Download - What's New in NGINX Plus R7?
NGINX Plus R7
7 Oct 2015
01
What drives us?
Building a great application
is only half the battle,
delivering the application
is the other half.
Applications of the future
will be dramatically different
to the applications of today
MORE INFORMATION AT NGINX.COM
Modern Web, Modern Architecture
From Monolithic...Three-tier, J2EE-style architectures
Complex protocols (HTML, SOAP)
Persistent deployments
Fixed, static Infrastructure
Big-bang releases
Silo’ed teams (Dev, Test, Ops)
...to DynamicMicroservices
Lightweight (REST, Messaging)
Containers, VMs
SDN, NFV, Cloud
Continuous delivery
DevOps Culture
MORE INFORMATION AT NGINX.COM
Applications are made of Diverse componentsPHP, Ruby, JavaScript, Python,… diversity is the new standard
Applications are made of Transient componentsServers and containers are deployed and destroyed almost continually
Applications are made of Lightweight componentsSimple, highly-focused components are stitched together
Modern Web Applications are...
The modern web requires
a new approach
to application delivery
MORE INFORMATION AT NGINX.COM
Flawless Application Delivery
for the Modern Web8
Load Balancer Monitoring &
ManagementWeb ServerContent Cache Streaming Media
NGINX powers
today’s webscale companies
Application delivery for microservices
Adopters deploy NGINX in front
of and within each
microservice, ensuring they are:
• Connected
• Available
• Authenticated
• Secured
• Cached
• Load Balanced
• Accelerated
• Scaled
11
02
What’s new in
NGINX Plus R7?
NGINX Plus R7 extends our
capabilities as an enterprise-grade
load balancer, proxy,
& server platform
for the modern web.
MORE INFORMATION AT
NGINX.COM
Key New Features
● HTTP/2 - NGINX Plus now provides a fully supported implementation of the new HTTP/2 web
standard
● Performance - Support for socket sharding and thread pools give up to 9x improvement in
some cases
● Security - NTLM support for Microsoft application and new TCP security enhancements
improve the security and reliability of your applications
● Monitoring - Improved monitoring and diagnostics tools to help with tuning and debugging
● Visibility - Significantly enhanced status monitoring dashboard
HTTP/2
MORE INFORMATION AT
NGINX.COM
• HTTP/2 is the new standard for transmitting data over the internet.
• Ratified as a standard on February 17, 2015 by the IESG
• Supported by Firefox, Chrome and Safari (with iOS9 and El Capitan)
• Over 50% of users have a browser that supports HTTP/2
• Better performance through a few key optimizations:
• Connection multiplexing
• Single connection
• Binary Header encoding
• Header compression
• SSL not mandated by standard, but Firefox and Chrome won’t support without encryption
• Support will be by a special package: nginx-plus-http2
• No -extras package
• Regular nginx-plus* packages will support SPDY/3.1
HTTP/2 Overview
MORE INFORMATION AT
NGINX.COM
● All elements of a webpage are downloaded over a single connection for greater efficiency
● True multiplexing of requests across the connection
HTTP/2 vs. HTTP/1
MORE INFORMATION AT
NGINX.COM
• HTTP/2 Gateway - NGINX Plus translates HTTP/2 into a protocol existing app servers can understand
• Backwards Compatibility - Using NPN, NGINX Plus can support HTTP/2 alongside older browsers that only run
HTTP/1.x
How NGINX Supports HTTP/2
Performance
MORE INFORMATION AT
NGINX.COM
• Improves performance up to 9x for disk based workloads such as caching or serving static content
• Disk operations are slow in general and blocking in Linux
• If disk operation blocks, NGINX worker process blocks and can’t do productive work
• Instead of doing disk operation directly, worker process hands the work off to a ‘thread pool’
• After hand off, worker process continues on as usual
• Thread pool notifies worker process when disk operation is done
Thread Pools
MORE INFORMATION AT
NGINX.COM
Socket Sharding
• Improves performance up to 3x for workloads with short lived connections
• More efficient handoff of packets from Linux kernel to NGINX worker processes
• Linux kernel round robin load balances packets between worker processes
• Otherwise packets are put up for grabs to first available worker
• Requires SO_REUSEPORT socket option committed into Linux kernel 3.9
• Supported in Red Hat Enterprise Linux 7 or later and Ubuntu 13.10 or later
Security
MORE INFORMATION AT
NGINX.COM
• Microsoft standard used to authenticate users to services.
• Succeeded by Kerberos for modern Microsoft applications.
• Still used by legacy Microsoft applications and for some scenarios with modern Microsoft applications.
• Has a unique requirement that connections to backend servers are persistent and not multiplexed.
