Accelerating OTT video platforms with Varnish - London Video Tech meetup 2020

Ca901ddcea38854b9783781c91fc87c9?s=47 Thijs Feryn
February 04, 2020

Accelerating OTT video platforms with Varnish - London Video Tech meetup 2020

Slides for my OTT video acceleration talk at the London Video Technology meetup February 2020 edition: https://feryn.eu/speaking/accelerating-ott-video-platforms-varnish-london-video-technology-meetup-2020/

Ca901ddcea38854b9783781c91fc87c9?s=128

Thijs Feryn

February 04, 2020
Tweet

Transcript

  1. ACCELERATING OTT VIDEO PLATFORMS WITH VARNISH BY THIJS FERYN

  2. I'M NOT A VIDEO EXPERT

  3. Slow websites SUCK

  4. None
  5. is bollocks

  6. CONTENT DELIVERY CHALLENGES

  7. STABILITY

  8. REDUCE LATENCY

  9. SERVER CAPACITY

  10. NETWORK CAPACITY

  11. THROWING SERVERS AT THE PROBLEM

  12. MO' MONEY MO' SERVERS MO' PROBLEMS

  13. CACHE

  14. DON’T RECOMPUTE IF THE DATA HASN’T CHANGED

  15. HI, I'M THIJS

  16. I'M AN EVANGELIST AT

  17. None
  18. None
  19. +-5,000,000 WEBSITES 20% OF THE TOP 10K WEBSITES

  20. None
  21. MORE THAN 750M VIEWERS PER MONTH

  22. None
  23. I'M @THIJSFERYN

  24. None
  25. VIDEO IS BIG & BROAD INDUSTRY

  26. DELIVERY

  27. None
  28. NORMALLY CLIENT SERVER

  29. WITH REVERSE CACHING PROXY CLIENT PROXY SERVER

  30. None
  31. WHY NOT USE A CDN?

  32. VARNISH IS CDN SOFTWARE!

  33. VARNISH VARNISH VARNISH ORIGIN

  34. CDN CDN CDN ORIGIN VARNISH

  35. STREAM.M3U8 STREAM_01.TS STREAM_02.TS STREAM_03.TS THESE WILL BE CACHED

  36. WHY IS VARNISH SO POWERFUL?

  37. WHY IS VARNISH SO POWERFUL? ✓ EXTREMELY LOW RESOURCE ✓

    EXTREMELY STABLE ✓ 100 GBIT PER SERVER ✓ REQUEST COALESCING ✓ VARNISH CONFIGURATION LANGUAGE ✓ VMODS ✓ COMPLIES TO HTTP BEST PRACTICES
  38. ORIGIN VARNISH REQUEST COALESCING QUEUED CONNECTIONS SINGLE BACKEND FETCH

  39. ORIGIN VARNISH GRACE SERVE STALE OBJECT BACKGROUND FETCH

  40. Cache-control: public, max-age=3600, s-maxage=86400, stale-while-revalidate=100 GRACE TTL

  41. vcl 4.1; backend default { .host = "origin"; .port =

    "80"; } sub vcl_backend_response { if(bereq.url == "/vod/master.m3u8" ){ set beresp.grace = 1h; } }
  42. VARNISH CONFIGURATION LANGUAGE

  43. None
  44. None
  45. vcl 4.1; backend origin { .host = "1.2.3.4"; .port =

    "80"; } sub vcl_recv { if(req.url ~ "^/(live|vod)/") { unset req.http.authorization; unset req.http.cookie; } } sub vcl_backend_response { if(bereq.url ~ "^/(live|vod)/") { unset beresp.http.set-cookie; set beresp.grace = 5s; } if(bereq.url ~ "^/live/.*\.m3u8") { set beresp.ttl = 1ms; } if(bereq.url ~ "^/vod/.*\.m3u8") { set beresp.ttl = 3600s; } }
  46. LIVE STREAMING VS VIDEO ON DEMAND

