varnish 4.0 workshop
TRANSCRIPT
![Page 1: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/1.jpg)
![Page 2: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/2.jpg)
Reza NaghibiSenior Developer / Presales US
Per BuerCTO
![Page 3: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/3.jpg)
Varnish Cache 4.0
![Page 4: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/4.jpg)
Feel free to ask questions
![Page 5: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/5.jpg)
About Varnish Software
• Company behind Varnish Cache
• Sells Varnish Plus
• Tools for stats, management and more
• Support
• Development
![Page 6: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/6.jpg)
What is Varnish?
Varnish Cache
ClientWeb
server
![Page 7: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/7.jpg)
VCL
• DSL
• Allows semantics not easily expressed in K/V structures
• Fast
![Page 8: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/8.jpg)
if (req.url ~ "^/buzzy/" &&(req.http.referer && req.http.referer !~
"^http://www.example.com/")) {error 403 "No hotlinking please";
}
![Page 9: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/9.jpg)
Logging
• Logs insane amounts of data
• Always runs with “full debug”
![Page 10: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/10.jpg)
One step back…
![Page 11: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/11.jpg)
Varnish 3.0
• Released in 2011
• gzip
• basic streaming capabilities
• Added modules…
![Page 12: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/12.jpg)
Modules• In essence they can return values
• .. thereby influencing VCL flow
• Can do ~everything but alter the content
• Look up a key in a K/V DB and take action in VCL
• curl
• variables; session, global
![Page 13: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/13.jpg)
Varnish Cache 4.0
![Page 14: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/14.jpg)
![Page 15: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/15.jpg)
Gaining root through CLI
• Change user to root
• restart cache
• upload VCL with inline C code
• …
• profit
![Page 16: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/16.jpg)
Security in V4
• -r for read only parameters
• Locks down CLI
• user, group and cc_command
• Inline C is default off
![Page 17: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/17.jpg)
Attempting root through CLI in V4• Change user to root
• restart cache
• upload VCL with inline C code
• …
• …
![Page 18: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/18.jpg)
![Page 19: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/19.jpg)
Threading
• Backend and frontend separation
• Frontend thread requests backend thread for backend work.
• Per thread pool acceptor threads
![Page 20: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/20.jpg)
Sidestep: Grace
• Allowing Varnish to serve content that is out of date
• In 3.0 it would block the first thread to refresh
![Page 21: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/21.jpg)
Threading in Varnish
Varnish Cache
Client
Web server
Client Thread
Backend Thread
GET /foo GET /foo
![Page 22: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/22.jpg)
![Page 23: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/23.jpg)
Streaming• V3 will add a bit of delay before starting
delivery on cache misses
• From “store and forward” to “cut through”
• Set do_stream = true in V4 (default true)
• Beneficial for large objects and cache hierarchies
• Works with ranged request as long as content-length is present.
![Page 24: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/24.jpg)
Streaming in Varnish
Varnish Cache
Web server
ClientClientthread
ClientClientthread
Client
Clientthread
Backend thread
![Page 25: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/25.jpg)
![Page 26: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/26.jpg)
Logging in V3
• Logging in V3 is limited
• Only regex matching using &&
• No req/bereq relationship
• Performance problems
![Page 27: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/27.jpg)
• Transactions and transactions groups
• Query language
• Output control
• Increased performance (zero copy)
Logging in V4
![Page 28: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/28.jpg)
Log transactions
• One work item for Varnish is a
• client request
• backend request
• ESI sub-request
• session
![Page 29: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/29.jpg)
Transactions groups
• Transactions (work items) can be grouped
• by VXID
• by request
• by session
• raw
![Page 30: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/30.jpg)
varnishlog -g (vxid | request | session | raw )
![Page 31: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/31.jpg)
raw grouping
• Pumps out logs as they are read from memory
• you’ll see the ping-pongs, backend health checks and other internals that don’t have requests attached
![Page 32: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/32.jpg)
VXID grouping
• Group per work item
• Might be confusing
• ESI sub-requests will come before the parent
• bereq before request
![Page 33: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/33.jpg)
Session grouping
• Grouped per session (~TCP connection)
• Useful for debugging pipelining issues
• Probably a lot more useful when HTTP 2.0 arrives
• Suggestions for use?
