NGINX Plus R7

7 Oct 2015

01

What drives us?

Building a great application

is only half the battle,

delivering the application

is the other half.

Applications of the future

will be dramatically different

to the applications of today

MORE INFORMATION AT NGINX.COM

Modern Web, Modern Architecture

From Monolithic...Three-tier, J2EE-style architectures

Complex protocols (HTML, SOAP)

Persistent deployments

Fixed, static Infrastructure

Big-bang releases

Silo’ed teams (Dev, Test, Ops)

...to DynamicMicroservices

Lightweight (REST, Messaging)

Containers, VMs

SDN, NFV, Cloud

Continuous delivery

DevOps Culture

MORE INFORMATION AT NGINX.COM

Applications are made of Diverse componentsPHP, Ruby, JavaScript, Python,… diversity is the new standard

Applications are made of Transient componentsServers and containers are deployed and destroyed almost continually

Applications are made of Lightweight componentsSimple, highly-focused components are stitched together

Modern Web Applications are...

The modern web requires

a new approach

to application delivery

MORE INFORMATION AT NGINX.COM

Flawless Application Delivery

for the Modern Web8

Load Balancer Monitoring &

ManagementWeb ServerContent Cache Streaming Media

NGINX powers

today’s webscale companies

Application delivery for microservices

Adopters deploy NGINX in front

of and within each

microservice, ensuring they are:

• Connected

• Available

• Authenticated

• Secured

• Cached

• Load Balanced

• Accelerated

• Scaled

11

02

What’s new in

NGINX Plus R7?

NGINX Plus R7 extends our

capabilities as an enterprise-grade

load balancer, proxy,

& server platform

for the modern web.

MORE INFORMATION AT

NGINX.COM

Key New Features

● HTTP/2 - NGINX Plus now provides a fully supported implementation of the new HTTP/2 web

standard

● Performance - Support for socket sharding and thread pools give up to 9x improvement in

some cases

● Security - NTLM support for Microsoft application and new TCP security enhancements

improve the security and reliability of your applications

● Monitoring - Improved monitoring and diagnostics tools to help with tuning and debugging

● Visibility - Significantly enhanced status monitoring dashboard

HTTP/2

MORE INFORMATION AT

NGINX.COM

• HTTP/2 is the new standard for transmitting data over the internet.

• Ratified as a standard on February 17, 2015 by the IESG

• Supported by Firefox, Chrome and Safari (with iOS9 and El Capitan)

• Over 50% of users have a browser that supports HTTP/2

• Better performance through a few key optimizations:

• Connection multiplexing

• Single connection

• Binary Header encoding

• Header compression

• SSL not mandated by standard, but Firefox and Chrome won’t support without encryption

• Support will be by a special package: nginx-plus-http2

• No -extras package

• Regular nginx-plus* packages will support SPDY/3.1

HTTP/2 Overview

MORE INFORMATION AT

NGINX.COM

● All elements of a webpage are downloaded over a single connection for greater efficiency

● True multiplexing of requests across the connection

HTTP/2 vs. HTTP/1

MORE INFORMATION AT

NGINX.COM

• HTTP/2 Gateway - NGINX Plus translates HTTP/2 into a protocol existing app servers can understand

• Backwards Compatibility - Using NPN, NGINX Plus can support HTTP/2 alongside older browsers that only run

HTTP/1.x

How NGINX Supports HTTP/2

Performance

MORE INFORMATION AT

NGINX.COM

• Improves performance up to 9x for disk based workloads such as caching or serving static content

• Disk operations are slow in general and blocking in Linux

• If disk operation blocks, NGINX worker process blocks and can’t do productive work

• Instead of doing disk operation directly, worker process hands the work off to a ‘thread pool’

• After hand off, worker process continues on as usual

• Thread pool notifies worker process when disk operation is done

Thread Pools

MORE INFORMATION AT

NGINX.COM

Socket Sharding

• Improves performance up to 3x for workloads with short lived connections

• More efficient handoff of packets from Linux kernel to NGINX worker processes

• Linux kernel round robin load balances packets between worker processes

• Otherwise packets are put up for grabs to first available worker

• Requires SO_REUSEPORT socket option committed into Linux kernel 3.9

• Supported in Red Hat Enterprise Linux 7 or later and Ubuntu 13.10 or later

Security

MORE INFORMATION AT

NGINX.COM

• Microsoft standard used to authenticate users to services.

• Succeeded by Kerberos for modern Microsoft applications.

• Still used by legacy Microsoft applications and for some scenarios with modern Microsoft applications.

• Has a unique requirement that connections to backend servers are persistent and not multiplexed.

