Accelerating OTT video platforms with Varnish - London Video Tech meetup 2020

Transcript

1. ACCELERATING OTT VIDEO PLATFORMS WITH VARNISH BY THIJS FERYN

2. I'M NOT A VIDEO EXPERT

3. Slow websites SUCK

4. None

5. is bollocks

6. CONTENT DELIVERY CHALLENGES

7. STABILITY

8. REDUCE LATENCY

9. SERVER CAPACITY

10. NETWORK CAPACITY

11. THROWING SERVERS AT THE PROBLEM

12. MO' MONEY MO' SERVERS MO' PROBLEMS

13. CACHE

14. DON’T RECOMPUTE IF THE DATA HASN’T CHANGED

15. HI, I'M THIJS

16. I'M AN EVANGELIST AT

17. None
18. None

19. +-5,000,000 WEBSITES 20% OF THE TOP 10K WEBSITES

20. None

21. MORE THAN 750M VIEWERS PER MONTH

22. None

23. I'M @THIJSFERYN

24. None

25. VIDEO IS BIG & BROAD INDUSTRY

26. DELIVERY

27. None

28. NORMALLY CLIENT SERVER

29. WITH REVERSE CACHING PROXY CLIENT PROXY SERVER

30. None

31. WHY NOT USE A CDN?

32. VARNISH IS CDN SOFTWARE!

33. VARNISH VARNISH VARNISH ORIGIN

34. CDN CDN CDN ORIGIN VARNISH

35. STREAM.M3U8 STREAM_01.TS STREAM_02.TS STREAM_03.TS THESE WILL BE CACHED

36. WHY IS VARNISH SO POWERFUL?

37. WHY IS VARNISH SO POWERFUL? ✓ EXTREMELY LOW RESOURCE ✓

    EXTREMELY STABLE ✓ 100 GBIT PER SERVER ✓ REQUEST COALESCING ✓ VARNISH CONFIGURATION LANGUAGE ✓ VMODS ✓ COMPLIES TO HTTP BEST PRACTICES

38. ORIGIN VARNISH REQUEST COALESCING QUEUED CONNECTIONS SINGLE BACKEND FETCH

39. ORIGIN VARNISH GRACE SERVE STALE OBJECT BACKGROUND FETCH

40. Cache-control: public, max-age=3600, s-maxage=86400, stale-while-revalidate=100 GRACE TTL

41. vcl 4.1; backend default { .host = "origin"; .port =

    "80"; } sub vcl_backend_response { if(bereq.url == "/vod/master.m3u8" ){ set beresp.grace = 1h; } }

42. VARNISH CONFIGURATION LANGUAGE

43. None
44. None

45. vcl 4.1; backend origin { .host = "1.2.3.4"; .port =

    "80"; } sub vcl_recv { if(req.url ~ "^/(live|vod)/") { unset req.http.authorization; unset req.http.cookie; } } sub vcl_backend_response { if(bereq.url ~ "^/(live|vod)/") { unset beresp.http.set-cookie; set beresp.grace = 5s; } if(bereq.url ~ "^/live/.*\.m3u8") { set beresp.ttl = 1ms; } if(bereq.url ~ "^/vod/.*\.m3u8") { set beresp.ttl = 3600s; } }

46. LIVE STREAMING VS VIDEO ON DEMAND

47. LIVE ✓ LOW LATENCY ✓ CONSTANT PLAYLIST UPDATES ✓ LOW

    TTL ON PLAYLISTS ✓ ONLY THE LAST X SEGMENTS ARE REQUIRED ✓ SEGMENT SIZE TRADEOFF

48. VOD ✓ NO PLAYLIST UPDATES ✓ HIGH TTL ON PLAYLISTS

    ✓ PRE-FETCHING POSSIBLE ✓ ALL SEGMENTS ARE REQUIRED ✓ STORAGE REQUIREMENTS

49. STORAGE

50. HEAD VS LONG TAIL HEAD LONG TAIL

51. WHERE VARNISH STORES ITS OBJECTS ✓ MEMORY ✓ DISK ✓

    MASSIVE STORAGE ENGINE (ENTERPRISE ONLY)

52. MSE ✓ MIX OF MEMORY AND DISK ✓ SMARTER LRU

    ✓ PRE-ALLOCATED LARGE FILES ON DISK ✓ LESS DISK FRAGMENTATION ✓ INTELLIGENT STORAGE ROUTING

53. env: { id = "myenv"; memcache_size = "100G"; }; MSE.CONF

54. env: { id = "myenv"; memcache_size = "100G"; books =

    ( { id = "book1"; directory = "/var/lib/mse/book1"; database_size = "1G"; stores = ( { id = "store-1-1"; filename = "/var/lib/mse/stores/disk1/store-1-1.dat"; size = "2T"; tags = ( "slow", "sata" ); }, { tags = ( "fast", "ssd" ); id = "store-1-2"; filename = "/var/lib/mse/stores/disk2/store-1-2.dat"; size = "500G"; } ); }); default_stores = "none"; }; MSE.CONF

55. mkfs.mse -c /var/lib/mse/mse.conf CREATE FILES

56. varnishd -s mse,/var/lib/mse/mse.conf ATTACH TO VARNISH

57. ROUND-ROBIN STORE SELECTION

58. vcl 4.1; import mse; sub vcl_backend_response { mse.set_weighting(size); } SIZE

