Load balancing at tuenti

Ricardo Bartolomé
Ricardo BartoloméSenior Systems Enginee at tuenti.com
Load balancing @Tuenti Ricardo Bartolomé, Senior Systems Engineer
Some numbers • +12M users. • 40 billion pageviews a month. • 40k req/s in core site at peak time (1.8 gbps). • 10k req/s in image routing layer (2gbps). • +500 frontend servers
Past • Linux boxes running LVS and ldirectord. • DSR strategy for load balancing. • Frontends used to have a external public IP. • Double investment in networking gear and its redundancy. • SSL balanced across all the frontends.
The (old) big picture HTTP request client External API HTTP response LVS External network f01 f02 fN Internal network
Present • New hardware. 4+1 LB instead of 10 LB (5+5) • New load balancing strategy using HAProxy layer 7 capabilities. • SSL terminated in the load balancers.
The big picture HTTP request External client API HTTP response HTTP External network HAProxy proxy Internal network HTTP response f01 f02 fN
Hardware • Intel Xeon X5677 (4 core, 8 threads @ 3.47GHz) • 8 gigabit network interfaces (Broadcon NextExtreme 5702 w/ multiqueue support) • 16 GB of memory
Networking • 4 links for internal and 4 for external • Connected to different stack member units • 4gbps theorical capacity limit per node. member unit 0 member unit 1 load balancer member unit 0 member unit 1
Networking • We tune IRQ SMP affinity for sharding IRQs across multiple cores that share the same L2 cache [1] • We do ECMP (Equal Cost Multi Path) [2] in our edge routers for sharding traffic across the load balancers. ip route 95.131.168.x/32 x.x.x.2 ip route 95.131.168.x/32 x.x.x.1 ip route 95.131.168.x/32 x.x.x.3 ip route 95.131.168.x/32 x.x.x.4 router lb lb lb lb
HAProxy: Why? • Layer7 load balancing: Content inspection, persistence, slow start, throttling, anti-DoS features, supervision, content switching, keep-alive, etc. • Very robust and reliable. • Designed to be a load balancer. • Offers high control over HTTP delivery and status: response codes, connections per frontend, queued request, etc.
HAProxy: Concepts • Frontend: Section where we listen() for incoming connections. • Backend: Pool of servers. We define algorithm, configure healthy checks, etc. • Listen section: frontend+backend. Useful for TCP. • Connection != request: One connection can hold multiple requests (keep-alive). Only the first one is analyzed, logged and processed.
HAProxy: Health checks • Standard health check # Backend section backend www_farm mode http balance roundrobin option httpchk GET /server_health # Servers server fe01 x.x.x.1:80 check inter 2s downinter 5s rise 2 fall 3 weight 100 server fe02 x.x.x.2:80 check inter 2s downinter 5s rise 2 fall 3 weight 100
HAProxy: Health checks • Observe mode # Backend section backend www_farm mode http balance roundrobin option httpchk GET /server_health observe layer7 # Servers server fe01 x.x.x.1:80 check inter 2s downinter 5s rise 2 fall 3 weight 100 server fe02 x.x.x.2:80 check inter 2s downinter 5s rise 2 fall 3 weight 100
HAProxy: Persistence • Cookie • URI & URI parameter • Source IP • Header (i.e. Host header) • RDP cookie (Anyone using MS Terminal Server?)
HAProxy: Cookie persistence • Map requests between cookie value and backend server. You can issue these cookies from the code and play with them. • Ideal for deploying code by stages, or caching locally user data. • If the server becomes unreachable the traffic will be directed to other server within the same pool.
HAProxy: Cookie persistence backend www mode http balance roundrobin option redispatch cookie mycookie insert maxidle 120 maxlife 900 indirect preserve domain .tuenti.com server fe01 1.1.1.1:80 weight 100 cookie 1111 server fe02 1.1.1.2:80 weight 100 cookie 1112 server fe03 1.1.1.3:80 weight 100 cookie 1113
HAProxy: URL persistence • Specially interesting for balancing HTTP caching servers (i.e.Varnish). Without this feature the cache pool will be inefficient. • The URLs are hashed and assigned to a server in the pool (using a modulo operation). A server will serve always the same object regardless of the load balancer that attends the request. • Adding/removing/losing servers to the pool is not harmful thanks to consistent hashing.
HAProxy: URL persistence map-based hashing A 1 7 B 2 8 C 3 9 D 4 E 5 F 6
HAProxy: URL persistence map-based hashing A 1 7 B 2 8 C 3 9 D 4 E 5 F 6
HAProxy: URL persistence map-based hashing A 1 7 1 6 B 2 8 2 7 C 3 9 3 8 D 4 10 4 9 E 5 5 10 F 6
HAProxy: URL persistence map-based hashing A 1 7 1 6 High miss rate. #FAIL B 2 8 2 7 C 3 9 3 8 D 4 10 4 9 E 5 5 10 F 6
HAProxy: URL persistence consistent hashing A 1 7 B 2 8 C 3 9 D 4 E 5 F 6
HAProxy: URL persistence consistent hashing A 1 7 B 2 8 C 3 9 D 4 E 5 F 6
HAProxy: URL persistence consistent hashing A 1 7 B 2 8 C 3 9 D 4 E 5 F 6
HAProxy: URL persistence consistent hashing A 1 7 B 2 8 C 3 9 D 4 1/6 misses = E ~17% miss 5 F 6
HAProxy: URL persistence Our images URLs always look like: http://img3.tuenti.net/HyUdrohQQAFnCyjMJ2ekAA We can choose the first block from the URI and use it for persistence decisions. # balance roundrobin balance uri depth 1 hash-type consistent
HAProxy: URL persistence Our images URLs always look like: http://img3.tuenti.net/MdlIdrAOilul8ldcRwD7AdzwAeAdB4AMtgAy We can choose the first block from the URI and use it for persistence decisions. # balance roundrobin balance uri depth 1 hash-type consistent