• NGINX Plus only

NTLM Support

MORE INFORMATION AT

NGINX.COM

• Connection Limiting

• Limit connections clients can have open at a time

• Slow down DDoS attackers

• Access Controls

• Create black/white lists of IP Addresses

• Quickly block malicious IPs

• Bandwidth Limits

• Limit client upload and download speed

• Prevent attackers from taking up precious bandwidth

TCP Load Balancing

MORE INFORMATION AT

NGINX.COM

NGINX F/OSS NGINX Plus

Core Features

• TCP load balancing

• Load-balancing methods

• PROXY_PROTOCOL support *

• SSL decryption and encryption

• TCP load balancing metrics and health check data

Compile-time option

RR, Hash, Least_Conn

Yes

Yes

Built-in

All, plus Least_Time

Yes

Yes

Yes

Dynamic Configuration

• DNS configuration

• Dynamic load balancing configuration

Static Dynamic

Upstream_Conf API

High Availability

• Passive health checks

• Application-aware health checks

• Slow-Start for recovered servers

Yes Yes

Yes

Yes

Security and Access Controls

• Access Controls *

• Bandwidth limiting *

• Client connection limits *

• Binding to a specific address *

• Server (upstream) connection limits

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Yes

Monitoring

MORE INFORMATION AT

NGINX.COM

• 499 errors - Client closed connection while server was processing request.

• NGINX worker restarts - The number of times the NGINX worker restarted. This helps to detect NGINX worker

process crashes.

• NGINX reloads - The number of times NGINX was reloaded. This confirms that NGINX was actually reloaded,

or that it failed due to various reasons such as improper configuration.

• Queue overflows - Measures how well a server handles load. A high number of queue overflows indicates a

server that is struggling to keep up.

• SSL handshakes - The number of SSL handshakes completed.

• SSL sessions reused - The number of SSL sessions that were reused from an earlier session.

• New SSL sessions - The number of new SSL sessions negotiated.

• NGINX Plus only

New counters

Visibility

MORE INFORMATION AT

NGINX.COM

Old vs. New

MORE INFORMATION AT

NGINX.COM

• Health - Quickly identify failed servers

• Load - High Req/s and connection count can indicate a heavily loaded system or DDoS attack

• Cache - Learn the current state of the content cache

Dashboard Overview

MORE INFORMATION AT

NGINX.COM

• Start from the dashboard and quickly drill down for more specific data

• Tabs have easy red, yellow, green indicators for quick identification of health problems

Tabbed Navigation

MORE INFORMATION AT

NGINX.COM

• Quickly identify failed servers

• “Failed only” button to display only failed servers.

• Responses from servers broken down by response code

• A large number of 4xx or 5xx errors can indicate problems with backend server

• Monitor how much bandwidth is being used by each server

• Compare different servers in the pool and how evenly the traffic is being spread

• Click pencil icon to temporarily add/remove/modify servers

Upstream view

MORE INFORMATION AT

NGINX.COM

• Quickly add in a new server

• Only Server address field is required

• Changes are temporary and do not persist

across a reload

• Uses the NGINX Plus dynamic reconfiguration

API

Upstream view

MORE INFORMATION AT

NGINX.COM

• Hit ratio tracks how well the cache is performing

• A low hit ratio indicates most responses are missing the cache and going directly to backend

• Convenient red, yellow, green indicators

• Capacity bar shows how full the cache is

• Warm/cold indicator for whether or not the cache is ready to be used

Cache view

MORE INFORMATION AT

NGINX.COM

• Tooltips throughout the dashboard give more detailed information about upstream servers, configuration reloads,

cache status, and any error messages.

• Server zones view gives data on NGINX Plus interaction with clients

• Contains equivalent views for TCP and HTTP traffic

• Can also temporarily add/remove/modify backend servers for TCP applications

• NGINX Plus only

And More...

Even more features

MORE INFORMATION AT

NGINX.COM

• Improved HLS streaming - Support for the start, end, and offset HLS tags for m3u8 URLs. This allows content

publishers to easily publish links to fragments of a video stream.

• Content modification - The sub_filter module has been extended to support variables and chains of substitutions,

making more complex changes possible. You can also use it to insert content into HTML pages, such as boilerplate text,

without having to modify the original HTML content.

• $upstream_connect_time - A new NGINX variable that tracks the time it takes to connect to a back-end server.

Slower servers will have a larger connect time.

• Config dump - nginx -T on the command line dumps the parsed NGINX configuration. Useful for archiving purposes

or when filing a support ticket.

• More configurable TCP load balancing - The proxy_bind, tcp_nodelay, proxy_protocol, and the backlog

parameter to the listen directives are all now configurable parameters.

• Redis support – The lua-resty-redis NGINX module is now included natively in the NGINX Plus Extras package. It

enables NGINX Plus to interact with a Redis database (for example, to get and set values).

• Updated Phusion Passenger module - The Phusion Passenger module has been updated to version 5.0.11.

Even more features

MORE INFORMATION AT

NGINX.COM

Learn more

• NGINX Plus R7 overview with code samples

• nginx.com/r7

• NGINX white paper on HTTP/2 and how to deploy it with NGINX and NGINX Plus

• nginx.com/http2-wp

• Special edition ebook on HTTP/2 and web performance by Ilya Grigorik of Google

• nginx.com/http2-ebook

• A demo of the new NGINX Plus dashboard

• demo.nginx.com

MORE INFORMATION AT

NGINX.COM

Summary

• Fully-supported HTTP/2 implementation

• Socket sharding and thread pools improve performance up to 9x

• NTLM support for Microsoft applications and more security for TCP applications

• Improved monitoring and diagnostics with additional counters

• Significantly enhanced dashboard

• …And a handful of tweaks and enhancements

03

Questions?