SlideShare une entreprise Scribd logo

NGINX.conf 2016 - Fail in order to succeed ! Designing Microservices for failure with NGINX

Dragos Dascalita Haut
Dragos Dascalita Haut

If you didn’t fail with microservices at least once you didn’t really try anything new! Even though microservices are an established architectural style in the industry, they still come with their own challenges. This session from nginx.conf 2016 focuses on a topic that is usually overlooked in the early stages of building a microservices architecture: traffic management. It comes into the picture after we fail an SLA, whether the cause is a misbehaving client, a legitimate increase of traffic, or a DDoS attack. We then start asking questions like how to ensure a fair usage policy for clients across microservices, how to protect clients from an abusive peer that is generating a spike in traffic, and how to protect microservices themselves from abusive clients. NGINX comes with options for rate limiting that usually work great for a single node. Extending NGINX's capabilities to distributed environments increases the complexity of the solution. Can rate limiting be applied transparently without visible impact on latency? Is it easy to scale? Is it reliable? In this session, Adobe's Dragos Dascalita Haut introduces an open source solution contributed by Adobe I/O and used with success in real-life scenarios. The solution is based on an asynchronous communication model that supports high-throughput scenarios with minimum impact on latency. If you've had similar problems in the past or if you're concerned about how clients interact with your microservices then this session is for you.