HAProxy: Content switching and ACLs • Same frontend, different backend. • Take decisions about which backend will attend the connection based on: • Layer 7 information (HTTP headers, methods, URI, version, status) • Layer4 information (source IP, destination IP, port) • Internal HAProxy information (amount of backend connections, active servers in the backend, etc) • Too much options for showing all on this presentation. [1]
HAProxy: Content switching and ACLs # Frontend section frontend http bind x.x.x.x:80 mode http option forwardfor except 127.0.0.1/8 header X-Forwarded-For # Farm content switching acl acl-api-uri path /api acl acl-mobile-site hdr(host) -i m.tuenti.com acl acl-cdn-service hdr(host) -i cdn.tuenti.net use_backend mobile_farm if acl-mobile-site use_backend api_farm if acl-api-uri use_backend cdn_farm if acl-cdn-service default_backend www_farm
HAProxy: Content switching and ACLs # Backend section backend www_farm mode http balance roundrobin # Servers server fe01 x.x.x.1:80 weight 100 server fe02 x.x.x.2:80 weight 100 backend mobile_farm mode http balance roundrobin # Servers server mfe01 x.x.x.1:80 weight 100
HAProxy: Content switching and ACLs # Another example using internal HAProxy information frontend http bind x.x.x.x:80 mode http option forwardfor except 127.0.0.1/8 header X-Forwarded-For # Insert 250ms delay if the session rate is over 35k req/s acl too_fast fe_sess_rate ge 35000 tcp-request inspect-delay 250ms tcp-request content accept if ! too_fast tcp-request content accept if WAIT_END
HAProxy: Content blocking # Another example using internal HAProxy information frontend http bind x.x.x.x:80 mode http option forwardfor except 127.0.0.1/8 header X-Forwarded-For # Block requests with negative Content-Length value acl invalid-cl hdr_val(content-length) le 0 block if invalid-cl
HAProxy: Slow start # Backend section backend www_farm mode http balance roundrobin option httpchk GET /server_health # Servers server fe01 x.x.x.1:80 check inter 2s downinter 5s slowstart 60s rise 2 fall 3 weight 100 server fe02 x.x.x.2:80 check inter 2s downinter 5s slowstart 60s rise 2 fall 3 weight 100
HAProxy: Graceful shutdown # Backend section backend www_farm mode http balance roundrobin option httpchk GET /server_health http-check disable-on-404 # Servers server fe01 x.x.x.1:80 check inter 2s downinter 5s slowstart 60s rise 2 fall 3 weight 100 server fe02 x.x.x.2:80 check inter 2s downinter 5s slowstart 60s rise 2 fall 3 weight 100
HAProxy: Monitoring •Traffic through different frontend interfaces. Easy to aggregate incoming/outgoing traffic. • Amount of different HTTP response codes • /proc/net/sockstat
HAProxy: Monitoring frontend stats1 mode http bind-process 1 bind :8081 default_backend haproxy-stats1 backend haproxy-stats1 bind-process 1 mode http stats enable stats refresh 60s stats uri / stats auth mgmt:password
Client-side load balancing • When user logs into the site the browser loads a javascript API. Browser talks to it. • Browser communicates with the API and this one uses EasyXDM. • Using application logic we control user request to a defined farm. • A/B testing based in any criteria. • Where are from? • How old are you?
Client-side load balancing ‘frontend_farm_map‘ => array( 1 => 'www1', // x% (Alava) 2 => 'www4', // y% (Albacete) 3 => 'www4', // z% (Alicante) … ) ‘users_using_staging => array( ‘level’ => ‘limited’, ‘percent’ => 10, )
SSL • TCP load balancing is not useful for us. • We deployed stunnel and it worked fine for a while. • Then we started to suffer contention when accepting new connections. • We are currently using stud [2] for terminating SSL in our load balancers.
SSL: Legal issues • You can’t use this strategy of SSL termination in your PCI compliant platform. • We transport client IP information into X-Forwarded-For headers in order to log users IPs because law enforcements. • We terminate SSL in the load balancer because balancing TCP (SSL) you can’t inform the backend about the client IP.
stud: The Scalable TLS Unwrapping Daemon • Supports both SSL and TLS using OpenSSL. • Uses a process-per-core model. • Asynchronous I/O using libev. • Very little overhead per connection. • Designed for long-living connections. • Supports PROXY protocol. • Recently they added inter-process communication [5].
PROXY protocol • Created by HAProxy [5] author for safely transport connection information across multiple layers of NAT or TCP proxies. • Native support in stud. Patches available for stunnel4. • We use it for stud informing to HAProxy about the real IP of the client, converting this information to X-Forwarded-For header that we can read and store in our application.
PROXY protocol # stud --ssl -c OPENSSL_CIPHERS -b 127.0.0.1 8888 -f x.x.x.x 443 -n 2 -u stud --write-proxy certificate.pem frontend http-localhost-proxy-443 bind 127.0.0.1:8888 accept-proxy mode http reqadd X-Protocol: SSL reqadd X-Port: 443 default_backend www_farm
REST API • Not official feature (yet) [6] • You can easily communicate to the server via HTTP. • Awesome for orchestrating your web tier.
Questions?
Related links http://software.intel.com/en-us/articles/improved-linux-smp-scaling- • [1] user-directed-processor-affinity/ • [2] http://en.wikipedia.org/wiki/Equal-cost_multi-path_routing • [3] stud repo: https://github.com/bumptech/stud • [4] Scaling SSL: http://blog.exceliance.fr/2011/11/07/scaling-out-ssl/ PROXY protocol: http://haproxy.1wt.eu/download/1.5/doc/proxy- • [5] protocol.txt • [6] REST API patch: https://github.com/jbuchbinder/haproxy-forked • HAProxy configuration doc: http://haproxy.1wt.eu/download/1.5/doc/configuration.txt
1 of 46

