Slide 1
Slide 1 text
ACCELERATING OTT
VIDEO PLATFORMS
WITH VARNISH
BY THIJS FERYN
Slide 2
Slide 2 text
I'M NOT A VIDEO EXPERT
Slide 3
Slide 3 text
Slow websites
SUCK
Slide 4
Slide 4 text
No content
Slide 5
Slide 5 text
is bollocks
Slide 6
Slide 6 text
CONTENT DELIVERY CHALLENGES
Slide 7
Slide 7 text
STABILITY
Slide 8
Slide 8 text
REDUCE LATENCY
Slide 9
Slide 9 text
SERVER
CAPACITY
Slide 10
Slide 10 text
NETWORK
CAPACITY
Slide 11
Slide 11 text
THROWING
SERVERS
AT THE PROBLEM
Slide 12
Slide 12 text
MO' MONEY
MO' SERVERS
MO' PROBLEMS
Slide 13
Slide 13 text
CACHE
Slide 14
Slide 14 text
DON’T RECOMPUTE
IF THE DATA
HASN’T CHANGED
Slide 15
Slide 15 text
HI, I'M THIJS
Slide 16
Slide 16 text
I'M AN
EVANGELIST
AT
Slide 17
Slide 17 text
No content
Slide 18
Slide 18 text
No content
Slide 19
Slide 19 text
+-5,000,000 WEBSITES
20% OF THE TOP 10K WEBSITES
Slide 20
Slide 20 text
No content
Slide 21
Slide 21 text
MORE THAN 750M VIEWERS PER MONTH
Slide 22
Slide 22 text
No content
Slide 23
Slide 23 text
I'M @THIJSFERYN
Slide 24
Slide 24 text
No content
Slide 25
Slide 25 text
VIDEO IS BIG & BROAD INDUSTRY
Slide 26
Slide 26 text
DELIVERY
Slide 27
Slide 27 text
No content
Slide 28
Slide 28 text
NORMALLY
CLIENT SERVER
Slide 29
Slide 29 text
WITH REVERSE CACHING PROXY
CLIENT PROXY SERVER
Slide 30
Slide 30 text
No content
Slide 31
Slide 31 text
WHY NOT
USE A CDN?
Slide 32
Slide 32 text
VARNISH IS CDN SOFTWARE!
Slide 33
Slide 33 text
VARNISH VARNISH VARNISH
ORIGIN
Slide 34
Slide 34 text
CDN CDN CDN
ORIGIN
VARNISH
Slide 35
Slide 35 text
STREAM.M3U8
STREAM_01.TS
STREAM_02.TS
STREAM_03.TS
THESE WILL BE
CACHED
Slide 36
Slide 36 text
WHY IS VARNISH
SO POWERFUL?
Slide 37
Slide 37 text
WHY IS VARNISH SO POWERFUL?
✓ EXTREMELY LOW RESOURCE
✓ EXTREMELY STABLE
✓ 100 GBIT PER SERVER
✓ REQUEST COALESCING
✓ VARNISH CONFIGURATION LANGUAGE
✓ VMODS
✓ COMPLIES TO HTTP BEST PRACTICES
Slide 38
Slide 38 text
ORIGIN
VARNISH
REQUEST
COALESCING
QUEUED
CONNECTIONS
SINGLE BACKEND
FETCH
Slide 39
Slide 39 text
ORIGIN
VARNISH
GRACE
SERVE STALE
OBJECT
BACKGROUND
FETCH
Slide 40
Slide 40 text
Cache-control: public, max-age=3600,
s-maxage=86400, stale-while-revalidate=100
GRACE TTL
Slide 41
Slide 41 text
vcl 4.1;
backend default {
.host = "origin";
.port = "80";
}
sub vcl_backend_response {
if(bereq.url == "/vod/master.m3u8" ){
set beresp.grace = 1h;
}
}
Slide 42
Slide 42 text
VARNISH CONFIGURATION LANGUAGE
Slide 43
Slide 43 text
No content
Slide 44
Slide 44 text
No content
Slide 45
Slide 45 text
vcl 4.1;
backend origin {
.host = "1.2.3.4";
.port = "80";
}
sub vcl_recv {
if(req.url ~ "^/(live|vod)/") {
unset req.http.authorization;
unset req.http.cookie;
}
}
sub vcl_backend_response {
if(bereq.url ~ "^/(live|vod)/") {
unset beresp.http.set-cookie;
set beresp.grace = 5s;
}
if(bereq.url ~ "^/live/.*\.m3u8") {
set beresp.ttl = 1ms;
}
if(bereq.url ~ "^/vod/.*\.m3u8") {
set beresp.ttl = 3600s;
}
}
Slide 46
Slide 46 text
LIVE STREAMING
VS
VIDEO ON DEMAND
Slide 47
Slide 47 text
LIVE
✓ LOW LATENCY
✓ CONSTANT PLAYLIST UPDATES
✓ LOW TTL ON PLAYLISTS
✓ ONLY THE LAST X SEGMENTS ARE
REQUIRED
✓ SEGMENT SIZE TRADEOFF