Ingénierie
1  sur  48
Télécharger pour lire hors ligne
Fail In Order to Succeed Designing Microservices for failure with NGINX Dragos Dascalita Haut Project Lead, Adobe I/O
#nginx #nginxconf If you didn’t fail with microservices at least once you didn’t really try anything new! 2
#nginx #nginxconf The harder you push the system, the harder it pushes back 3 Arie De Geus
#nginx #nginxconf4
#nginx #nginxconf5
#nginx #nginxconf6
#nginx #nginxconf7
#nginx #nginxconf8 502
#nginx #nginxconf9 Some reasons for failures 1. A client that misbehaves 2. A spike in demand 3. DDoS 4. A failure in one component generating a cascading effect
Traffic Management with NGINX
OPENRESTY • Nginx Lua Module • Nginx Redis • Headers more • Set misc • LuaJIT • …. API Gateway Modules • Request Validation • Throttling & Rate Limiting • HTTP Logger NGINX • Upstream • HTTP Proxy • PCRE • SSL • …. API GATEWAY :" …TAKE ONE OF THE MOST POPULAR WEB SERVER AND ADD API GATEWAY CAPABILITIES TO IT…"
#nginx #nginxconf12 How we started ngx_http_limit_req_module
#nginx #nginxconf13 1. limit_req_zone $binary_remote_addr zone=gold:10m rate=300r/m; 2. limit_req_zone $binary_remote_addr zone=silver:10m rate=30r/m; 4. server { 5. ... 6. location /login.html { 7. limit_req zone=silver burst=5; 8. ... 9. } 10.} Limit the rate of requests Limit to 30 requests per minute
#nginx #nginxconf14 1. limit_conn_zone $binary_remote_addr zone=conn_zone:10m; 3. server { 4. ... 5. location /store { 6. limit_conn conn_zone 10; 7. ... 8. } 9. } Limit the number of connections Limit to maximum 10 connections for each client IP address
#nginx #nginxconf15 Setup api gw api gw Service A Service A Service B Service B Service B Load Balancer Tier Microservice Tier
#nginx #nginxconf16 NGINX NGINX Service A Service A Service B Service B Service B Load Balancer Tier Microservice Tier How to limit ServiceA to 10 r/m cross multiple NGINX nodes ? Problem
#nginx #nginxconf17 NGINX NGINX Service A Service A Service B Service B Service B How to limit ServiceA to 10 r/m cross multiple NGINX nodes ? Problem What happens when a new node comes up ? NGINX
#nginx #nginxconf18 NGINX NGINX Service A Service A Service B Service B Service B How to limit ServiceA to 10 r/m cross multiple NGINX nodes ? Problem What happens when a new node comes up ? NGINX … or goes away
#nginx #nginxconf19 Pros: Cons: Easy to configure Easy to manage Works well for a single node Can’t define rules at a cluster level Can’t apply dynamic rules per location i.e. allow one app to send 1000 requests and another 10 requests ngx_http_limit_req_module
#nginx #nginxconf20 Building a distributed solution in NGINX
#nginx #nginxconf21 Requirements 1. Work in a distributed environment. 2. Async. Don’t add extra latency to the request when checking quotas. 3. High-performance. Sustain hundreds of thousands of requests/ second. 4. Adaptive. NGINX instances may come up or may go away at any time. 5. Fail-safe. In the event the solution doesn’t function then all traffic should be permitted until it recovers.
#nginx #nginxconf22 Assumptions 1. The intent is rather to allow than to block • the focus is to ensure a fair usage policy 2. Favor performance instead of precision • rather allow a small % over the limit instead of adding latency to the request
#nginx #nginxconf23 Challenges 1. Maintain consistent distributed counters across the cluster 2. Asynchronous and non-blocking
#nginx #nginxconf24 Option #1 NGINX NGINX Maintain consistent counters across the cluster Nodes inform each other about their counters NGINX Challenges: Chatty : more nodes, more messages Maintaining consistent distributed counters is a complex problem Increase NGINX’s complexity
#nginx #nginxconf25 Option #2 NGINX NGINX Maintain consistent counters across the cluster Brokered Message Queue Tracking Microservice Usage data Usage data Usage data What to BLOCK or SLOW DOWN / DELAY What to BLOCK or SLOW DOWN / DELAY
#nginx #nginxconf26 Option #2 Maintain consistent counters across the cluster Challenges: Maintain a Brokered Message Queue. Is it needed ? Maintain a new Microservice to track the counters Improvements: Less chatty Moved distributed counters from NGINX into a Micro service
#nginx #nginxconf27 Option #3 NGINX NGINX Maintain consistent counters across the cluster MQ Tracking Microservice Pull usage data Pull usage data What to BLOCK or SLOW DOWN / DELAY MQ What to BLOCK or SLOW DOWN / DELAY Challenges: Embed a MQ with NGINX Maintain a new Microservice to track the counters Auto discovery of NGINX Nodes Improvements: Non Brokered Message Queue Moved distributed counters from NGINX into a Micro service
#nginx #nginxconf28 Selecting a Message Queue Maintain consistent counters across the cluster CANDIDATE / LANGUAGE PROS CONS Apache Kafka / Java, Scala • rated as highly performant, sustaining 2M messages • durable, messages being written to disk first • Zookeeper dependent • Brokered • Maintenance complexity • ActiveMQ / Java • popular • supports STOMP , AMQP, MQTT, XMPP • Spring integration • Brokered • Maintenance complexity RabbitMQ / Erlang • supports STOMP , AMQP, MQTT, XMPP • community support • Brokered • Maintenance complexity • slower than ZeroMQ nanomsg • performant socket lib • it promises a cleaner API than ZeroMQ • in beta when we analyzed it • no XPUB/XSUB Proxy ZeroMQ • around since 2007 • brokerless, designed for high throughput/low latency scenarios • embeddable in Nginx with C/C++/Lua bindings • pure Java implementation through JeroMQ • no auto-discoverability - need to use a Proxy ( XPUB/XSUB )
#nginx #nginxconf29 Moving ahead with Option #3 and ZMQ Maintain consistent counters across the cluster NGINX NGINX MQ Tracking Microservice Pull usage data Pull usage data What to BLOCK or SLOW DOWN / DELAY MQ What to BLOCK or SLOW DOWN / DELAY
#nginx #nginxconf30 Integrating ZeroMQ with NGINX Maintain consistent counters across the cluster NGINX Master Process ZeroMQ Adaptor Process NGINX Worker NGINX Worker NGINX Worker NGINX Worker XSUB Socket default - ipc:///tmp/ngx_queue_listen XPUB Socket default - tcp://0.0.0.0:6001 Tracking Microservice Pull usage data What to BLOCK or DELAY
#nginx #nginxconf31 Integrating ZeroMQ with NGINX Maintain consistent counters across the cluster NGINX Master Process ZeroMQ Adaptor Process NGINX Worker XSUB Socket default - ipc:///tmp/ngx_queue_listen
#nginx #nginxconf32 https://github.com/adobe-apiplatform/ Integrating ZeroMQ with NGINX Maintain consistent counters across the cluster
#nginx #nginxconf33 NGINX and Tracking Service Maintain consistent counters across the cluster Tracking Service Persists policies Sends ACTIONS to the Gateway based on the tracked information Concerned with the business rules managing throttling and rate limiting Allows only private access to its API NGINX Enforces policies Executes ACTIONS such as: TRACK BLOCK DELAY Unaware of the business rules Serves public traffic
#nginx #nginxconf34 Request flow API GATEWAY / NGINX Microservice ZeroMQ Adaptor Gateway Tracking Service ( GTS ) CLIENT 1 2 3 4 5 6 Asynchronous and Non-blocking
#nginx #nginxconf35 Integration with NGINX Gateway Tracking Service API API GATEWAY / NGINX ZeroMQ Adaptor Gateway Tracking Service (GTS) POST /api/policies/throttling [{ "id": 10, "softLimit": 2, "maxDelayPeriod": 2, "hardLimit": 5, "timeUnit": "SECONDS", "span": 10, "lastModified": 1438019079000, "domain": { "$service_id": "echo-service" }, "groupBy": ["$api_key"] }] POST /tracking/track [{ "id" : 1079000, "domain" : “echo-service;*;", "format" : “$service_id;$api_key;", "expire_at_utc" : 1472771655757, "action" : "TRACK" }] POST /tracking/block [{ "id" : 1079000, "domain" : “echo-service;app1;", "format" : “$service_id;$api_key;", "expire_at_utc" : 1472771550, "action" : "BLOCK" }] ZMQ MESSAGE 1472771550 1079000;echo-service;app1 <timstamp> <rule_id>;<domain> 1 2 3 4
#nginx #nginxconf36 DEMO
#nginx #nginxconf37 Local Setup API GATEWAY / NGINX Microservice ECHO ZeroMQ Adaptor Gateway Tracking Service Reporting Graphite Grafana UI TEST RUNNER 1 2 3 4 5 6
#nginx #nginxconf38 Adding a throttling policy POST /api/policies/throttling [{ "id": 10, "softLimit": 4, "maxDelayPeriod": 3, "hardLimit": 12, "timeUnit": "SECONDS", "span": 10, "lastModified": 1438019079000, "domain": { "$service_id": "echo-service" }, "groupBy": ["$api_key"] }] Gateway Tracking Service API low watermark specifying when to start DELAYing requests high watermark specifying when to start BLOCKing requests
#nginx #nginxconf39 Adding a throttling policy POST /api/policies/throttling [{ "id": 10, "softLimit": 2, "maxDelayPeriod": 2, "hardLimit": 5, "timeUnit": "SECONDS", "span": 10, "lastModified": 1438019079000, "domain": { "$service_id": "echo-service" }, "groupBy": ["$api_key"] }] Gateway Tracking Service API at what time intervals to enforce this policy
#nginx #nginxconf40 Adding a throttling policy POST /api/policies/throttling [{ "id": 10, "softLimit": 2, "maxDelayPeriod": 2, "hardLimit": 5, "timeUnit": "SECONDS", "span": 10, "lastModified": 1438019079000, "domain": { "$service_id": "echo-service" }, "groupBy": ["$api_key"] }] Gateway Tracking Service API enforce the policy for all requests having service_id = “echo-service”enforce the limits for each application
#nginx #nginxconf41 Deleting a throttling policy DELETE /api/policies/throttling/<policy_id> Gateway Tracking Service API Listing all policies GET /api/policies/throttling
#nginx #nginxconf42 Defining an application plan POST /api/policies/throttling [{ "id": 10, "softLimit": 2, "maxDelayPeriod": 2, "hardLimit": 5, "timeUnit": "SECONDS", "span": 10, "lastModified": 1438019079000, "domain": { "$service_id": “echo-service”, “$app_plan": “silver”, } }] Gateway Tracking Service API add in addition an identified for the app. $api_key variable could be used as well
#nginx #nginxconf43 Throttle by HTTP Verb POST /api/policies/throttling [{ "id": 15, "hardLimit": 5, "timeUnit": "SECONDS", "span": 10, "lastModified": 1438019079000, "domain": { "$service_id": “echo-service”, “$request_method”: “POST”, } }] Gateway Tracking Service API request_method is a built-in variable in NGINX Limits all POST request for “echo-service” to 5 requests/10 seconds
#nginx #nginxconf44 With a 3s delay "softLimit": 4, "maxDelayPeriod": 3, "hardLimit": 12 "hardLimit": 12 Without delay DELAY vs BLOCK
#nginx #nginxconf45 Extending Tracking Service to dynamically rewrite requests Use the same method but instead of blocking or delaying requests, rewrite them Useful for beta testing without affecting the real traffic
#nginx #nginxconf46 Adjust limits dynamically Measure by QoS (i.e. response time ) Measure by the Capacity of the service if there aren’t so many consumers allow the current ones to use the remaining capacity Enhancing Tracking Service
#nginx #nginxconf47
#nginx #nginxconf Thank You 48 https://www.linkedin.com/in/dragos-dascalita-haut @dragosche