  47. LIVE ✓ LOW LATENCY ✓ CONSTANT PLAYLIST UPDATES ✓ LOW

    TTL ON PLAYLISTS ✓ ONLY THE LAST X SEGMENTS ARE REQUIRED ✓ SEGMENT SIZE TRADEOFF
  48. VOD ✓ NO PLAYLIST UPDATES ✓ HIGH TTL ON PLAYLISTS

    ✓ PRE-FETCHING POSSIBLE ✓ ALL SEGMENTS ARE REQUIRED ✓ STORAGE REQUIREMENTS
  49. STORAGE

  50. HEAD VS LONG TAIL HEAD LONG TAIL

  51. WHERE VARNISH STORES ITS OBJECTS ✓ MEMORY ✓ DISK ✓

    MASSIVE STORAGE ENGINE (ENTERPRISE ONLY)
  52. MSE ✓ MIX OF MEMORY AND DISK ✓ SMARTER LRU

    ✓ PRE-ALLOCATED LARGE FILES ON DISK ✓ LESS DISK FRAGMENTATION ✓ INTELLIGENT STORAGE ROUTING
  53. env: { id = "myenv"; memcache_size = "100G"; }; MSE.CONF

  54. env: { id = "myenv"; memcache_size = "100G"; books =

    ( { id = "book1"; directory = "/var/lib/mse/book1"; database_size = "1G"; stores = ( { id = "store-1-1"; filename = "/var/lib/mse/stores/disk1/store-1-1.dat"; size = "2T"; tags = ( "slow", "sata" ); }, { tags = ( "fast", "ssd" ); id = "store-1-2"; filename = "/var/lib/mse/stores/disk2/store-1-2.dat"; size = "500G"; } ); }); default_stores = "none"; }; MSE.CONF
  55. mkfs.mse -c /var/lib/mse/mse.conf CREATE FILES

  56. varnishd -s mse,/var/lib/mse/mse.conf ATTACH TO VARNISH

  57. ROUND-ROBIN STORE SELECTION

  58. vcl 4.1; import mse; sub vcl_backend_response { mse.set_weighting(size); } SIZE

    AVAILABLE SMOOTH
  59. vcl 4.1; import mse; sub vcl_backend_response { if (beresp.ttl <

    120s) { mse.set_stores("none"); } else { if (beresp.http.Transfer-Encoding ~ "chunked" || beresp.http.Content-Length > 1M) { mse.set_stores("sata"); } else { mse.set_stores("fast"); } } }
  60. DECISION MAKING AT THE EDGE

  61. DIGITAL RIGHTS MANAGEMENT*

  62. #EXTM3U #EXT-X-VERSION:3 #EXT-X-TARGETDURATION:5 #EXT-X-MEDIA-SEQUENCE:15 #EXT-X-KEY:METHOD=AES-128,URI="/live/ enc.key",IV=0x230f26620bfafa3cd420cb68c0647415 #EXTINF:3.200000, stream_015.ts #EXTINF:4.800000, stream_016.ts

    #EXTINF:3.200000, stream_017.ts #EXTINF:4.800000, stream_018.ts #EXTINF:1.088000, stream_019.ts #EXT-X-ENDLIST DECRYPTION KEY
  63. .TS FILES ARE ENCODED AND CAN ONLY BE DECODED BY

    THE PLAYER
  64. ENC.KEY SHOULD BE PROTECTED

  65. vcl 4.1; backend default { .host = "1.2.3.4"; .port =

    "80"; } sub vcl_recv { if(req.url ~ "^/live/enc.key") { if (req.http.Authorization != "Basic YWRtaW46YWRtaW4=") { return (synth(401, "Restricted")); } } unset req.http.Authorization; } sub vcl_synth { if (resp.status == 401) { set resp.http.WWW-Authenticate = {"Basic realm="Restricted area""}; } }
  66. VALIDATE SESSION FROM REDIS