Load balancing at tuenti

Technology
Ricardo Bartolomé
Ricardo BartoloméSenior Systems Enginee at tuenti.com

Recommended

Kafka Connect - debezium by
Kafka Connect - debeziumKafka Connect - debezium
Kafka Connect - debeziumKasun Don
3.4K views16 slides
Building a fully managed stream processing platform on Flink at scale for Lin... by
Building a fully managed stream processing platform on Flink at scale for Lin...Building a fully managed stream processing platform on Flink at scale for Lin...
Building a fully managed stream processing platform on Flink at scale for Lin...Flink Forward
856 views56 slides
Modern Algorithms and Data Structures - 1. Bloom Filters, Merkle Trees by
Modern Algorithms and Data Structures - 1. Bloom Filters, Merkle TreesModern Algorithms and Data Structures - 1. Bloom Filters, Merkle Trees
Modern Algorithms and Data Structures - 1. Bloom Filters, Merkle TreesLorenzo Alberton
30K views49 slides
Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova... by
Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...
Cilium - Network and Application Security with BPF and XDP Thomas Graf, Cova...Docker, Inc.
10.8K views81 slides
Flink Forward Berlin 2017: Patrick Lucas - Flink in Containerland by
Flink Forward Berlin 2017: Patrick Lucas - Flink in ContainerlandFlink Forward Berlin 2017: Patrick Lucas - Flink in Containerland
Flink Forward Berlin 2017: Patrick Lucas - Flink in ContainerlandFlink Forward
3K views54 slides
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery by
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery Don’t Sacrifice Performance for Security: Best Practices for Content Delivery
Don’t Sacrifice Performance for Security: Best Practices for Content Delivery Amazon Web Services
2K views65 slides

More Related Content

What's hot

IBM MQ V9 Overview by
IBM MQ V9 OverviewIBM MQ V9 Overview
IBM MQ V9 OverviewMarkTaylorIBM
6.8K views33 slides
Livy: A REST Web Service For Apache Spark by
Livy: A REST Web Service For Apache SparkLivy: A REST Web Service For Apache Spark
Livy: A REST Web Service For Apache SparkJen Aman
7.8K views20 slides
The top 3 challenges running multi-tenant Flink at scale by
The top 3 challenges running multi-tenant Flink at scaleThe top 3 challenges running multi-tenant Flink at scale
The top 3 challenges running multi-tenant Flink at scaleFlink Forward
332 views16 slides
IBM MQ High Availability 2019 by
IBM MQ High Availability 2019IBM MQ High Availability 2019
IBM MQ High Availability 2019David Ware
4.5K views42 slides
Polylog: A Log-Based Architecture for Distributed Systems by
Polylog: A Log-Based Architecture for Distributed SystemsPolylog: A Log-Based Architecture for Distributed Systems
Polylog: A Log-Based Architecture for Distributed SystemsLongtail Video
1.6K views33 slides
IBM MQ: An Introduction to Using and Developing with MQ Publish/Subscribe by
IBM MQ: An Introduction to Using and Developing with MQ Publish/SubscribeIBM MQ: An Introduction to Using and Developing with MQ Publish/Subscribe
IBM MQ: An Introduction to Using and Developing with MQ Publish/SubscribeDavid Ware
4.9K views66 slides

What's hot(20)