Recommandé

NGINX.conf 2017 - Not all microservices are created equal ... some are server...
NGINX.conf 2017 - Not all microservices are created equal ... some are server...NGINX.conf 2017 - Not all microservices are created equal ... some are server...
NGINX.conf 2017 - Not all microservices are created equal ... some are server...
Dragos Dascalita Haut
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX Amplify
NGINX, Inc.
 
NGINX Installation and Tuning
NGINX Installation and TuningNGINX Installation and Tuning
NGINX Installation and Tuning
NGINX, Inc.
 
What's New in NGINX Plus R10?
What's New in NGINX Plus R10?What's New in NGINX Plus R10?
What's New in NGINX Plus R10?
NGINX, Inc.
 
Simplify Microservices with the NGINX Application Platform
Simplify Microservices with the NGINX Application PlatformSimplify Microservices with the NGINX Application Platform
Simplify Microservices with the NGINX Application Platform
NGINX, Inc.
 
Serverless architecture: introduction & first steps
Serverless architecture: introduction & first stepsServerless architecture: introduction & first steps
Serverless architecture: introduction & first steps
The Software House
 
Nginx in production
Nginx in productionNginx in production
Nginx in production
Graham Weldon
 
How to Adopt Infrastructure as Code
How to Adopt Infrastructure as CodeHow to Adopt Infrastructure as Code
How to Adopt Infrastructure as Code
NGINX, Inc.
 

