[HN Gopher] The 5-Hour CDN
___________________________________________________________________
The 5-Hour CDN
Author : robfig
Score : 148 points
Date : 2021-08-03 19:36 UTC (3 hours ago)
(HTM) web link (fly.io)
(TXT) w3m dump (fly.io)
| [deleted]
| vmception wrote:
| >The term "CDN" ("content delivery network") conjures Google-
| scale companies managing huge racks of hardware, wrangling
| hundreds of gigabits per second. But CDNs are just web
| applications. That's not how we tend to think of them, but that's
| all they are. You can build a functional CDN on an 8-year-old
| laptop while you're sitting at a coffee shop.
|
| huh yeah never thought about it
|
| I blame how CDNs are advertised for the visual disconnect
| youngtaff wrote:
| Some of the things they miss in the post are Cloudflare uses a
| customised version or Nginx, same with Fastly for Varnish (don't
| know about Netlify and ATS)
|
| Out of the box nginx doesn't support HTTP/2 prioritisation so
| building a CDN with nginx doesn't mean you're going ti be
| delivering as good service as Cloudflare
|
| Another major challenge with CDNs is peering and private
| backhaul, if you're not pushing major traffic then your customers
| aren't going to get the best peering with other carriers /
| ISPs...
| mike_d wrote:
| HTTP/2 prioritization is a lot of hype for a theoretical
| feature that yields little real world performance. When a
| client is rendering a page, it knows what it needs in what
| order to minimize blocking. The server doesn't.
| legrande wrote:
| I like to blog from the raw origin and not use CDNs because if a
| blogpost is changed I have to manually purge the CDN cache, which
| can happen a lot. Also CDNs have the caveat in that if they're
| down, it can make a page load very slow since it tries to load
| the asset.
| tshaddox wrote:
| If you're okay with every request having the latency all the
| way to your origin, you can have the CDN revalidate its cache
| on every request. Your origin can just check date_updated (or
| similar) on the blog post to know if the cache is still valid
| without needing to do any work to look up and render the whole
| post.
|
| To further reduce load and latency to your origin, you can use
| stale-while-revalidate to allow the CDN to serve stale cache
| entries for some specified amount of time before requiring a
| trip to your origin to revalidate.
| cj wrote:
| > If you're okay with every request having the latency all
| the way to your origin, you can have the CDN revalidate its
| cache on every request.
|
| It's also worth mentioning that even when revalidating on
| every request (or not caching at all), routing through a CDN
| can still improve overall latency because the TLS can be
| terminated at a local origin server, significantly shortening
| the TLS handshake.
| spondyl wrote:
| Ah, the TLS shortening aspect of a CDN is something that
| seems obvious in hindsight but I'd never really thought
| about it. Thanks!
| champtar wrote:
| Also CDN providers will hopefully have good pearing. My
| company uses OpenVPN TCP on port 443 for maximum
| compatibility. When around the globe the VPN is pretty
| slow, so I proxy the tcp connection via a cheap VPS, and
| speed goes from maybe 500kbit/s to 10Mbit/s, just because
| the VPS provider pearing is way better than my company
| "business internet". (The VPS is in the same country as the
| VPN server).
| raro11 wrote:
| I set an s-maxage of at least a minute. Keeps my servers from
| being hugged to death while not having to invalidate manually.
| jabo wrote:
| Love the level of detail that Fly's articles usually go into.
|
| We have a distributed CDN-like feature in the hosted version of
| our open source search engine [1] - we call it our "Search
| Delivery Network". It works on the same principles, with the
| added nuance of also needing to replicate data over high-latency
| networks between data centers as far apart as Sao Paulo and
| Mumbai for eg. Brings with it another fun set of challenges to
| deal with! Hoping to write about it when bandwidth allows.