IBM MQ V9 Overview by MarkTaylorIBM
IBM MQ V9 OverviewIBM MQ V9 Overview
IBM MQ V9 Overview
MarkTaylorIBM6.8K views
Livy: A REST Web Service For Apache Spark by Jen Aman
Livy: A REST Web Service For Apache SparkLivy: A REST Web Service For Apache Spark
Livy: A REST Web Service For Apache Spark
Jen Aman7.8K views
The top 3 challenges running multi-tenant Flink at scale by Flink Forward
The top 3 challenges running multi-tenant Flink at scaleThe top 3 challenges running multi-tenant Flink at scale
The top 3 challenges running multi-tenant Flink at scale
Flink Forward332 views
IBM MQ High Availability 2019 by David Ware
IBM MQ High Availability 2019IBM MQ High Availability 2019
IBM MQ High Availability 2019
David Ware4.5K views
Polylog: A Log-Based Architecture for Distributed Systems by Longtail Video
Polylog: A Log-Based Architecture for Distributed SystemsPolylog: A Log-Based Architecture for Distributed Systems
Polylog: A Log-Based Architecture for Distributed Systems
Longtail Video1.6K views
IBM MQ: An Introduction to Using and Developing with MQ Publish/Subscribe by David Ware
IBM MQ: An Introduction to Using and Developing with MQ Publish/SubscribeIBM MQ: An Introduction to Using and Developing with MQ Publish/Subscribe
IBM MQ: An Introduction to Using and Developing with MQ Publish/Subscribe
David Ware4.9K views
Flink vs. Spark by Slim Baltagi
Flink vs. SparkFlink vs. Spark
Flink vs. Spark
Slim Baltagi69.5K views
Whats New in Integration What's New in IBM Integration Bus and IIB on Cloud by Rob Convery
Whats New in Integration What's New in IBM Integration Bus and IIB on Cloud Whats New in Integration What's New in IBM Integration Bus and IIB on Cloud
Whats New in Integration What's New in IBM Integration Bus and IIB on Cloud
Rob Convery2.7K views
PayPal merchant ecosystem using Apache Spark, Hive, Druid, and HBase by DataWorks Summit
PayPal merchant ecosystem using Apache Spark, Hive, Druid, and HBase PayPal merchant ecosystem using Apache Spark, Hive, Druid, and HBase
PayPal merchant ecosystem using Apache Spark, Hive, Druid, and HBase
DataWorks Summit2.6K views
Practical learnings from running thousands of Flink jobs by Flink Forward
Practical learnings from running thousands of Flink jobsPractical learnings from running thousands of Flink jobs
Practical learnings from running thousands of Flink jobs
Flink Forward270 views
Data profiling in Apache Calcite by DataWorks Summit
Data profiling in Apache CalciteData profiling in Apache Calcite
Data profiling in Apache Calcite
DataWorks Summit595 views
GraphQL by Cédric GILLET
GraphQLGraphQL
GraphQL
Cédric GILLET2.2K views
مراحل سن التشريع العادي by alqasmi91
مراحل سن التشريع العاديمراحل سن التشريع العادي
مراحل سن التشريع العادي
alqasmi913.7K views
IBM Think 2018: IBM MQ High Availability by Jamie Squibb
IBM Think 2018: IBM MQ High AvailabilityIBM Think 2018: IBM MQ High Availability
IBM Think 2018: IBM MQ High Availability
Jamie Squibb2.7K views
Pragmatic Guide to Apache Kafka®'s Exactly Once Semantics by confluent
Pragmatic Guide to Apache Kafka®'s Exactly Once SemanticsPragmatic Guide to Apache Kafka®'s Exactly Once Semantics
Pragmatic Guide to Apache Kafka®'s Exactly Once Semantics
confluent898 views
ETL Testing Resume @ venkatesh by Venkatesh Vulli
ETL Testing Resume @ venkateshETL Testing Resume @ venkatesh
ETL Testing Resume @ venkatesh
Venkatesh Vulli1.7K views
Cost-Based Optimizer Framework for Spark SQL: Spark Summit East talk by Ron H... by Spark Summit
Cost-Based Optimizer Framework for Spark SQL: Spark Summit East talk by Ron H...Cost-Based Optimizer Framework for Spark SQL: Spark Summit East talk by Ron H...
Cost-Based Optimizer Framework for Spark SQL: Spark Summit East talk by Ron H...
Spark Summit2.6K views
CDC Stream Processing With Apache Flink With Timo Walther | Current 2022 by HostedbyConfluent
CDC Stream Processing With Apache Flink With Timo Walther | Current 2022CDC Stream Processing With Apache Flink With Timo Walther | Current 2022
CDC Stream Processing With Apache Flink With Timo Walther | Current 2022
HostedbyConfluent1.2K views
IBM MQ Basics by subbareddyalamur
IBM MQ BasicsIBM MQ Basics
IBM MQ Basics
subbareddyalamur180 views
Apache Airflow by Knoldus Inc.
Apache AirflowApache Airflow
Apache Airflow
Knoldus Inc.634 views

Viewers also liked

USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month by
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthNicolas Brousse
12.8K views31 slides
Scaling Instagram by
Scaling InstagramScaling Instagram
Scaling Instagramiammutex
189.4K views185 slides
Chirp 2010: Scaling Twitter by
Chirp 2010: Scaling TwitterChirp 2010: Scaling Twitter
Chirp 2010: Scaling TwitterJohn Adams
38K views49 slides
Embracing Open Source: Practice and Experience from Alibaba by
Embracing Open Source: Practice and Experience from AlibabaEmbracing Open Source: Practice and Experience from Alibaba
Embracing Open Source: Practice and Experience from AlibabaWensong Zhang
17.6K views71 slides
Tuenti conceptos by
Tuenti conceptosTuenti conceptos
Tuenti conceptosAlex Andray
1.5K views25 slides
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ... by
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...Pierre GRANDIN
1.9K views43 slides

Viewers also liked(15)

USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month by Nicolas Brousse
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a MonthUSENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
USENIX LISA15: How TubeMogul Handles over One Trillion HTTP Requests a Month
Nicolas Brousse12.8K views
Scaling Instagram by iammutex
Scaling InstagramScaling Instagram
Scaling Instagram
iammutex189.4K views
Chirp 2010: Scaling Twitter by John Adams
Chirp 2010: Scaling TwitterChirp 2010: Scaling Twitter
Chirp 2010: Scaling Twitter
John Adams38K views
Embracing Open Source: Practice and Experience from Alibaba by Wensong Zhang
Embracing Open Source: Practice and Experience from AlibabaEmbracing Open Source: Practice and Experience from Alibaba
Embracing Open Source: Practice and Experience from Alibaba
Wensong Zhang17.6K views
Tuenti conceptos by Alex Andray
Tuenti conceptosTuenti conceptos
Tuenti conceptos
Alex Andray1.5K views
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ... by Pierre GRANDIN
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...
Openstack Summit Tokyo 2015 - Building a private cloud to efficiently handle ...
Pierre GRANDIN1.9K views
All About Those User Stories by NetSuite
All About Those User StoriesAll About Those User Stories
All About Those User Stories
NetSuite768 views
London2011 tuenti by Juan Varela
London2011 tuentiLondon2011 tuenti
London2011 tuenti
Juan Varela966 views
Abc economist mediareport-final by Juan Varela
Abc economist mediareport-finalAbc economist mediareport-final
Abc economist mediareport-final
Juan Varela1.3K views
Socialnetworks by eaajm
Socialnetworks Socialnetworks
Socialnetworks
eaajm461 views
Product design: How to create a product by Press42
Product design: How to create a productProduct design: How to create a product
Product design: How to create a product
Press425.6K views
Telefonica Digital 2012 by Amalist Client Services
Telefonica Digital 2012Telefonica Digital 2012
Telefonica Digital 2012
Amalist Client Services2.5K views
Analysis of Facebook and Tuenti by cpape21
Analysis of Facebook and TuentiAnalysis of Facebook and Tuenti
Analysis of Facebook and Tuenti
cpape214.5K views
Telefónica Digital – our formula for success by Telefónica's digital services
Telefónica Digital – our formula for successTelefónica Digital – our formula for success
Telefónica Digital – our formula for success
Telefónica's digital services 2.4K views
SREConEurope15 - The evolution of the DHCP infrastructure at Facebook by Angelo Failla
SREConEurope15 - The evolution of the DHCP infrastructure at FacebookSREConEurope15 - The evolution of the DHCP infrastructure at Facebook
SREConEurope15 - The evolution of the DHCP infrastructure at Facebook
Angelo Failla1K views