Recommandé

NGINX.conf 2017 - Not all microservices are created equal ... some are server...
NGINX.conf 2017 - Not all microservices are created equal ... some are server...NGINX.conf 2017 - Not all microservices are created equal ... some are server...
NGINX.conf 2017 - Not all microservices are created equal ... some are server...
Dragos Dascalita Haut
 
Improve App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX AmplifyImprove App Performance & Reliability with NGINX Amplify
Improve App Performance & Reliability with NGINX Amplify
NGINX, Inc.
 
NGINX Installation and Tuning
NGINX Installation and TuningNGINX Installation and Tuning
NGINX Installation and Tuning
NGINX, Inc.
 
What's New in NGINX Plus R10?
What's New in NGINX Plus R10?What's New in NGINX Plus R10?
What's New in NGINX Plus R10?
NGINX, Inc.
 
Simplify Microservices with the NGINX Application Platform
Simplify Microservices with the NGINX Application PlatformSimplify Microservices with the NGINX Application Platform
Simplify Microservices with the NGINX Application Platform
NGINX, Inc.
 
Serverless architecture: introduction & first steps
Serverless architecture: introduction & first stepsServerless architecture: introduction & first steps
Serverless architecture: introduction & first steps
The Software House
 
Nginx in production
Nginx in productionNginx in production
Nginx in production
Graham Weldon
 
How to Adopt Infrastructure as Code
How to Adopt Infrastructure as CodeHow to Adopt Infrastructure as Code
How to Adopt Infrastructure as Code
NGINX, Inc.
 
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OSMicroservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
NGINX, Inc.
 
NGINX Plus R19 : EMEA
NGINX Plus R19 : EMEANGINX Plus R19 : EMEA
NGINX Plus R19 : EMEA
NGINX, Inc.
 
Deploying NGINX Plus & Kubernetes on Google Cloud Platform
Deploying NGINX Plus & Kubernetes on Google Cloud PlatformDeploying NGINX Plus & Kubernetes on Google Cloud Platform
Deploying NGINX Plus & Kubernetes on Google Cloud Platform
NGINX, Inc.
 
Continuous Delivery and Infrastructure as Code
Continuous Delivery and Infrastructure as CodeContinuous Delivery and Infrastructure as Code
Continuous Delivery and Infrastructure as Code
Sascha Möllering
 
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom DashboardsNGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX, Inc.
 
Microservices with NGINX pdf
Microservices with NGINX pdfMicroservices with NGINX pdf
Microservices with NGINX pdf
Katherine Bagood
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEANGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
NGINX, Inc.
 
NGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX: Basics and Best Practices
NGINX: Basics and Best Practices
NGINX, Inc.
 
Supercharge Application Delivery to Satisfy Users
Supercharge Application Delivery to Satisfy UsersSupercharge Application Delivery to Satisfy Users
Supercharge Application Delivery to Satisfy Users
NGINX, Inc.
 
What's new in NGINX Plus R9
What's new in NGINX Plus R9What's new in NGINX Plus R9
What's new in NGINX Plus R9
NGINX, Inc.
 
3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX
NGINX, Inc.
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
NGINX, Inc.
 
2600hz WebRTC Meetup at WeWork, San Francisco, CA
2600hz WebRTC Meetup at WeWork, San Francisco, CA2600hz WebRTC Meetup at WeWork, San Francisco, CA
2600hz WebRTC Meetup at WeWork, San Francisco, CA
2600Hz
 
Net Devops Overview
Net Devops OverviewNet Devops Overview
Net Devops Overview
Joel W. King
 
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
NGINX, Inc.
 
Microservice API Gateways with NGINX
Microservice API Gateways with NGINXMicroservice API Gateways with NGINX
Microservice API Gateways with NGINX
Geoffrey Filippi
 
What's new in NGINX Plus R19
What's new in NGINX Plus R19What's new in NGINX Plus R19
What's new in NGINX Plus R19
NGINX, Inc.
 
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX, Inc.
 
Cloud Native Lou - Networking
Cloud Native Lou - NetworkingCloud Native Lou - Networking
Cloud Native Lou - Networking
James Strong
 
Microservices Without the Hassle
Microservices Without the HassleMicroservices Without the Hassle
Microservices Without the Hassle
Fintan Ryan
 
Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
Kong Inc.
 
What’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEAWhat’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEA
NGINX, Inc.
 

Contenu connexe

Tendances

Deploying NGINX Plus & Kubernetes on Google Cloud Platform
Deploying NGINX Plus & Kubernetes on Google Cloud PlatformDeploying NGINX Plus & Kubernetes on Google Cloud Platform
Deploying NGINX Plus & Kubernetes on Google Cloud Platform
NGINX, Inc.
 
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom DashboardsNGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX, Inc.
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEANGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
NGINX, Inc.
 
3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX
NGINX, Inc.
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
NGINX, Inc.
 
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
NGINX, Inc.
 
Microservice API Gateways with NGINX
Microservice API Gateways with NGINXMicroservice API Gateways with NGINX
Microservice API Gateways with NGINX
Geoffrey Filippi
 
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX, Inc.
 