Slide 48
Slide 48 text
VOD
✓ NO PLAYLIST UPDATES
✓ HIGH TTL ON PLAYLISTS
✓ PRE-FETCHING POSSIBLE
✓ ALL SEGMENTS ARE REQUIRED
✓ STORAGE REQUIREMENTS
Slide 49
Slide 49 text
STORAGE
Slide 50
Slide 50 text
HEAD VS LONG TAIL
HEAD
LONG TAIL
Slide 51
Slide 51 text
WHERE VARNISH STORES ITS OBJECTS
✓ MEMORY
✓ DISK
✓ MASSIVE STORAGE ENGINE (ENTERPRISE ONLY)
Slide 52
Slide 52 text
MSE
✓ MIX OF MEMORY AND DISK
✓ SMARTER LRU
✓ PRE-ALLOCATED LARGE FILES ON DISK
✓ LESS DISK FRAGMENTATION
✓ INTELLIGENT STORAGE ROUTING
Slide 53
Slide 53 text
env: {
id = "myenv";
memcache_size = "100G";
};
MSE.CONF
Slide 54
Slide 54 text
env: {
id = "myenv";
memcache_size = "100G";
books = ( {
id = "book1";
directory = "/var/lib/mse/book1";
database_size = "1G";
stores = ( {
id = "store-1-1";
filename = "/var/lib/mse/stores/disk1/store-1-1.dat";
size = "2T";
tags = ( "slow", "sata" );
}, {
tags = ( "fast", "ssd" );
id = "store-1-2";
filename = "/var/lib/mse/stores/disk2/store-1-2.dat";
size = "500G";
} );
});
default_stores = "none";
};
MSE.CONF
Slide 55
Slide 55 text
mkfs.mse -c /var/lib/mse/mse.conf
CREATE FILES
Slide 56
Slide 56 text
varnishd -s mse,/var/lib/mse/mse.conf
ATTACH TO
VARNISH
Slide 57
Slide 57 text
ROUND-ROBIN STORE SELECTION
Slide 58
Slide 58 text
vcl 4.1;
import mse;
sub vcl_backend_response {
mse.set_weighting(size);
}
SIZE
AVAILABLE
SMOOTH
Slide 59
Slide 59 text
vcl 4.1;
import mse;
sub vcl_backend_response {
if (beresp.ttl < 120s) {
mse.set_stores("none");
} else {
if (beresp.http.Transfer-Encoding ~ "chunked" ||
beresp.http.Content-Length > 1M) {
mse.set_stores("sata");
} else {
mse.set_stores("fast");
}
}
}
Slide 60
Slide 60 text
DECISION MAKING AT THE EDGE
Slide 61
Slide 61 text
DIGITAL RIGHTS MANAGEMENT*
Slide 62
Slide 62 text
#EXTM3U
#EXT-X-VERSION:3
#EXT-X-TARGETDURATION:5
#EXT-X-MEDIA-SEQUENCE:15
#EXT-X-KEY:METHOD=AES-128,URI="/live/
enc.key",IV=0x230f26620bfafa3cd420cb68c0647415
#EXTINF:3.200000,
stream_015.ts
#EXTINF:4.800000,
stream_016.ts
#EXTINF:3.200000,
stream_017.ts
#EXTINF:4.800000,
stream_018.ts
#EXTINF:1.088000,
stream_019.ts
#EXT-X-ENDLIST
DECRYPTION KEY
Slide 63
Slide 63 text
.TS FILES ARE ENCODED AND
CAN ONLY BE DECODED BY THE PLAYER
Slide 64
Slide 64 text
ENC.KEY SHOULD BE PROTECTED
Slide 65
Slide 65 text
vcl 4.1;
backend default {
.host = "1.2.3.4";
.port = "80";
}
sub vcl_recv {
if(req.url ~ "^/live/enc.key") {
if (req.http.Authorization != "Basic YWRtaW46YWRtaW4=") {
return (synth(401, "Restricted"));
}
}
unset req.http.Authorization;
}
sub vcl_synth {
if (resp.status == 401) {
set resp.http.WWW-Authenticate =
{"Basic realm="Restricted area""};
}
}
Slide 66
Slide 66 text
VALIDATE SESSION FROM REDIS
Slide 67
Slide 67 text
vcl 4.1;
import cookieplus;
import redis;
import kvstore;
backend default {
.host = "origin";
.port = "80";
}
sub vcl_init
{
new authorized_sessions = kvstore.init();
new db = redis.db(
location="redis:6379",
type=master,
connection_timeout=500,
shared_connections=false,
max_connections=1);
}
Slide 68
Slide 68 text
sub vcl_recv
{
if(req.url ~ "^/live/enc.key") {
if(authorized_sessions.get(cookieplus.get("PHPSESSID"),"empty") == "empty") {