Similar to Load balancing at tuenti

haproxy-150423120602-conversion-gate01.pdf by
haproxy-150423120602-conversion-gate01.pdfhaproxy-150423120602-conversion-gate01.pdf
haproxy-150423120602-conversion-gate01.pdfPawanVerma628806
6 views17 slides
HAProxy by
HAProxy HAProxy
HAProxy Arindam Nayak
4.9K views17 slides
slides (PPT) by
slides (PPT)slides (PPT)
slides (PPT)webhostingguy
338 views28 slides
A Tale of 2 Systems by
A Tale of 2 SystemsA Tale of 2 Systems
A Tale of 2 SystemsDavid Newman
335 views112 slides
HA Deployment Architecture with HAProxy and Keepalived by
HA Deployment Architecture with HAProxy and KeepalivedHA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and KeepalivedGanapathi Kandaswamy
1.8K views41 slides
Web Server Load Balancer by
Web Server Load BalancerWeb Server Load Balancer
Web Server Load BalancerMobME Technical
2.8K views21 slides

Similar to Load balancing at tuenti(20)

haproxy-150423120602-conversion-gate01.pdf by PawanVerma628806
haproxy-150423120602-conversion-gate01.pdfhaproxy-150423120602-conversion-gate01.pdf
haproxy-150423120602-conversion-gate01.pdf
PawanVerma6288066 views
HAProxy by Arindam Nayak
HAProxy HAProxy
HAProxy
Arindam Nayak4.9K views
slides (PPT) by webhostingguy
slides (PPT)slides (PPT)
slides (PPT)
webhostingguy338 views
A Tale of 2 Systems by David Newman
A Tale of 2 SystemsA Tale of 2 Systems
A Tale of 2 Systems
David Newman335 views
HA Deployment Architecture with HAProxy and Keepalived by Ganapathi Kandaswamy
HA Deployment Architecture with HAProxy and KeepalivedHA Deployment Architecture with HAProxy and Keepalived
HA Deployment Architecture with HAProxy and Keepalived
Ganapathi Kandaswamy1.8K views
Web Server Load Balancer by MobME Technical
Web Server Load BalancerWeb Server Load Balancer
Web Server Load Balancer
MobME Technical2.8K views
Stream processing on mobile networks by pbelko82
Stream processing on mobile networksStream processing on mobile networks
Stream processing on mobile networks
pbelko82311 views
Http - All you need to know by Gökhan Şengün
Http - All you need to knowHttp - All you need to know
Http - All you need to know
Gökhan Şengün758 views
HTTP Acceleration with Varnish by Harlow Ward
HTTP Acceleration with VarnishHTTP Acceleration with Varnish
HTTP Acceleration with Varnish
Harlow Ward4K views
Web technologies: HTTP by Piero Fraternali
Web technologies: HTTPWeb technologies: HTTP
Web technologies: HTTP
Piero Fraternali7.3K views
Scalable Web Apps by Piotr Pelczar
Scalable Web AppsScalable Web Apps
Scalable Web Apps
Piotr Pelczar6.6K views
.NET Conf 2022 - Networking in .NET 7 by Karel Zikmund
.NET Conf 2022 - Networking in .NET 7.NET Conf 2022 - Networking in .NET 7
.NET Conf 2022 - Networking in .NET 7
Karel Zikmund64 views
Before OTD EDU - Introduction by Beom Lee
Before OTD EDU - IntroductionBefore OTD EDU - Introduction
Before OTD EDU - Introduction
Beom Lee1.8K views
Multi-Layer DDoS Mitigation Strategies by Sagi Brody
Multi-Layer DDoS Mitigation StrategiesMulti-Layer DDoS Mitigation Strategies
Multi-Layer DDoS Mitigation Strategies
Sagi Brody3.2K views
The never-ending REST API design debate -- Devoxx France 2016 by Restlet
The never-ending REST API design debate -- Devoxx France 2016The never-ending REST API design debate -- Devoxx France 2016
The never-ending REST API design debate -- Devoxx France 2016
Restlet2.2K views
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us... by Michele Orru
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Rooting your internals - Exploiting Internal Network Vulns via the Browser Us...
Michele Orru4.6K views
Denser, cooler, faster, stronger: PHP on ARM microservers by Jez Halford
Denser, cooler, faster, stronger: PHP on ARM microserversDenser, cooler, faster, stronger: PHP on ARM microservers
Denser, cooler, faster, stronger: PHP on ARM microservers
Jez Halford990 views
Managing multi tenant resource toward Hive 2.0 by Kai Sasaki
Managing multi tenant resource toward Hive 2.0Managing multi tenant resource toward Hive 2.0
Managing multi tenant resource toward Hive 2.0
Kai Sasaki2.2K views
How To Set Up SQL Load Balancing with HAProxy - Slides by Severalnines
How To Set Up SQL Load Balancing with HAProxy - SlidesHow To Set Up SQL Load Balancing with HAProxy - Slides
How To Set Up SQL Load Balancing with HAProxy - Slides
Severalnines21.3K views
Fastsocket Linxiaofeng by Michael Zhang
Fastsocket LinxiaofengFastsocket Linxiaofeng
Fastsocket Linxiaofeng
Michael Zhang2K views