Tendances (20)

Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OSMicroservices and Container Management with NGINX Plus and Mesosphere DC/OS
Microservices and Container Management with NGINX Plus and Mesosphere DC/OS
 
NGINX Plus R19 : EMEA
NGINX Plus R19 : EMEANGINX Plus R19 : EMEA
NGINX Plus R19 : EMEA
 
Deploying NGINX Plus & Kubernetes on Google Cloud Platform
Deploying NGINX Plus & Kubernetes on Google Cloud PlatformDeploying NGINX Plus & Kubernetes on Google Cloud Platform
Deploying NGINX Plus & Kubernetes on Google Cloud Platform
 
Continuous Delivery and Infrastructure as Code
Continuous Delivery and Infrastructure as CodeContinuous Delivery and Infrastructure as Code
Continuous Delivery and Infrastructure as Code
 
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom DashboardsNGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
NGINX Amplify: Monitoring NGINX with Advanced Filters and Custom Dashboards
 
Microservices with NGINX pdf
Microservices with NGINX pdfMicroservices with NGINX pdf
Microservices with NGINX pdf
 
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEANGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
NGINX Controller: Configuration, Management, and Troubleshooting at Scale – EMEA
 
NGINX: Basics and Best Practices
NGINX: Basics and Best PracticesNGINX: Basics and Best Practices
NGINX: Basics and Best Practices
 
Supercharge Application Delivery to Satisfy Users
Supercharge Application Delivery to Satisfy UsersSupercharge Application Delivery to Satisfy Users
Supercharge Application Delivery to Satisfy Users
 
What's new in NGINX Plus R9
What's new in NGINX Plus R9What's new in NGINX Plus R9
What's new in NGINX Plus R9
 
3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX3 Ways to Automate App Deployments with NGINX
3 Ways to Automate App Deployments with NGINX
 
Using an API Gateway for Microservices
Using an API Gateway for MicroservicesUsing an API Gateway for Microservices
Using an API Gateway for Microservices
 
2600hz WebRTC Meetup at WeWork, San Francisco, CA
2600hz WebRTC Meetup at WeWork, San Francisco, CA2600hz WebRTC Meetup at WeWork, San Francisco, CA
2600hz WebRTC Meetup at WeWork, San Francisco, CA
 
Net Devops Overview
Net Devops OverviewNet Devops Overview
Net Devops Overview
 
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
Dynamic SSL Certificates and Other New Features in NGINX Plus R18 and NGINX O...
 
Microservice API Gateways with NGINX
Microservice API Gateways with NGINXMicroservice API Gateways with NGINX
Microservice API Gateways with NGINX
 
What's new in NGINX Plus R19
What's new in NGINX Plus R19What's new in NGINX Plus R19
What's new in NGINX Plus R19
 
NGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me AnythingNGINX Microservices Reference Architecture: Ask Me Anything
NGINX Microservices Reference Architecture: Ask Me Anything
 
Cloud Native Lou - Networking
Cloud Native Lou - NetworkingCloud Native Lou - Networking
Cloud Native Lou - Networking
 
Microservices Without the Hassle
Microservices Without the HassleMicroservices Without the Hassle
Microservices Without the Hassle
 

Similaire à NGINX.conf 2016 - Fail in order to succeed ! Designing Microservices for failure with NGINX

tuning-nginx-for-high-performance-nick-shadrin.pdf
tuning-nginx-for-high-performance-nick-shadrin.pdftuning-nginx-for-high-performance-nick-shadrin.pdf
tuning-nginx-for-high-performance-nick-shadrin.pdf
trihang02122018
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
NGINX, Inc.
 
What’s New in NGINX Plus R16?
What’s New in NGINX Plus R16?What’s New in NGINX Plus R16?
What’s New in NGINX Plus R16?
NGINX, Inc.
 
MRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service CommunicationMRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service Communication
NGINX, Inc.
 
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
MRA AMA Part 10: Kubernetes and the Microservices Reference ArchitectureMRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
NGINX, Inc.
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
NGINX, Inc.
 

Similaire à NGINX.conf 2016 - Fail in order to succeed ! Designing Microservices for failure with NGINX (20)

Microservices & API Gateways
Microservices & API Gateways Microservices & API Gateways
Microservices & API Gateways
 
What’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEAWhat’s New in NGINX Plus R15? - EMEA
What’s New in NGINX Plus R15? - EMEA
 
tuning-nginx-for-high-performance-nick-shadrin.pdf
tuning-nginx-for-high-performance-nick-shadrin.pdftuning-nginx-for-high-performance-nick-shadrin.pdf
tuning-nginx-for-high-performance-nick-shadrin.pdf
 
Load Balancing Applications with NGINX in a CoreOS Cluster
Load Balancing Applications with NGINX in a CoreOS ClusterLoad Balancing Applications with NGINX in a CoreOS Cluster
Load Balancing Applications with NGINX in a CoreOS Cluster
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open SourceTLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source
 
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controllerNGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
NGINX Lunch and Learn Event: Kubernetes and the NGINX Plus Ingress controller
 
What’s New in NGINX Plus R16?
What’s New in NGINX Plus R16?What’s New in NGINX Plus R16?
What’s New in NGINX Plus R16?
 
