What's New in NGINX Plus R7?

Transcript

1. NGINX Plus R7 7 Oct 2015

2. 01 What drives us?

3. Building a great application is only half the battle, delivering

   the application is the other half.

4. Applications of the future will be dramatically different to the

   applications of today

5. MORE INFORMATION AT NGINX.COM Modern Web, Modern Architecture From Monolithic...

   Three-tier, J2EE-style architectures Complex protocols (HTML, SOAP) Persistent deployments Fixed, static Infrastructure Big-bang releases Silo’ed teams (Dev, Test, Ops) ...to Dynamic Microservices Lightweight (REST, Messaging) Containers, VMs SDN, NFV, Cloud Continuous delivery DevOps Culture

6. MORE INFORMATION AT NGINX.COM Applications are made of Diverse components

   PHP, Ruby, JavaScript, Python,… diversity is the new standard Applications are made of Transient components Servers and containers are deployed and destroyed almost continually Applications are made of Lightweight components Simple, highly-focused components are stitched together Modern Web Applications are...

7. The modern web requires a new approach to application delivery

8. MORE INFORMATION AT NGINX.COM Flawless Application Delivery for the Modern

   Web 8 Load Balancer Monitoring & Management Web Server Content Cache Streaming Media

9. NGINX powers today’s webscale companies

10. None

11. Application delivery for microservices Adopters deploy NGINX in front of

    and within each microservice, ensuring they are: •  Connected •  Available •  Authenticated •  Secured •  Cached •  Load Balanced •  Accelerated •  Scaled 11

12. 02 What’s new in NGINX Plus R7?

13. NGINX Plus R7 extends our capabilities as an enterprise-grade load

    balancer, proxy, & server platform for the modern web.

14. MORE INFORMATION AT NGINX.COM Key New Features •  HTTP/2 -

    NGINX Plus now provides a fully supported implementation of the new HTTP/2 web standard •  Performance - Support for socket sharding and thread pools give up to 9x improvement in some cases •  Security - NTLM support for Microsoft application and new TCP security enhancements improve the security and reliability of your applications •  Monitoring - Improved monitoring and diagnostics tools to help with tuning and debugging •  Visibility - Significantly enhanced status monitoring dashboard

15. HTTP/2

16. MORE INFORMATION AT NGINX.COM •  HTTP/2 is the new standard

    for transmitting data over the internet. •  Ratified as a standard on February 17, 2015 by the IESG •  Supported by Firefox, Chrome and Safari (with iOS9 and El Capitan) •  Over 50% of users have a browser that supports HTTP/2 •  Better performance through a few key optimizations: •  Connection multiplexing •  Single connection •  Binary Header encoding •  Header compression •  SSL not mandated by standard, but Firefox and Chrome won’t support without encryption •  Support will be by a special package: nginx-plus-http2 •  No -extras package •  Regular nginx-plus* packages will support SPDY/3.1 HTTP/2 Overview

17. MORE INFORMATION AT NGINX.COM •  All elements of a webpage

    are downloaded over a single connection for greater efficiency •  True multiplexing of requests across the connection HTTP/2 vs. HTTP/1

18. MORE INFORMATION AT NGINX.COM •  HTTP/2 Gateway - NGINX Plus

    translates HTTP/2 into a protocol existing app servers can understand •  Backwards Compatibility - Using NPN, NGINX Plus can support HTTP/2 alongside older browsers that only run HTTP/1.x How NGINX Supports HTTP/2

19. Performance

20. MORE INFORMATION AT NGINX.COM •  Improves performance up to 9x

    for disk based workloads such as caching or serving static content •  Disk operations are slow in general and blocking in Linux •  If disk operation blocks, NGINX worker process blocks and can’t do productive work •  Instead of doing disk operation directly, worker process hands the work off to a ‘thread pool’ •  After hand off, worker process continues on as usual •  Thread pool notifies worker process when disk operation is done Thread Pools

21. MORE INFORMATION AT NGINX.COM Socket Sharding •  Improves performance up

    to 3x for workloads with short lived connections •  More efficient handoff of packets from Linux kernel to NGINX worker processes •  Linux kernel round robin load balances packets between worker processes •  Otherwise packets are put up for grabs to first available worker •  Requires SO_REUSEPORT socket option committed into Linux kernel 3.9 •  Supported in Red Hat Enterprise Linux 7 or later and Ubuntu 13.10 or later

22. Security

23. MORE INFORMATION AT NGINX.COM •  Microsoft standard used to authenticate

    users to services. •  Succeeded by Kerberos for modern Microsoft applications. •  Still used by legacy Microsoft applications and for some scenarios with modern Microsoft applications. •  Has a unique requirement that connections to backend servers are persistent and not multiplexed. •  NGINX Plus only NTLM Support

24. MORE INFORMATION AT NGINX.COM •  Connection Limiting •  Limit connections

    clients can have open at a time •  Slow down DDoS attackers •  Access Controls •  Create black/white lists of IP Addresses •  Quickly block malicious IPs •  Bandwidth Limits •  Limit client upload and download speed •  Prevent attackers from taking up precious bandwidth TCP Load Balancing