Recently uploaded

Initiating and Advancing Your Strategic GIS Governance Strategy by
Initiating and Advancing Your Strategic GIS Governance StrategyInitiating and Advancing Your Strategic GIS Governance Strategy
Initiating and Advancing Your Strategic GIS Governance StrategySafe Software
184 views68 slides
Netmera Presentation.pdf by
Netmera Presentation.pdfNetmera Presentation.pdf
Netmera Presentation.pdfMustafa Kuğu
22 views50 slides
What is Authentication Active Directory_.pptx by
What is Authentication Active Directory_.pptxWhat is Authentication Active Directory_.pptx
What is Authentication Active Directory_.pptxHeenaMehta35
15 views7 slides
"Package management in monorepos", Zoltan Kochan by
"Package management in monorepos", Zoltan Kochan"Package management in monorepos", Zoltan Kochan
"Package management in monorepos", Zoltan KochanFwdays
34 views18 slides
"Running students' code in isolation. The hard way", Yurii Holiuk by
"Running students' code in isolation. The hard way", Yurii Holiuk "Running students' code in isolation. The hard way", Yurii Holiuk
"Running students' code in isolation. The hard way", Yurii Holiuk Fwdays
36 views34 slides
Transcript: Redefining the book supply chain: A glimpse into the future - Tec... by
Transcript: Redefining the book supply chain: A glimpse into the future - Tec...Transcript: Redefining the book supply chain: A glimpse into the future - Tec...
Transcript: Redefining the book supply chain: A glimpse into the future - Tec...BookNet Canada
41 views16 slides

Recently uploaded(20)

Initiating and Advancing Your Strategic GIS Governance Strategy by Safe Software
Initiating and Advancing Your Strategic GIS Governance StrategyInitiating and Advancing Your Strategic GIS Governance Strategy
Initiating and Advancing Your Strategic GIS Governance Strategy
Safe Software184 views
Netmera Presentation.pdf by Mustafa Kuğu
Netmera Presentation.pdfNetmera Presentation.pdf
Netmera Presentation.pdf
Mustafa Kuğu22 views
What is Authentication Active Directory_.pptx by HeenaMehta35
What is Authentication Active Directory_.pptxWhat is Authentication Active Directory_.pptx
What is Authentication Active Directory_.pptx
HeenaMehta3515 views
"Package management in monorepos", Zoltan Kochan by Fwdays
"Package management in monorepos", Zoltan Kochan"Package management in monorepos", Zoltan Kochan
"Package management in monorepos", Zoltan Kochan
Fwdays34 views
"Running students' code in isolation. The hard way", Yurii Holiuk by Fwdays
"Running students' code in isolation. The hard way", Yurii Holiuk "Running students' code in isolation. The hard way", Yurii Holiuk
"Running students' code in isolation. The hard way", Yurii Holiuk
Fwdays36 views
Transcript: Redefining the book supply chain: A glimpse into the future - Tec... by BookNet Canada
Transcript: Redefining the book supply chain: A glimpse into the future - Tec...Transcript: Redefining the book supply chain: A glimpse into the future - Tec...
Transcript: Redefining the book supply chain: A glimpse into the future - Tec...
BookNet Canada41 views
MVP and prioritization.pdf by rahuldharwal141
MVP and prioritization.pdfMVP and prioritization.pdf
MVP and prioritization.pdf
rahuldharwal14139 views
Cocktail of Environments. How to Mix Test and Development Environments and St... by Aleksandr Tarasov
Cocktail of Environments. How to Mix Test and Development Environments and St...Cocktail of Environments. How to Mix Test and Development Environments and St...
Cocktail of Environments. How to Mix Test and Development Environments and St...
Aleksandr Tarasov23 views
Mobile Core Solutions & Successful Cases.pdf by IPLOOK Networks
Mobile Core Solutions & Successful Cases.pdfMobile Core Solutions & Successful Cases.pdf
Mobile Core Solutions & Successful Cases.pdf
IPLOOK Networks14 views
Qualifying SaaS, IaaS.pptx by Sachin Bhandari
Qualifying SaaS, IaaS.pptxQualifying SaaS, IaaS.pptx
Qualifying SaaS, IaaS.pptx
Sachin Bhandari1.1K views
"Node.js vs workers — A comparison of two JavaScript runtimes", James M Snell by Fwdays
"Node.js vs workers — A comparison of two JavaScript runtimes", James M Snell"Node.js vs workers — A comparison of two JavaScript runtimes", James M Snell
"Node.js vs workers — A comparison of two JavaScript runtimes", James M Snell
Fwdays14 views
"Node.js Development in 2024: trends and tools", Nikita Galkin by Fwdays
"Node.js Development in 2024: trends and tools", Nikita Galkin "Node.js Development in 2024: trends and tools", Nikita Galkin
"Node.js Development in 2024: trends and tools", Nikita Galkin
Fwdays33 views
Digital Personal Data Protection (DPDP) Practical Approach For CISOs by Priyanka Aash
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Priyanka Aash162 views
Inawisdom IDP by PhilipBasford
Inawisdom IDPInawisdom IDP
Inawisdom IDP
PhilipBasford15 views
The Coming AI Tsunami.pptx by johnhandby
The Coming AI Tsunami.pptxThe Coming AI Tsunami.pptx
The Coming AI Tsunami.pptx
johnhandby13 views
Discover Aura Workshop (12.5.23).pdf by Neo4j
Discover Aura Workshop (12.5.23).pdfDiscover Aura Workshop (12.5.23).pdf
Discover Aura Workshop (12.5.23).pdf
Neo4j15 views
The Power of Generative AI in Accelerating No Code Adoption.pdf by Saeed Al Dhaheri
The Power of Generative AI in Accelerating No Code Adoption.pdfThe Power of Generative AI in Accelerating No Code Adoption.pdf
The Power of Generative AI in Accelerating No Code Adoption.pdf
Saeed Al Dhaheri39 views
Cencora Executive Symposium by marketingcommunicati21
Cencora Executive SymposiumCencora Executive Symposium
Cencora Executive Symposium
marketingcommunicati21160 views
Business Analyst Series 2023 - Week 4 Session 8 by DianaGray10
Business Analyst Series 2023 - Week 4 Session 8Business Analyst Series 2023 - Week 4 Session 8
Business Analyst Series 2023 - Week 4 Session 8
DianaGray10145 views
Telenity Solutions Brief by Mustafa Kuğu
Telenity Solutions BriefTelenity Solutions Brief
Telenity Solutions Brief
Mustafa Kuğu14 views