    AVAILABLE SMOOTH

59. vcl 4.1; import mse; sub vcl_backend_response { if (beresp.ttl <

    120s) { mse.set_stores("none"); } else { if (beresp.http.Transfer-Encoding ~ "chunked" || beresp.http.Content-Length > 1M) { mse.set_stores("sata"); } else { mse.set_stores("fast"); } } }

60. DECISION MAKING AT THE EDGE

61. DIGITAL RIGHTS MANAGEMENT*

62. #EXTM3U #EXT-X-VERSION:3 #EXT-X-TARGETDURATION:5 #EXT-X-MEDIA-SEQUENCE:15 #EXT-X-KEY:METHOD=AES-128,URI="/live/ enc.key",IV=0x230f26620bfafa3cd420cb68c0647415 #EXTINF:3.200000, stream_015.ts #EXTINF:4.800000, stream_016.ts

    #EXTINF:3.200000, stream_017.ts #EXTINF:4.800000, stream_018.ts #EXTINF:1.088000, stream_019.ts #EXT-X-ENDLIST DECRYPTION KEY

63. .TS FILES ARE ENCODED AND CAN ONLY BE DECODED BY

    THE PLAYER

64. ENC.KEY SHOULD BE PROTECTED

65. vcl 4.1; backend default { .host = "1.2.3.4"; .port =

    "80"; } sub vcl_recv { if(req.url ~ "^/live/enc.key") { if (req.http.Authorization != "Basic YWRtaW46YWRtaW4=") { return (synth(401, "Restricted")); } } unset req.http.Authorization; } sub vcl_synth { if (resp.status == 401) { set resp.http.WWW-Authenticate = {"Basic realm="Restricted area""}; } }

66. VALIDATE SESSION FROM REDIS

67. vcl 4.1; import cookieplus; import redis; import kvstore; backend default

    { .host = "origin"; .port = "80"; } sub vcl_init { new authorized_sessions = kvstore.init(); new db = redis.db( location="redis:6379", type=master, connection_timeout=500, shared_connections=false, max_connections=1); }

68. sub vcl_recv { if(req.url ~ "^/live/enc.key") { if(authorized_sessions.get(cookieplus.get("PHPSESSID"),"empty") == "empty")

    { db.command("GET"); db.push("PHPREDIS_SESSION:"+cookieplus.get("PHPSESSID")); db.execute(); if(db.get_string_reply() !~ "authorized\|b\:1\;") { authorized_sessions.set(cookieplus.get("PHPSESSID"),"false"); return (synth(401, "Not Authorized")); } else { authorized_sessions.set(cookieplus.get("PHPSESSID"),"true", 10s); } } elseif(authorized_sessions.get(cookieplus.get("PHPSESSID")) == "false") { return (synth(401, "Not Authorized")); } } }

69. GEO FEATURES

70. vcl 4.1; import mmdb; backend default { .host = "192.0.2.11";

    .port = "8080"; } # create a database object sub vcl_init { new geodb = mmdb.init("/path/to/db"); } sub vcl_recv { # retrieve the name of the request's origin set req.http.Country-Name = geodb.country_name(client.ip); # if the country doesn't come from Germany or Belgium, deny access if (req.http.Country-Name != "Germany" || req.http.Country-Name != "Belgium") { return (synth(403, "Sorry, only available in Germany and Belgium")); } } Geo blocking

71. vcl 4.1; import geodirector; import mmdb; backend us { .host

    = "us.example.com"; .port = "80"; } backend uk { .host = "uk.example.com"; .port = "80"; } backend be { .host = "be.example.com"; .port = "80"; } sub vcl_init { new geodb = mmdb.init("/path/to/db"); }

72. sub vcl_recv { set req.http.Country-Code = geodb.country_code(client.ip); if(req.http.Country-Code == "US")

    { set req.backend_hint = us; } elseif(req.http.Country-Code == "GB") { set req.backend_hint = uk; } else { set req.backend_hint = be; } } Geo backend selection

73. NO MORE ORIGIN

74. vcl 4.1; import file; backend default { .host = "origin";

    .port = "80"; } sub vcl_init { new root = file.init("/var/www/html/"); } sub vcl_backend_fetch { set bereq.backend = root.backend(); }

75. VIDEO SEGMENT PREFETCHING

76. vcl 4.1; import http; backend default { .host = "origin";

    .port = "80"; } sub vcl_recv { if (req.url ~ "^/vod/.+\.ts$") { http.init(0); http.req_set_max_loops(0,1); http.req_copy_headers(0); http.req_set_method(0, "HEAD"); set req.http.x-next-url = http.prefetch_next_url(); http.req_set_url(0, req.http.x-next-url); http.req_send_and_finish(0); } }

77. RATE LIMITING & THROTTLING

78. vcl 4.1; import vsthrottle; import tcp; backend default { .host

    = "origin"; .port = "80"; } sub vcl_recv { if (vsthrottle.is_denied(client.identity, 15, 10s, 60s)) { # Client has exceeded 15 reqs per 10s or get blocked for 60s return (synth(429, "Too Many Requests")); } # Download at 1 MB/s tcp.set_socket_pace(1000); }
79. None
80. None

81. THE VMOD ECOSYSTEM HTTPS://VARNISH-CACHE.ORG/VMODS/ HTTPS://DOCS.VARNISH-SOFTWARE.COM/VARNISH-CACHE-PLUS/VMODS/

82. FROM $0.20/H + 14 DAYS FREE TRIAL

83. None
84. None

85. HTTPS://FERYN.EU HTTPS://TWITTER.COM/THIJSFERYN HTTPS://INSTAGRAM.COM/THIJSFERYN