

○ApproachEthernet tuning - Enable Jumbo PacketsTCP/IP tuning - Enable “Naggling”Topology - Read-Slave fan-out

Demo