• NGINX Plus only
NTLM Support
MORE INFORMATION AT
NGINX.COM
• Connection Limiting
• Limit connections clients can have open at a time
• Slow down DDoS attackers
• Access Controls
• Create black/white lists of IP Addresses
• Quickly block malicious IPs
• Bandwidth Limits
• Limit client upload and download speed
• Prevent attackers from taking up precious bandwidth
TCP Load Balancing
MORE INFORMATION AT
NGINX.COM
NGINX F/OSS NGINX Plus
Core Features
• TCP load balancing
• Load-balancing methods
• PROXY_PROTOCOL support *
• SSL decryption and encryption
• TCP load balancing metrics and health check data
Compile-time option
RR, Hash, Least_Conn
Yes
Yes
Built-in
All, plus Least_Time
Yes
Yes
Yes
Dynamic Configuration
• DNS configuration
• Dynamic load balancing configuration
Static Dynamic
Upstream_Conf API
High Availability
• Passive health checks
• Application-aware health checks
• Slow-Start for recovered servers
Yes Yes
Yes
Yes
Security and Access Controls
• Access Controls *
• Bandwidth limiting *
• Client connection limits *
• Binding to a specific address *
• Server (upstream) connection limits
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Monitoring
MORE INFORMATION AT
NGINX.COM
• 499 errors - Client closed connection while server was processing request.
• NGINX worker restarts - The number of times the NGINX worker restarted. This helps to detect NGINX worker
process crashes.
• NGINX reloads - The number of times NGINX was reloaded. This confirms that NGINX was actually reloaded,
or that it failed due to various reasons such as improper configuration.
• Queue overflows - Measures how well a server handles load. A high number of queue overflows indicates a
server that is struggling to keep up.
• SSL handshakes - The number of SSL handshakes completed.
• SSL sessions reused - The number of SSL sessions that were reused from an earlier session.
• New SSL sessions - The number of new SSL sessions negotiated.
• NGINX Plus only
New counters
Visibility
MORE INFORMATION AT
NGINX.COM
Old vs. New
MORE INFORMATION AT
NGINX.COM
• Health - Quickly identify failed servers
• Load - High Req/s and connection count can indicate a heavily loaded system or DDoS attack
• Cache - Learn the current state of the content cache
Dashboard Overview
MORE INFORMATION AT
NGINX.COM
• Start from the dashboard and quickly drill down for more specific data
• Tabs have easy red, yellow, green indicators for quick identification of health problems
Tabbed Navigation
MORE INFORMATION AT
NGINX.COM
• Quickly identify failed servers
• “Failed only” button to display only failed servers.
• Responses from servers broken down by response code
• A large number of 4xx or 5xx errors can indicate problems with backend server
• Monitor how much bandwidth is being used by each server
• Compare different servers in the pool and how evenly the traffic is being spread
• Click pencil icon to temporarily add/remove/modify servers
Upstream view
MORE INFORMATION AT
NGINX.COM
• Quickly add in a new server
• Only Server address field is required
• Changes are temporary and do not persist
across a reload
• Uses the NGINX Plus dynamic reconfiguration
API
Upstream view
MORE INFORMATION AT
NGINX.COM
• Hit ratio tracks how well the cache is performing
• A low hit ratio indicates most responses are missing the cache and going directly to backend
• Convenient red, yellow, green indicators
• Capacity bar shows how full the cache is
• Warm/cold indicator for whether or not the cache is ready to be used
Cache view
MORE INFORMATION AT
NGINX.COM
• Tooltips throughout the dashboard give more detailed information about upstream servers, configuration reloads,
cache status, and any error messages.
• Server zones view gives data on NGINX Plus interaction with clients
• Contains equivalent views for TCP and HTTP traffic
• Can also temporarily add/remove/modify backend servers for TCP applications
• NGINX Plus only
And More...
Even more features
MORE INFORMATION AT
NGINX.COM
• Improved HLS streaming - Support for the start, end, and offset HLS tags for m3u8 URLs. This allows content
publishers to easily publish links to fragments of a video stream.
• Content modification - The sub_filter module has been extended to support variables and chains of substitutions,
making more complex changes possible. You can also use it to insert content into HTML pages, such as boilerplate text,
without having to modify the original HTML content.
• $upstream_connect_time - A new NGINX variable that tracks the time it takes to connect to a back-end server.
Slower servers will have a larger connect time.
• Config dump - nginx -T on the command line dumps the parsed NGINX configuration. Useful for archiving purposes
or when filing a support ticket.
• More configurable TCP load balancing - The proxy_bind, tcp_nodelay, proxy_protocol, and the backlog
parameter to the listen directives are all now configurable parameters.
• Redis support – The lua-resty-redis NGINX module is now included natively in the NGINX Plus Extras package. It
enables NGINX Plus to interact with a Redis database (for example, to get and set values).
• Updated Phusion Passenger module - The Phusion Passenger module has been updated to version 5.0.11.
Even more features
MORE INFORMATION AT
NGINX.COM
Learn more
• NGINX Plus R7 overview with code samples
• nginx.com/r7
• NGINX white paper on HTTP/2 and how to deploy it with NGINX and NGINX Plus
• nginx.com/http2-wp
• Special edition ebook on HTTP/2 and web performance by Ilya Grigorik of Google
• nginx.com/http2-ebook
• A demo of the new NGINX Plus dashboard
• demo.nginx.com
MORE INFORMATION AT
NGINX.COM
Summary
• Fully-supported HTTP/2 implementation
• Socket sharding and thread pools improve performance up to 9x
• NTLM support for Microsoft applications and more security for TCP applications
• Improved monitoring and diagnostics with additional counters
• Significantly enhanced dashboard
• …And a handful of tweaks and enhancements
03
Questions?