|
| [1] https://cloud.typesense.org
| Rd6n6 wrote:
| Sounds like a fun weekend project
| ksec wrote:
| It is strange that you put a Time duration in front of CDN (
| content delivery network ), because given all the recent incident
| with Fastly, Akamai and Bunny, I read it as 5 hours Centralised
| Downtime Network.
| chrisweekly wrote:
| This is so great. See also https://fly.io/blog/ssh-and-user-mode-
| ip-wireguard/
| babelfish wrote:
| fly.io has a fantastic engineering blog. Has anyone used them as
| a customer (enterprise or otherwise) and have any thoughts?
| mike_d wrote:
| I run my own worldwide anycast network and still end up
| deploying stuff to Fly because it is so much easier.
|
| The folks who actually run the network for them are super
| clueful and basically the best in the industry.
| cgarvis wrote:
| just started to use them for an elixir/phoenix project. multi
| region with distributed nodes just works. feels almost
| magically after all the aws work I've done the past few years.
| tiffanyh wrote:
| What's magically?
|
| I was under the impression that fly.io today (though they are
| working on it) doesn't do anything unique to make hosting
| elixir/Phoenix app easier.
|
| See this comment by the fly.io team.
|
| https://news.ycombinator.com/item?id=27704852
| mcintyre1994 wrote:
| They're not doing anything special to make Elixir
| specifically better yet, but their private networking is
| already amazing for it - you can cluster across arbitrary
| regions completely trivially. It's a really good fit for
| Elixir clustering as-is even without anything specially
| built for it. I have no idea how you'd do multi-region
| clustering in AWS but I'm certain it'd be a lot harder.
| alopes wrote:
| I've used them in the past. All I can say is that the support
| was (and probably still is) fantastic.
| joshuakelly wrote:
| Yes, I'm using it. I deploy a TypeScript project that runs in a
| pretty straightforward node Dockerfile. The build just works -
| and it's smart too. If I don't have a Docker daemon locally, it
| creates a remote one and does some WireGuard magic. We don't
| have customers on this yet, but I'm actively sending demos and
| rely on it.
|
| Hopefully I'll get to keep working on projects that can make
| use of it because it feels like a polished 2021 version of
| Heroku era dev experience to me. Also, full disclosure, Kurt
| tried to get me to use it in YC W20 - but I didn't listen
| really until over a year later.
| parentheses wrote:
| Author has a great sense of humor. I love it!
| simonw wrote:
| This article touches on "Request Coalescing" which is a super
| important concept - I've also seen this called "dog-pile
| prevention" in the past.
|
| Varnish has this built in - good to see it's easy to configure
| with NGINX too.
|
| One of my favourite caching proxy tricks is to run a cache with a
| very short timeout, but with dog-pile prevention baked in.
|
| This can be amazing for protecting against sudden unexpected
| traffic spikes. Even a cache timeout of 5 seconds will provide
| robust protection against tens of thousands of hits per second,
| because request coalescing/dog-pile prevention will ensure that
| your CDN host only sends a request to the origin a maximum of
| once ever five seconds.
|
| I've used this on high traffic sites and seen it robustly absorb
| any amount of unauthenticated (hence no variety on a per-cookie
| basis) traffic.
| anonymoushn wrote:
| Do you know if varnish's request coalescing allows it to send
| partial responses to every client? For example, if an origin
| server sends headers immediately then takes 10 minutes to send
| the response body at a constant rate, will every client have
| half of the response body after 5 minutes?
|
| Thanks!
| simonw wrote:
| I don't know for certain, but my hunch is that it streams the
| output to multiple waiting clients as it receives it from the
| origin. Would have to do some testing to confirm that though.
| amirhirsch wrote:
| This is cool and informative and Kurt's writing is great:
|
| The briny deeps are filled with undersea cables, crying out
| constantly to nearby ships: "drive through me"! Land isn't much
| better, as the old networkers shanty goes: "backhoe, backhoe,
| digging deep -- make the backbone go to sleep".
___________________________________________________________________
(page generated 2021-08-03 23:00 UTC)