25. MORE INFORMATION AT NGINX.COM NGINX F/OSS NGINX Plus Core Features

    •  TCP load balancing •  Load-balancing methods •  PROXY_PROTOCOL support * •  SSL decryption and encryption •  TCP load balancing metrics and health check data Compile-time option RR, Hash, Least_Conn Yes Yes Built-in All, plus Least_Time Yes Yes Yes Dynamic Configuration •  DNS configuration •  Dynamic load balancing configuration Static Dynamic Upstream_Conf API High Availability •  Passive health checks •  Application-aware health checks •  Slow-Start for recovered servers Yes Yes Yes Yes Security and Access Controls •  Access Controls * •  Bandwidth limiting * •  Client connection limits * •  Binding to a specific address * •  Server (upstream) connection limits Yes Yes Yes Yes Yes Yes Yes Yes Yes

26. Monitoring

27. MORE INFORMATION AT NGINX.COM •  499 errors - Client closed

    connection while server was processing request. •  NGINX worker restarts - The number of times the NGINX worker restarted. This helps to detect NGINX worker process crashes. •  NGINX reloads - The number of times NGINX was reloaded. This confirms that NGINX was actually reloaded, or that it failed due to various reasons such as improper configuration. •  Queue overflows - Measures how well a server handles load. A high number of queue overflows indicates a server that is struggling to keep up. •  SSL handshakes - The number of SSL handshakes completed. •  SSL sessions reused - The number of SSL sessions that were reused from an earlier session. •  New SSL sessions - The number of new SSL sessions negotiated. •  NGINX Plus only New counters

28. Visibility

29. MORE INFORMATION AT NGINX.COM Old vs. New

30. MORE INFORMATION AT NGINX.COM •  Health - Quickly identify failed

    servers •  Load - High Req/s and connection count can indicate a heavily loaded system or DDoS attack •  Cache - Learn the current state of the content cache Dashboard Overview

31. MORE INFORMATION AT NGINX.COM •  Start from the dashboard and

    quickly drill down for more specific data •  Tabs have easy red, yellow, green indicators for quick identification of health problems Tabbed Navigation

32. MORE INFORMATION AT NGINX.COM •  Quickly identify failed servers • 

    “Failed only” button to display only failed servers. •  Responses from servers broken down by response code •  A large number of 4xx or 5xx errors can indicate problems with backend server •  Monitor how much bandwidth is being used by each server •  Compare different servers in the pool and how evenly the traffic is being spread •  Click pencil icon to temporarily add/remove/modify servers Upstream view

33. MORE INFORMATION AT NGINX.COM •  Quickly add in a new

    server •  Only Server address field is required •  Changes are temporary and do not persist across a reload •  Uses the NGINX Plus dynamic reconfiguration API Upstream view

34. MORE INFORMATION AT NGINX.COM •  Hit ratio tracks how well

    the cache is performing •  A low hit ratio indicates most responses are missing the cache and going directly to backend •  Convenient red, yellow, green indicators •  Capacity bar shows how full the cache is •  Warm/cold indicator for whether or not the cache is ready to be used Cache view

35. MORE INFORMATION AT NGINX.COM •  Tooltips throughout the dashboard give

    more detailed information about upstream servers, configuration reloads, cache status, and any error messages. •  Server zones view gives data on NGINX Plus interaction with clients •  Contains equivalent views for TCP and HTTP traffic •  Can also temporarily add/remove/modify backend servers for TCP applications •  NGINX Plus only And More...

36. Even more features

37. MORE INFORMATION AT NGINX.COM •  Improved HLS streaming - Support

    for the start, end, and offset HLS tags for m3u8 URLs. This allows content publishers to easily publish links to fragments of a video stream. •  Content modification - The sub_filter module has been extended to support variables and chains of substitutions, making more complex changes possible. You can also use it to insert content into HTML pages, such as boilerplate text, without having to modify the original HTML content. •  $upstream_connect_time - A new NGINX variable that tracks the time it takes to connect to a back-end server. Slower servers will have a larger connect time. •  Config dump - nginx -T on the command line dumps the parsed NGINX configuration. Useful for archiving purposes or when filing a support ticket. •  More configurable TCP load balancing - The proxy_bind, tcp_nodelay, proxy_protocol, and the backlog parameter to the listen directives are all now configurable parameters. •  Redis support – The lua-resty-redis NGINX module is now included natively in the NGINX Plus Extras package. It enables NGINX Plus to interact with a Redis database (for example, to get and set values). •  Updated Phusion Passenger module - The Phusion Passenger module has been updated to version 5.0.11. Even more features

38. MORE INFORMATION AT NGINX.COM Learn more •  NGINX Plus R7

    overview with code samples •  nginx.com/r7 •  NGINX white paper on HTTP/2 and how to deploy it with NGINX and NGINX Plus •  nginx.com/http2-wp •  Special edition ebook on HTTP/2 and web performance by Ilya Grigorik of Google •  nginx.com/http2-ebook •  A demo of the new NGINX Plus dashboard •  demo.nginx.com

39. MORE INFORMATION AT NGINX.COM Summary •  Fully-supported HTTP/2 implementation • 

    Socket sharding and thread pools improve performance up to 9x •  NTLM support for Microsoft applications and more security for TCP applications •  Improved monitoring and diagnostics with additional counters •  Significantly enhanced dashboard •  …And a handful of tweaks and enhancements

40. 03 Questions?