  67. vcl 4.1; import cookieplus; import redis; import kvstore; backend default

    { .host = "origin"; .port = "80"; } sub vcl_init { new authorized_sessions = kvstore.init(); new db = redis.db( location="redis:6379", type=master, connection_timeout=500, shared_connections=false, max_connections=1); }
  68. sub vcl_recv { if(req.url ~ "^/live/enc.key") { if(authorized_sessions.get(cookieplus.get("PHPSESSID"),"empty") == "empty")

    { db.command("GET"); db.push("PHPREDIS_SESSION:"+cookieplus.get("PHPSESSID")); db.execute(); if(db.get_string_reply() !~ "authorized\|b\:1\;") { authorized_sessions.set(cookieplus.get("PHPSESSID"),"false"); return (synth(401, "Not Authorized")); } else { authorized_sessions.set(cookieplus.get("PHPSESSID"),"true", 10s); } } elseif(authorized_sessions.get(cookieplus.get("PHPSESSID")) == "false") { return (synth(401, "Not Authorized")); } } }
  69. GEO FEATURES

  70. vcl 4.1; import mmdb; backend default { .host = "192.0.2.11";

    .port = "8080"; } # create a database object sub vcl_init { new geodb = mmdb.init("/path/to/db"); } sub vcl_recv { # retrieve the name of the request's origin set req.http.Country-Name = geodb.country_name(client.ip); # if the country doesn't come from Germany or Belgium, deny access if (req.http.Country-Name != "Germany" || req.http.Country-Name != "Belgium") { return (synth(403, "Sorry, only available in Germany and Belgium")); } } Geo blocking
  71. vcl 4.1; import geodirector; import mmdb; backend us { .host

    = "us.example.com"; .port = "80"; } backend uk { .host = "uk.example.com"; .port = "80"; } backend be { .host = "be.example.com"; .port = "80"; } sub vcl_init { new geodb = mmdb.init("/path/to/db"); }
  72. sub vcl_recv { set req.http.Country-Code = geodb.country_code(client.ip); if(req.http.Country-Code == "US")

    { set req.backend_hint = us; } elseif(req.http.Country-Code == "GB") { set req.backend_hint = uk; } else { set req.backend_hint = be; } } Geo backend selection
  73. NO MORE ORIGIN

  74. vcl 4.1; import file; backend default { .host = "origin";

    .port = "80"; } sub vcl_init { new root = file.init("/var/www/html/"); } sub vcl_backend_fetch { set bereq.backend = root.backend(); }
  75. VIDEO SEGMENT PREFETCHING

  76. vcl 4.1; import http; backend default { .host = "origin";

    .port = "80"; } sub vcl_recv { if (req.url ~ "^/vod/.+\.ts$") { http.init(0); http.req_set_max_loops(0,1); http.req_copy_headers(0); http.req_set_method(0, "HEAD"); set req.http.x-next-url = http.prefetch_next_url(); http.req_set_url(0, req.http.x-next-url); http.req_send_and_finish(0); } }
  77. RATE LIMITING & THROTTLING

  78. vcl 4.1; import vsthrottle; import tcp; backend default { .host

    = "origin"; .port = "80"; } sub vcl_recv { if (vsthrottle.is_denied(client.identity, 15, 10s, 60s)) { # Client has exceeded 15 reqs per 10s or get blocked for 60s return (synth(429, "Too Many Requests")); } # Download at 1 MB/s tcp.set_socket_pace(1000); }
  79. None
  80. None
  81. THE VMOD ECOSYSTEM HTTPS://VARNISH-CACHE.ORG/VMODS/ HTTPS://DOCS.VARNISH-SOFTWARE.COM/VARNISH-CACHE-PLUS/VMODS/

  82. FROM $0.20/H + 14 DAYS FREE TRIAL

  83. None
  84. None
  85. HTTPS://FERYN.EU HTTPS://TWITTER.COM/THIJSFERYN HTTPS://INSTAGRAM.COM/THIJSFERYN