Load balancing at tuenti

  • 1. Load balancing @Tuenti Ricardo Bartolomé, Senior Systems Engineer
  • 2. Some numbers • +12M users. • 40 billion pageviews a month. • 40k req/s in core site at peak time (1.8 gbps). • 10k req/s in image routing layer (2gbps). • +500 frontend servers
  • 3. Past • Linux boxes running LVS and ldirectord. • DSR strategy for load balancing. • Frontends used to have a external public IP. • Double investment in networking gear and its redundancy. • SSL balanced across all the frontends.
  • 4. The (old) big picture HTTP request client External API HTTP response LVS External network f01 f02 fN Internal network
  • 5. Present • New hardware. 4+1 LB instead of 10 LB (5+5) • New load balancing strategy using HAProxy layer 7 capabilities. • SSL terminated in the load balancers.
  • 6. The big picture HTTP request External client API HTTP response HTTP External network HAProxy proxy Internal network HTTP response f01 f02 fN
  • 7. Hardware • Intel Xeon X5677 (4 core, 8 threads @ 3.47GHz) • 8 gigabit network interfaces (Broadcon NextExtreme 5702 w/ multiqueue support) • 16 GB of memory
  • 8. Networking • 4 links for internal and 4 for external • Connected to different stack member units • 4gbps theorical capacity limit per node. member unit 0 member unit 1 load balancer member unit 0 member unit 1
  • 9. Networking • We tune IRQ SMP affinity for sharding IRQs across multiple cores that share the same L2 cache [1] • We do ECMP (Equal Cost Multi Path) [2] in our edge routers for sharding traffic across the load balancers. ip route 95.131.168.x/32 x.x.x.2 ip route 95.131.168.x/32 x.x.x.1 ip route 95.131.168.x/32 x.x.x.3 ip route 95.131.168.x/32 x.x.x.4 router lb lb lb lb
  • 10. HAProxy: Why? • Layer7 load balancing: Content inspection, persistence, slow start, throttling, anti-DoS features, supervision, content switching, keep-alive, etc. • Very robust and reliable. • Designed to be a load balancer. • Offers high control over HTTP delivery and status: response codes, connections per frontend, queued request, etc.
  • 11. HAProxy: Concepts • Frontend: Section where we listen() for incoming connections. • Backend: Pool of servers. We define algorithm, configure healthy checks, etc. • Listen section: frontend+backend. Useful for TCP. • Connection != request: One connection can hold multiple requests (keep-alive). Only the first one is analyzed, logged and processed.
  • 12. HAProxy: Health checks • Standard health check # Backend section backend www_farm mode http balance roundrobin option httpchk GET /server_health # Servers server fe01 x.x.x.1:80 check inter 2s downinter 5s rise 2 fall 3 weight 100 server fe02 x.x.x.2:80 check inter 2s downinter 5s rise 2 fall 3 weight 100
  • 13. HAProxy: Health checks • Observe mode # Backend section backend www_farm mode http balance roundrobin option httpchk GET /server_health observe layer7 # Servers server fe01 x.x.x.1:80 check inter 2s downinter 5s rise 2 fall 3 weight 100 server fe02 x.x.x.2:80 check inter 2s downinter 5s rise 2 fall 3 weight 100
  • 14. HAProxy: Persistence • Cookie • URI & URI parameter • Source IP • Header (i.e. Host header) • RDP cookie (Anyone using MS Terminal Server?)
  • 15. HAProxy: Cookie persistence • Map requests between cookie value and backend server. You can issue these cookies from the code and play with them. • Ideal for deploying code by stages, or caching locally user data. • If the server becomes unreachable the traffic will be directed to other server within the same pool.
  • 16. HAProxy: Cookie persistence backend www mode http balance roundrobin option redispatch cookie mycookie insert maxidle 120 maxlife 900 indirect preserve domain .tuenti.com server fe01 1.1.1.1:80 weight 100 cookie 1111 server fe02 1.1.1.2:80 weight 100 cookie 1112 server fe03 1.1.1.3:80 weight 100 cookie 1113
  • 17. HAProxy: URL persistence • Specially interesting for balancing HTTP caching servers (i.e.Varnish). Without this feature the cache pool will be inefficient. • The URLs are hashed and assigned to a server in the pool (using a modulo operation). A server will serve always the same object regardless of the load balancer that attends the request. • Adding/removing/losing servers to the pool is not harmful thanks to consistent hashing.
  • 18. HAProxy: URL persistence map-based hashing A 1 7 B 2 8 C 3 9 D 4 E 5 F 6
  • 19. HAProxy: URL persistence map-based hashing A 1 7 B 2 8 C 3 9 D 4 E 5 F 6
  • 20. HAProxy: URL persistence map-based hashing A 1 7 1 6 B 2 8 2 7 C 3 9 3 8 D 4 10 4 9 E 5 5 10 F 6
  • 21. HAProxy: URL persistence map-based hashing A 1 7 1 6 High miss rate. #FAIL B 2 8 2 7 C 3 9 3 8 D 4 10 4 9 E 5 5 10 F 6