db.command("GET");
db.push("PHPREDIS_SESSION:"+cookieplus.get("PHPSESSID"));
db.execute();
if(db.get_string_reply() !~ "authorized\|b\:1\;") {
authorized_sessions.set(cookieplus.get("PHPSESSID"),"false");
return (synth(401, "Not Authorized"));
} else {
authorized_sessions.set(cookieplus.get("PHPSESSID"),"true", 10s);
}
} elseif(authorized_sessions.get(cookieplus.get("PHPSESSID")) == "false") {
return (synth(401, "Not Authorized"));
}
}
}
Slide 69
Slide 69 text
GEO FEATURES
Slide 70
Slide 70 text
vcl 4.1;
import mmdb;
backend default { .host = "192.0.2.11"; .port = "8080"; }
# create a database object
sub vcl_init {
new geodb = mmdb.init("/path/to/db");
}
sub vcl_recv {
# retrieve the name of the request's origin
set req.http.Country-Name = geodb.country_name(client.ip);
# if the country doesn't come from Germany or Belgium, deny access
if (req.http.Country-Name != "Germany" ||
req.http.Country-Name != "Belgium") {
return (synth(403, "Sorry, only available in Germany and Belgium"));
}
}
Geo
blocking
Slide 71
Slide 71 text
vcl 4.1;
import geodirector;
import mmdb;
backend us {
.host = "us.example.com";
.port = "80";
}
backend uk {
.host = "uk.example.com";
.port = "80";
}
backend be {
.host = "be.example.com";
.port = "80";
}
sub vcl_init {
new geodb = mmdb.init("/path/to/db");
}
Slide 72
Slide 72 text
sub vcl_recv {
set req.http.Country-Code = geodb.country_code(client.ip);
if(req.http.Country-Code == "US") {
set req.backend_hint = us;
} elseif(req.http.Country-Code == "GB") {
set req.backend_hint = uk;
} else {
set req.backend_hint = be;
}
}
Geo
backend
selection
Slide 73
Slide 73 text
NO MORE ORIGIN
Slide 74
Slide 74 text
vcl 4.1;
import file;
backend default {
.host = "origin";
.port = "80";
}
sub vcl_init {
new root = file.init("/var/www/html/");
}
sub vcl_backend_fetch {
set bereq.backend = root.backend();
}
Slide 75
Slide 75 text
VIDEO SEGMENT PREFETCHING
Slide 76
Slide 76 text
vcl 4.1;
import http;
backend default {
.host = "origin";
.port = "80";
}
sub vcl_recv {
if (req.url ~ "^/vod/.+\.ts$") {
http.init(0);
http.req_set_max_loops(0,1);
http.req_copy_headers(0);
http.req_set_method(0, "HEAD");
set req.http.x-next-url = http.prefetch_next_url();
http.req_set_url(0, req.http.x-next-url);
http.req_send_and_finish(0);
}
}
Slide 77
Slide 77 text
RATE LIMITING & THROTTLING
Slide 78
Slide 78 text
vcl 4.1;
import vsthrottle;
import tcp;
backend default {
.host = "origin";
.port = "80";
}
sub vcl_recv {
if (vsthrottle.is_denied(client.identity, 15, 10s, 60s)) {
# Client has exceeded 15 reqs per 10s or get blocked for 60s
return (synth(429, "Too Many Requests"));
}
# Download at 1 MB/s
tcp.set_socket_pace(1000);
}
Slide 79
Slide 79 text
No content
Slide 80
Slide 80 text
No content
Slide 81
Slide 81 text
THE VMOD ECOSYSTEM
HTTPS://VARNISH-CACHE.ORG/VMODS/
HTTPS://DOCS.VARNISH-SOFTWARE.COM/VARNISH-CACHE-PLUS/VMODS/
Slide 82
Slide 82 text
FROM $0.20/H + 14 DAYS FREE TRIAL
Slide 83
Slide 83 text
No content
Slide 84
Slide 84 text
No content
Slide 85
Slide 85 text
HTTPS://FERYN.EU
HTTPS://TWITTER.COM/THIJSFERYN
HTTPS://INSTAGRAM.COM/THIJSFERYN