NGINX Plus R7 7 Oct 2015

01 What drives us?

Building a great application is only half the battle, delivering the application is the other half.

Applications of the future will be dramatically different to the applications of today

MORE INFORMATION AT NGINX.COM Modern Web, Modern Architecture From Monolithic... Three-tier, J2EE-style architectures Complex protocols (HTML, SOAP) Persistent deployments Fixed, static Infrastructure Big-bang releases Silo’ed teams (Dev, Test, Ops) ...to Dynamic Microservices Lightweight (REST, Messaging) Containers, VMs SDN, NFV, Cloud Continuous delivery DevOps Culture

MORE INFORMATION AT NGINX.COM Applications are made of Diverse components PHP, Ruby, JavaScript, Python,… diversity is the new standard Applications are made of Transient components Servers and containers are deployed and destroyed almost continually Applications are made of Lightweight components Simple, highly-focused components are stitched together Modern Web Applications are...

The modern web requires a new approach to application delivery

MORE INFORMATION AT NGINX.COM Flawless Application Delivery for the Modern Web 8 Load Balancer Monitoring & Management Web Server Content Cache Streaming Media

NGINX powers today’s webscale companies

No content

Application delivery for microservices Adopters deploy NGINX in front of and within each microservice, ensuring they are: •  Connected •  Available •  Authenticated •  Secured •  Cached •  Load Balanced •  Accelerated •  Scaled 11

02 What’s new in NGINX Plus R7?

NGINX Plus R7 extends our capabilities as an enterprise-grade load balancer, proxy, & server platform for the modern web.

MORE INFORMATION AT NGINX.COM Key New Features ●  HTTP/2 - NGINX Plus now provides a fully supported implementation of the new HTTP/2 web standard ●  Performance - Support for socket sharding and thread pools give up to 9x improvement in some cases ●  Security - NTLM support for Microsoft application and new TCP security enhancements improve the security and reliability of your applications ●  Monitoring - Improved monitoring and diagnostics tools to help with tuning and debugging ●  Visibility - Significantly enhanced status monitoring dashboard

HTTP/2

MORE INFORMATION AT NGINX.COM •  HTTP/2 is the new standard for transmitting data over the internet. •  Ratified as a standard on February 17, 2015 by the IESG •  Supported by Firefox, Chrome and Safari (with iOS9 and El Capitan) •  Over 50% of users have a browser that supports HTTP/2 •  Better performance through a few key optimizations: •  Connection multiplexing •  Single connection •  Binary Header encoding •  Header compression •  SSL not mandated by standard, but Firefox and Chrome won’t support without encryption •  Support will be by a special package: nginx-plus-http2 •  No -extras package •  Regular nginx-plus* packages will support SPDY/3.1 HTTP/2 Overview

MORE INFORMATION AT NGINX.COM ●  All elements of a webpage are downloaded over a single connection for greater efficiency ●  True multiplexing of requests across the connection HTTP/2 vs. HTTP/1

MORE INFORMATION AT NGINX.COM •  HTTP/2 Gateway - NGINX Plus translates HTTP/2 into a protocol existing app servers can understand •  Backwards Compatibility - Using NPN, NGINX Plus can support HTTP/2 alongside older browsers that only run HTTP/1.x How NGINX Supports HTTP/2

Performance

MORE INFORMATION AT NGINX.COM •  Improves performance up to 9x for disk based workloads such as caching or serving static content •  Disk operations are slow in general and blocking in Linux •  If disk operation blocks, NGINX worker process blocks and can’t do productive work •  Instead of doing disk operation directly, worker process hands the work off to a ‘thread pool’ •  After hand off, worker process continues on as usual •  Thread pool notifies worker process when disk operation is done Thread Pools

MORE INFORMATION AT NGINX.COM Socket Sharding •  Improves performance up to 3x for workloads with short lived connections •  More efficient handoff of packets from Linux kernel to NGINX worker processes •  Linux kernel round robin load balances packets between worker processes •  Otherwise packets are put up for grabs to first available worker •  Requires SO_REUSEPORT socket option committed into Linux kernel 3.9 •  Supported in Red Hat Enterprise Linux 7 or later and Ubuntu 13.10 or later

Security

MORE INFORMATION AT NGINX.COM •  Microsoft standard used to authenticate users to services. •  Succeeded by Kerberos for modern Microsoft applications. •  Still used by legacy Microsoft applications and for some scenarios with modern Microsoft applications. •  Has a unique requirement that connections to backend servers are persistent and not multiplexed. •  NGINX Plus only NTLM Support

MORE INFORMATION AT NGINX.COM •  Connection Limiting •  Limit connections clients can have open at a time •  Slow down DDoS attackers •  Access Controls •  Create black/white lists of IP Addresses •  Quickly block malicious IPs •  Bandwidth Limits •  Limit client upload and download speed •  Prevent attackers from taking up precious bandwidth TCP Load Balancing