![Page 34: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/34.jpg)
Request grouping
• Very intuitive
• Request first
• The response
• The ESI subrequests
• Indentation makes it readable
![Page 35: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/35.jpg)
Log query
language
$ varnishlog -g request \-q 'ReqURL eq "/"'
$ varnishlog -g request \-q 'Backend ~ default'
* << Request >> 32770 - Begin req 32769- ReqMethod GET- ReqURL /- ReqProtocol HTTP/1.1- ReqHeader TE: deflate,gzip;q=0.3 ...- Link bereq 32771- VCL_call DELIVER- VCL_return deliver- RespProtocol HTTP/1.1- RespStatus 200- RespResponse OK- ReqEnd 1385330985.979025126 1385330985.978960991 -0.001315594 0.001251459 -0.001315594- End ** << BeReq >> 32771 -- Begin bereq 32770-- VCL_call BACKEND_FETCH-- VCL_return fetch-- BackendOpen 18 default(127.0.0.1,::1,8020) 127.0.0.1 45989 -- Backend 18 default default(127.0.0.1,::1,8020)-- BereqMethod GET-- BereqURL /-- BereqEnd 1385330985.979187250 1385330985.980367422 0.000082792 0.000496101 0.000326045 0.000822146-- End
![Page 36: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/36.jpg)
Examples
• String matching, negation, logical operations
not ((RespProtocol eq “HTTP/1.1”) or (RespProtocol eq “HTTP/1.0”))
• Regular expressions
ReqMethod !~ "GET|POST"
• Integer matching
(RespStatus >= 200 and RespStatus < 300)
• Float matching
Timestamp:Process[2] > 0.5
![Page 37: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/37.jpg)
Output control
• A bit like “grep” for varnishlog
• Applied last, doesn’t affect queries
• -i <taglist> / -I <taglist:regex>
• -x <taglist> / -X <taglist:regex>
• Taglists supports globbing (e.g. Req*)
![Page 38: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/38.jpg)
![Page 39: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/39.jpg)
Content delivery• IMS towards backend now works
• Uses beresp.keep, which is independent of grace
• Default beresp.keep is 0s.
• Copies the old object into a new one when given 304 Not Modified
• Merges the response into the new one
• headers are copied
• Support for large datasets (>1TB) in Varnish Cache Plus Q3
![Page 40: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/40.jpg)
![Page 41: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/41.jpg)
Load balancing• Mostly feature parity… however
• Directors are VMODs now
• Directors typically defined in vcl_init
• Easy to implement new directors
• Directors are now stackable
• Backends can still not be created dynamically
![Page 42: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/42.jpg)
Director example
sub vcl_init { new bar = directors.round_robin(); bar.add_backend(server1); bar.add_backend(server2); }
![Page 43: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/43.jpg)
VCL
![Page 44: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/44.jpg)
VCL 4• New version marker - “vcl 4.0”
• More fine grained control over the flow
• vcl_hash is more prominent
• vcl_fetch is replaced by vcl_backend_fetch and vcl_backend_response
• vcl_error is replaced by vcl_synth and vcl_backend_error
• vcl_purge introduced
![Page 45: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/45.jpg)
Typical flows (hit / miss)
• recv
• hash
• hit
• deliver
• recv
• hash
• miss
• backend_fetch
• backend_response (insert)
• deliver
![Page 46: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/46.jpg)
Documentation changes
• The docs are split into several bits
• Installation docs
• Tutorial - the basics, mostly for rookies
• User guide. Explains the semantics
• Reference. Mostly syntax.
• Migration docs.
![Page 47: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/47.jpg)
Summing up• New mind blowing logging facility
• Backend/frontend threading w/streaming
• IMS towards backend
• Performance increase
• VCL changes
• Reworked documentation (varnish.org/docs)
![Page 48: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/48.jpg)
![Page 49: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/49.jpg)
Dynamic backends
• Problem: DNS entries in VCL get resolved at vcl.load.
• Must-have feature for EC2
• Slated for 2015
![Page 50: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/50.jpg)
Saint mode
• Support is in place in master
• Slated for 4.1
• Is a VMOD now
![Page 51: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/51.jpg)
HTTP 2.0
• HTTP 2.0 is ratified
• We expect to have HTTP 2.0 support in Q1 2016
![Page 52: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/52.jpg)
SSL?
![Page 53: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/53.jpg)
Thank you
![Page 54: Varnish 4.0 workshop](https://reader038.vdocuments.net/reader038/viewer/2022103003/55c93777bb61ebd5758b46da/html5/thumbnails/54.jpg)
Thank you