5 things you didn't know nginx could do velocity
5 things you didn't know nginx could do velocity5 things you didn't know nginx could do velocity
5 things you didn't know nginx could do velocity
 
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICESCENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
CENTRAL MANAGEMENT OF NETWORK AND CALL SERVICES
 
MRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service CommunicationMRA AMA Part 8: Secure Inter-Service Communication
MRA AMA Part 8: Secure Inter-Service Communication
 
Container orchestration and microservices world
Container orchestration and microservices worldContainer orchestration and microservices world
Container orchestration and microservices world
 
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
MRA AMA Part 10: Kubernetes and the Microservices Reference ArchitectureMRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
MRA AMA Part 10: Kubernetes and the Microservices Reference Architecture
 
What’s New in NGINX Plus R15?
What’s New in NGINX Plus R15?What’s New in NGINX Plus R15?
What’s New in NGINX Plus R15?
 
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEANGINX Kubernetes Ingress Controller: Getting Started – EMEA
NGINX Kubernetes Ingress Controller: Getting Started – EMEA
 
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEATLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
TLS 1.3 and Other New Features in NGINX Plus R17 and NGINX Open Source EMEA
 
NGINX Basics: Ask Me Anything – EMEA
NGINX Basics: Ask Me Anything – EMEANGINX Basics: Ask Me Anything – EMEA
NGINX Basics: Ask Me Anything – EMEA
 
NGINX_conf_2016_talk
NGINX_conf_2016_talkNGINX_conf_2016_talk
NGINX_conf_2016_talk
 
ITB2017 - Nginx ppf intothebox_2017
ITB2017 - Nginx ppf intothebox_2017ITB2017 - Nginx ppf intothebox_2017
ITB2017 - Nginx ppf intothebox_2017
 
NGINX: The Past, Present and Future of the Modern Web
NGINX: The Past, Present and Future of the Modern WebNGINX: The Past, Present and Future of the Modern Web
NGINX: The Past, Present and Future of the Modern Web
 
Introduccion Verdaccio ViennaJS
Introduccion Verdaccio ViennaJSIntroduccion Verdaccio ViennaJS
Introduccion Verdaccio ViennaJS
 

Dernier

VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
dharasingh5698
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Call Girls in Nagpur High Profile
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
ranjana rawat
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
Kamal Acharya
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
rknatarajan
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
ranjana rawat
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Call Girls in Nagpur High Profile
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur High Profile
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls in Nagpur High Profile
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
ranjana rawat
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Christo Ananth
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
Call Girls in Nagpur High Profile
 

Dernier (20)

VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTINGMANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
MANUFACTURING PROCESS-II UNIT-1 THEORY OF METAL CUTTING
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Online banking management system project.pdf
Online banking management system project.pdfOnline banking management system project.pdf
Online banking management system project.pdf
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 

NGINX.conf 2016 - Fail in order to succeed ! Designing Microservices for failure with NGINX