MORE INFORMATION AT NGINX.COM NGINX F/OSS NGINX Plus Core Features •  TCP load balancing •  Load-balancing methods •  PROXY_PROTOCOL support * •  SSL decryption and encryption •  TCP load balancing metrics and health check data Compile-time option RR, Hash, Least_Conn Yes Yes Built-in All, plus Least_Time Yes Yes Yes Dynamic Configuration •  DNS configuration •  Dynamic load balancing configuration Static Dynamic Upstream_Conf API High Availability •  Passive health checks •  Application-aware health checks •  Slow-Start for recovered servers Yes Yes Yes Yes Security and Access Controls •  Access Controls * •  Bandwidth limiting * •  Client connection limits * •  Binding to a specific address * •  Server (upstream) connection limits Yes Yes Yes Yes Yes Yes Yes Yes Yes

Monitoring

MORE INFORMATION AT NGINX.COM •  499 errors - Client closed connection while server was processing request. •  NGINX worker restarts - The number of times the NGINX worker restarted. This helps to detect NGINX worker process crashes. •  NGINX reloads - The number of times NGINX was reloaded. This confirms that NGINX was actually reloaded, or that it failed due to various reasons such as improper configuration. •  Queue overflows - Measures how well a server handles load. A high number of queue overflows indicates a server that is struggling to keep up. •  SSL handshakes - The number of SSL handshakes completed. •  SSL sessions reused - The number of SSL sessions that were reused from an earlier session. •  New SSL sessions - The number of new SSL sessions negotiated. •  NGINX Plus only New counters

Visibility

MORE INFORMATION AT NGINX.COM Old vs. New

MORE INFORMATION AT NGINX.COM •  Health - Quickly identify failed servers •  Load - High Req/s and connection count can indicate a heavily loaded system or DDoS attack •  Cache - Learn the current state of the content cache Dashboard Overview

MORE INFORMATION AT NGINX.COM •  Start from the dashboard and quickly drill down for more specific data •  Tabs have easy red, yellow, green indicators for quick identification of health problems Tabbed Navigation

MORE INFORMATION AT NGINX.COM •  Quickly identify failed servers •  “Failed only” button to display only failed servers. •  Responses from servers broken down by response code •  A large number of 4xx or 5xx errors can indicate problems with backend server •  Monitor how much bandwidth is being used by each server •  Compare different servers in the pool and how evenly the traffic is being spread •  Click pencil icon to temporarily add/remove/modify servers Upstream view

MORE INFORMATION AT NGINX.COM •  Quickly add in a new server •  Only Server address field is required •  Changes are temporary and do not persist across a reload •  Uses the NGINX Plus dynamic reconfiguration API Upstream view

MORE INFORMATION AT NGINX.COM •  Hit ratio tracks how well the cache is performing •  A low hit ratio indicates most responses are missing the cache and going directly to backend •  Convenient red, yellow, green indicators •  Capacity bar shows how full the cache is •  Warm/cold indicator for whether or not the cache is ready to be used Cache view

MORE INFORMATION AT NGINX.COM •  Tooltips throughout the dashboard give more detailed information about upstream servers, configuration reloads, cache status, and any error messages. •  Server zones view gives data on NGINX Plus interaction with clients •  Contains equivalent views for TCP and HTTP traffic •  Can also temporarily add/remove/modify backend servers for TCP applications •  NGINX Plus only And More...

Even more features

MORE INFORMATION AT NGINX.COM •  Improved HLS streaming - Support for the start, end, and offset HLS tags for m3u8 URLs. This allows content publishers to easily publish links to fragments of a video stream. •  Content modification - The sub_filter module has been extended to support variables and chains of substitutions, making more complex changes possible. You can also use it to insert content into HTML pages, such as boilerplate text, without having to modify the original HTML content. •  $upstream_connect_time - A new NGINX variable that tracks the time it takes to connect to a back-end server. Slower servers will have a larger connect time. •  Config dump - nginx -T on the command line dumps the parsed NGINX configuration. Useful for archiving purposes or when filing a support ticket. •  More configurable TCP load balancing - The proxy_bind, tcp_nodelay, proxy_protocol, and the backlog parameter to the listen directives are all now configurable parameters. •  Redis support – The lua-resty-redis NGINX module is now included natively in the NGINX Plus Extras package. It enables NGINX Plus to interact with a Redis database (for example, to get and set values). •  Updated Phusion Passenger module - The Phusion Passenger module has been updated to version 5.0.11. Even more features

MORE INFORMATION AT NGINX.COM Learn more •  NGINX Plus R7 overview with code samples •  nginx.com/r7 •  NGINX white paper on HTTP/2 and how to deploy it with NGINX and NGINX Plus •  nginx.com/http2-wp •  Special edition ebook on HTTP/2 and web performance by Ilya Grigorik of Google •  nginx.com/http2-ebook •  A demo of the new NGINX Plus dashboard •  demo.nginx.com

MORE INFORMATION AT NGINX.COM Summary •  Fully-supported HTTP/2 implementation •  Socket sharding and thread pools improve performance up to 9x •  NTLM support for Microsoft applications and more security for TCP applications •  Improved monitoring and diagnostics with additional counters •  Significantly enhanced dashboard •  …And a handful of tweaks and enhancements

03 Questions?