Varnish 4.0 workshop
-
Upload
varnish-software -
Category
Internet
-
view
62 -
download
5
Transcript of Varnish 4.0 workshop
Reza NaghibiSenior Developer / Presales US
Per BuerCTO
Varnish Cache 4.0
Feel free to ask questions
About Varnish Software
• Company behind Varnish Cache
• Sells Varnish Plus
• Tools for stats, management and more
• Support
• Development
What is Varnish?
Varnish Cache
ClientWeb
server
VCL
• DSL
• Allows semantics not easily expressed in K/V structures
• Fast
if (req.url ~ "^/buzzy/" &&(req.http.referer && req.http.referer !~
"^http://www.example.com/")) {error 403 "No hotlinking please";
}
Logging
• Logs insane amounts of data
• Always runs with “full debug”
One step back…
Varnish 3.0
• Released in 2011
• gzip
• basic streaming capabilities
• Added modules…
Modules• In essence they can return values
• .. thereby influencing VCL flow
• Can do ~everything but alter the content
• Look up a key in a K/V DB and take action in VCL
• curl
• variables; session, global
Varnish Cache 4.0
Gaining root through CLI
• Change user to root
• restart cache
• upload VCL with inline C code
• …
• profit
Security in V4
• -r for read only parameters
• Locks down CLI
• user, group and cc_command
• Inline C is default off
Attempting root through CLI in V4• Change user to root
• restart cache
• upload VCL with inline C code
• …
• …
Threading
• Backend and frontend separation
• Frontend thread requests backend thread for backend work.
• Per thread pool acceptor threads
Sidestep: Grace
• Allowing Varnish to serve content that is out of date
• In 3.0 it would block the first thread to refresh
Threading in Varnish
Varnish Cache
Client
Web server
Client Thread
Backend Thread
GET /foo GET /foo
Streaming• V3 will add a bit of delay before starting
delivery on cache misses
• From “store and forward” to “cut through”
• Set do_stream = true in V4 (default true)
• Beneficial for large objects and cache hierarchies
• Works with ranged request as long as content-length is present.
Streaming in Varnish
Varnish Cache
Web server
ClientClientthread
ClientClientthread
Client
Clientthread
Backend thread
Logging in V3
• Logging in V3 is limited
• Only regex matching using &&
• No req/bereq relationship
• Performance problems
• Transactions and transactions groups
• Query language
• Output control
• Increased performance (zero copy)
Logging in V4
Log transactions
• One work item for Varnish is a
• client request
• backend request
• ESI sub-request
• session
Transactions groups
• Transactions (work items) can be grouped
• by VXID
• by request
• by session
• raw
varnishlog -g (vxid | request | session | raw )
raw grouping
• Pumps out logs as they are read from memory
• you’ll see the ping-pongs, backend health checks and other internals that don’t have requests attached
VXID grouping
• Group per work item
• Might be confusing
• ESI sub-requests will come before the parent
• bereq before request
Session grouping
• Grouped per session (~TCP connection)
• Useful for debugging pipelining issues
• Probably a lot more useful when HTTP 2.0 arrives
• Suggestions for use?
Request grouping
• Very intuitive
• Request first
• The response
• The ESI subrequests
• Indentation makes it readable
Log query
language
$ varnishlog -g request \-q 'ReqURL eq "/"'
$ varnishlog -g request \-q 'Backend ~ default'
* << Request >> 32770 - Begin req 32769- ReqMethod GET- ReqURL /- ReqProtocol HTTP/1.1- ReqHeader TE: deflate,gzip;q=0.3 ...- Link bereq 32771- VCL_call DELIVER- VCL_return deliver- RespProtocol HTTP/1.1- RespStatus 200- RespResponse OK- ReqEnd 1385330985.979025126 1385330985.978960991 -0.001315594 0.001251459 -0.001315594- End ** << BeReq >> 32771 -- Begin bereq 32770-- VCL_call BACKEND_FETCH-- VCL_return fetch-- BackendOpen 18 default(127.0.0.1,::1,8020) 127.0.0.1 45989 -- Backend 18 default default(127.0.0.1,::1,8020)-- BereqMethod GET-- BereqURL /-- BereqEnd 1385330985.979187250 1385330985.980367422 0.000082792 0.000496101 0.000326045 0.000822146-- End
Examples
• String matching, negation, logical operations
not ((RespProtocol eq “HTTP/1.1”) or (RespProtocol eq “HTTP/1.0”))
• Regular expressions
ReqMethod !~ "GET|POST"
• Integer matching
(RespStatus >= 200 and RespStatus < 300)
• Float matching
Timestamp:Process[2] > 0.5
Output control
• A bit like “grep” for varnishlog
• Applied last, doesn’t affect queries
• -i <taglist> / -I <taglist:regex>
• -x <taglist> / -X <taglist:regex>
• Taglists supports globbing (e.g. Req*)
Content delivery• IMS towards backend now works
• Uses beresp.keep, which is independent of grace
• Default beresp.keep is 0s.
• Copies the old object into a new one when given 304 Not Modified
• Merges the response into the new one
• headers are copied
• Support for large datasets (>1TB) in Varnish Cache Plus Q3
Load balancing• Mostly feature parity… however
• Directors are VMODs now
• Directors typically defined in vcl_init
• Easy to implement new directors
• Directors are now stackable
• Backends can still not be created dynamically
Director example
sub vcl_init { new bar = directors.round_robin(); bar.add_backend(server1); bar.add_backend(server2); }
VCL
VCL 4• New version marker - “vcl 4.0”
• More fine grained control over the flow
• vcl_hash is more prominent
• vcl_fetch is replaced by vcl_backend_fetch and vcl_backend_response
• vcl_error is replaced by vcl_synth and vcl_backend_error
• vcl_purge introduced
Typical flows (hit / miss)
• recv
• hash
• hit
• deliver
• recv
• hash
• miss
• backend_fetch
• backend_response (insert)
• deliver
Documentation changes
• The docs are split into several bits
• Installation docs
• Tutorial - the basics, mostly for rookies
• User guide. Explains the semantics
• Reference. Mostly syntax.
• Migration docs.
Summing up• New mind blowing logging facility
• Backend/frontend threading w/streaming
• IMS towards backend
• Performance increase
• VCL changes
• Reworked documentation (varnish.org/docs)
Dynamic backends
• Problem: DNS entries in VCL get resolved at vcl.load.
• Must-have feature for EC2
• Slated for 2015
Saint mode
• Support is in place in master
• Slated for 4.1
• Is a VMOD now
HTTP 2.0
• HTTP 2.0 is ratified
• We expect to have HTTP 2.0 support in Q1 2016
SSL?
Thank you
Thank you