  • 1. Fail In Order to Succeed Designing Microservices for failure with NGINX Dragos Dascalita Haut Project Lead, Adobe I/O
  • 2. #nginx #nginxconf If you didn’t fail with microservices at least once you didn’t really try anything new! 2
  • 3. #nginx #nginxconf The harder you push the system, the harder it pushes back 3 Arie De Geus
  • 9. #nginx #nginxconf9 Some reasons for failures 1. A client that misbehaves 2. A spike in demand 3. DDoS 4. A failure in one component generating a cascading effect
  • 11. OPENRESTY • Nginx Lua Module • Nginx Redis • Headers more • Set misc • LuaJIT • …. API Gateway Modules • Request Validation • Throttling & Rate Limiting • HTTP Logger NGINX • Upstream • HTTP Proxy • PCRE • SSL • …. API GATEWAY :" …TAKE ONE OF THE MOST POPULAR WEB SERVER AND ADD API GATEWAY CAPABILITIES TO IT…"
  • 12. #nginx #nginxconf12 How we started ngx_http_limit_req_module
  • 13. #nginx #nginxconf13 1. limit_req_zone $binary_remote_addr zone=gold:10m rate=300r/m; 2. limit_req_zone $binary_remote_addr zone=silver:10m rate=30r/m; 4. server { 5. ... 6. location /login.html { 7. limit_req zone=silver burst=5; 8. ... 9. } 10.} Limit the rate of requests Limit to 30 requests per minute
  • 14. #nginx #nginxconf14 1. limit_conn_zone $binary_remote_addr zone=conn_zone:10m; 3. server { 4. ... 5. location /store { 6. limit_conn conn_zone 10; 7. ... 8. } 9. } Limit the number of connections Limit to maximum 10 connections for each client IP address
  • 15. #nginx #nginxconf15 Setup api gw api gw Service A Service A Service B Service B Service B Load Balancer Tier Microservice Tier
  • 16. #nginx #nginxconf16 NGINX NGINX Service A Service A Service B Service B Service B Load Balancer Tier Microservice Tier How to limit ServiceA to 10 r/m cross multiple NGINX nodes ? Problem
  • 17. #nginx #nginxconf17 NGINX NGINX Service A Service A Service B Service B Service B How to limit ServiceA to 10 r/m cross multiple NGINX nodes ? Problem What happens when a new node comes up ? NGINX
  • 18. #nginx #nginxconf18 NGINX NGINX Service A Service A Service B Service B Service B How to limit ServiceA to 10 r/m cross multiple NGINX nodes ? Problem What happens when a new node comes up ? NGINX … or goes away
  • 19. #nginx #nginxconf19 Pros: Cons: Easy to configure Easy to manage Works well for a single node Can’t define rules at a cluster level Can’t apply dynamic rules per location i.e. allow one app to send 1000 requests and another 10 requests ngx_http_limit_req_module
  • 20. #nginx #nginxconf20 Building a distributed solution in NGINX
  • 21. #nginx #nginxconf21 Requirements 1. Work in a distributed environment. 2. Async. Don’t add extra latency to the request when checking quotas. 3. High-performance. Sustain hundreds of thousands of requests/ second. 4. Adaptive. NGINX instances may come up or may go away at any time. 5. Fail-safe. In the event the solution doesn’t function then all traffic should be permitted until it recovers.
  • 22. #nginx #nginxconf22 Assumptions 1. The intent is rather to allow than to block • the focus is to ensure a fair usage policy 2. Favor performance instead of precision • rather allow a small % over the limit instead of adding latency to the request
  • 23. #nginx #nginxconf23 Challenges 1. Maintain consistent distributed counters across the cluster 2. Asynchronous and non-blocking
  • 24. #nginx #nginxconf24 Option #1 NGINX NGINX Maintain consistent counters across the cluster Nodes inform each other about their counters NGINX Challenges: Chatty : more nodes, more messages Maintaining consistent distributed counters is a complex problem Increase NGINX’s complexity
  • 25. #nginx #nginxconf25 Option #2 NGINX NGINX Maintain consistent counters across the cluster Brokered Message Queue Tracking Microservice Usage data Usage data Usage data What to BLOCK or SLOW DOWN / DELAY What to BLOCK or SLOW DOWN / DELAY
  • 26. #nginx #nginxconf26 Option #2 Maintain consistent counters across the cluster Challenges: Maintain a Brokered Message Queue. Is it needed ? Maintain a new Microservice to track the counters Improvements: Less chatty Moved distributed counters from NGINX into a Micro service
  • 27. #nginx #nginxconf27 Option #3 NGINX NGINX Maintain consistent counters across the cluster MQ Tracking Microservice Pull usage data Pull usage data What to BLOCK or SLOW DOWN / DELAY MQ What to BLOCK or SLOW DOWN / DELAY Challenges: Embed a MQ with NGINX Maintain a new Microservice to track the counters Auto discovery of NGINX Nodes Improvements: Non Brokered Message Queue Moved distributed counters from NGINX into a Micro service
  • 28. #nginx #nginxconf28 Selecting a Message Queue Maintain consistent counters across the cluster CANDIDATE / LANGUAGE PROS CONS Apache Kafka / Java, Scala • rated as highly performant, sustaining 2M messages • durable, messages being written to disk first • Zookeeper dependent • Brokered • Maintenance complexity • ActiveMQ / Java • popular • supports STOMP , AMQP, MQTT, XMPP • Spring integration • Brokered • Maintenance complexity RabbitMQ / Erlang • supports STOMP , AMQP, MQTT, XMPP • community support • Brokered • Maintenance complexity • slower than ZeroMQ nanomsg • performant socket lib • it promises a cleaner API than ZeroMQ • in beta when we analyzed it • no XPUB/XSUB Proxy ZeroMQ • around since 2007 • brokerless, designed for high throughput/low latency scenarios • embeddable in Nginx with C/C++/Lua bindings • pure Java implementation through JeroMQ • no auto-discoverability - need to use a Proxy ( XPUB/XSUB )
  • 29. #nginx #nginxconf29 Moving ahead with Option #3 and ZMQ Maintain consistent counters across the cluster NGINX NGINX MQ Tracking Microservice Pull usage data Pull usage data What to BLOCK or SLOW DOWN / DELAY MQ What to BLOCK or SLOW DOWN / DELAY
  • 30. #nginx #nginxconf30 Integrating ZeroMQ with NGINX Maintain consistent counters across the cluster NGINX Master Process ZeroMQ Adaptor Process NGINX Worker NGINX Worker NGINX Worker NGINX Worker XSUB Socket default - ipc:///tmp/ngx_queue_listen XPUB Socket default - tcp://0.0.0.0:6001 Tracking Microservice Pull usage data What to BLOCK or DELAY
  • 31. #nginx #nginxconf31 Integrating ZeroMQ with NGINX Maintain consistent counters across the cluster NGINX Master Process ZeroMQ Adaptor Process NGINX Worker XSUB Socket default - ipc:///tmp/ngx_queue_listen
  • 32. #nginx #nginxconf32 https://github.com/adobe-apiplatform/ Integrating ZeroMQ with NGINX Maintain consistent counters across the cluster
  • 33. #nginx #nginxconf33 NGINX and Tracking Service Maintain consistent counters across the cluster Tracking Service Persists policies Sends ACTIONS to the Gateway based on the tracked information Concerned with the business rules managing throttling and rate limiting Allows only private access to its API NGINX Enforces policies Executes ACTIONS such as: TRACK BLOCK DELAY Unaware of the business rules Serves public traffic
  • 34. #nginx #nginxconf34 Request flow API GATEWAY / NGINX Microservice ZeroMQ Adaptor Gateway Tracking Service ( GTS ) CLIENT 1 2 3 4 5 6 Asynchronous and Non-blocking
  • 35. #nginx #nginxconf35 Integration with NGINX Gateway Tracking Service API API GATEWAY / NGINX ZeroMQ Adaptor Gateway Tracking Service (GTS) POST /api/policies/throttling [{ "id": 10, "softLimit": 2, "maxDelayPeriod": 2, "hardLimit": 5, "timeUnit": "SECONDS", "span": 10, "lastModified": 1438019079000, "domain": { "$service_id": "echo-service" }, "groupBy": ["$api_key"] }] POST /tracking/track [{ "id" : 1079000, "domain" : “echo-service;*;", "format" : “$service_id;$api_key;", "expire_at_utc" : 1472771655757, "action" : "TRACK" }] POST /tracking/block [{ "id" : 1079000, "domain" : “echo-service;app1;", "format" : “$service_id;$api_key;", "expire_at_utc" : 1472771550, "action" : "BLOCK" }] ZMQ MESSAGE 1472771550 1079000;echo-service;app1 <timstamp> <rule_id>;<domain> 1 2 3 4
  • 37. #nginx #nginxconf37 Local Setup API GATEWAY / NGINX Microservice ECHO ZeroMQ Adaptor Gateway Tracking Service Reporting Graphite Grafana UI TEST RUNNER 1 2 3 4 5 6
  • 38. #nginx #nginxconf38 Adding a throttling policy POST /api/policies/throttling [{ "id": 10, "softLimit": 4, "maxDelayPeriod": 3, "hardLimit": 12, "timeUnit": "SECONDS", "span": 10, "lastModified": 1438019079000, "domain": { "$service_id": "echo-service" }, "groupBy": ["$api_key"] }] Gateway Tracking Service API low watermark specifying when to start DELAYing requests high watermark specifying when to start BLOCKing requests
  • 39. #nginx #nginxconf39 Adding a throttling policy POST /api/policies/throttling [{ "id": 10, "softLimit": 2, "maxDelayPeriod": 2, "hardLimit": 5, "timeUnit": "SECONDS", "span": 10, "lastModified": 1438019079000, "domain": { "$service_id": "echo-service" }, "groupBy": ["$api_key"] }] Gateway Tracking Service API at what time intervals to enforce this policy
  • 40. #nginx #nginxconf40 Adding a throttling policy POST /api/policies/throttling [{ "id": 10, "softLimit": 2, "maxDelayPeriod": 2, "hardLimit": 5, "timeUnit": "SECONDS", "span": 10, "lastModified": 1438019079000, "domain": { "$service_id": "echo-service" }, "groupBy": ["$api_key"] }] Gateway Tracking Service API enforce the policy for all requests having service_id = “echo-service”enforce the limits for each application
  • 41. #nginx #nginxconf41 Deleting a throttling policy DELETE /api/policies/throttling/<policy_id> Gateway Tracking Service API Listing all policies GET /api/policies/throttling
  • 42. #nginx #nginxconf42 Defining an application plan POST /api/policies/throttling [{ "id": 10, "softLimit": 2, "maxDelayPeriod": 2, "hardLimit": 5, "timeUnit": "SECONDS", "span": 10, "lastModified": 1438019079000, "domain": { "$service_id": “echo-service”, “$app_plan": “silver”, } }] Gateway Tracking Service API add in addition an identified for the app. $api_key variable could be used as well
  • 43. #nginx #nginxconf43 Throttle by HTTP Verb POST /api/policies/throttling [{ "id": 15, "hardLimit": 5, "timeUnit": "SECONDS", "span": 10, "lastModified": 1438019079000, "domain": { "$service_id": “echo-service”, “$request_method”: “POST”, } }] Gateway Tracking Service API request_method is a built-in variable in NGINX Limits all POST request for “echo-service” to 5 requests/10 seconds
  • 44. #nginx #nginxconf44 With a 3s delay "softLimit": 4, "maxDelayPeriod": 3, "hardLimit": 12 "hardLimit": 12 Without delay DELAY vs BLOCK
  • 45. #nginx #nginxconf45 Extending Tracking Service to dynamically rewrite requests Use the same method but instead of blocking or delaying requests, rewrite them Useful for beta testing without affecting the real traffic
  • 46. #nginx #nginxconf46 Adjust limits dynamically Measure by QoS (i.e. response time ) Measure by the Capacity of the service if there aren’t so many consumers allow the current ones to use the remaining capacity Enhancing Tracking Service