  • 22. HAProxy: URL persistence consistent hashing A 1 7 B 2 8 C 3 9 D 4 E 5 F 6
  • 23. HAProxy: URL persistence consistent hashing A 1 7 B 2 8 C 3 9 D 4 E 5 F 6
  • 24. HAProxy: URL persistence consistent hashing A 1 7 B 2 8 C 3 9 D 4 E 5 F 6
  • 25. HAProxy: URL persistence consistent hashing A 1 7 B 2 8 C 3 9 D 4 1/6 misses = E ~17% miss 5 F 6
  • 26. HAProxy: URL persistence Our images URLs always look like: http://img3.tuenti.net/HyUdrohQQAFnCyjMJ2ekAA We can choose the first block from the URI and use it for persistence decisions. # balance roundrobin balance uri depth 1 hash-type consistent
  • 27. HAProxy: URL persistence Our images URLs always look like: http://img3.tuenti.net/MdlIdrAOilul8ldcRwD7AdzwAeAdB4AMtgAy We can choose the first block from the URI and use it for persistence decisions. # balance roundrobin balance uri depth 1 hash-type consistent
  • 28. HAProxy: Content switching and ACLs • Same frontend, different backend. • Take decisions about which backend will attend the connection based on: • Layer 7 information (HTTP headers, methods, URI, version, status) • Layer4 information (source IP, destination IP, port) • Internal HAProxy information (amount of backend connections, active servers in the backend, etc) • Too much options for showing all on this presentation. [1]
  • 29. HAProxy: Content switching and ACLs # Frontend section frontend http bind x.x.x.x:80 mode http option forwardfor except 127.0.0.1/8 header X-Forwarded-For # Farm content switching acl acl-api-uri path /api acl acl-mobile-site hdr(host) -i m.tuenti.com acl acl-cdn-service hdr(host) -i cdn.tuenti.net use_backend mobile_farm if acl-mobile-site use_backend api_farm if acl-api-uri use_backend cdn_farm if acl-cdn-service default_backend www_farm
  • 30. HAProxy: Content switching and ACLs # Backend section backend www_farm mode http balance roundrobin # Servers server fe01 x.x.x.1:80 weight 100 server fe02 x.x.x.2:80 weight 100 backend mobile_farm mode http balance roundrobin # Servers server mfe01 x.x.x.1:80 weight 100
  • 31. HAProxy: Content switching and ACLs # Another example using internal HAProxy information frontend http bind x.x.x.x:80 mode http option forwardfor except 127.0.0.1/8 header X-Forwarded-For # Insert 250ms delay if the session rate is over 35k req/s acl too_fast fe_sess_rate ge 35000 tcp-request inspect-delay 250ms tcp-request content accept if ! too_fast tcp-request content accept if WAIT_END
  • 32. HAProxy: Content blocking # Another example using internal HAProxy information frontend http bind x.x.x.x:80 mode http option forwardfor except 127.0.0.1/8 header X-Forwarded-For # Block requests with negative Content-Length value acl invalid-cl hdr_val(content-length) le 0 block if invalid-cl
  • 33. HAProxy: Slow start # Backend section backend www_farm mode http balance roundrobin option httpchk GET /server_health # Servers server fe01 x.x.x.1:80 check inter 2s downinter 5s slowstart 60s rise 2 fall 3 weight 100 server fe02 x.x.x.2:80 check inter 2s downinter 5s slowstart 60s rise 2 fall 3 weight 100
  • 34. HAProxy: Graceful shutdown # Backend section backend www_farm mode http balance roundrobin option httpchk GET /server_health http-check disable-on-404 # Servers server fe01 x.x.x.1:80 check inter 2s downinter 5s slowstart 60s rise 2 fall 3 weight 100 server fe02 x.x.x.2:80 check inter 2s downinter 5s slowstart 60s rise 2 fall 3 weight 100
  • 35. HAProxy: Monitoring •Traffic through different frontend interfaces. Easy to aggregate incoming/outgoing traffic. • Amount of different HTTP response codes • /proc/net/sockstat
  • 36. HAProxy: Monitoring frontend stats1 mode http bind-process 1 bind :8081 default_backend haproxy-stats1 backend haproxy-stats1 bind-process 1 mode http stats enable stats refresh 60s stats uri / stats auth mgmt:password
  • 37. Client-side load balancing • When user logs into the site the browser loads a javascript API. Browser talks to it. • Browser communicates with the API and this one uses EasyXDM. • Using application logic we control user request to a defined farm. • A/B testing based in any criteria. • Where are from? • How old are you?
  • 38. Client-side load balancing ‘frontend_farm_map‘ => array( 1 => 'www1', // x% (Alava) 2 => 'www4', // y% (Albacete) 3 => 'www4', // z% (Alicante) … ) ‘users_using_staging => array( ‘level’ => ‘limited’, ‘percent’ => 10, )
  • 39. SSL • TCP load balancing is not useful for us. • We deployed stunnel and it worked fine for a while. • Then we started to suffer contention when accepting new connections. • We are currently using stud [2] for terminating SSL in our load balancers.
  • 40. SSL: Legal issues • You can’t use this strategy of SSL termination in your PCI compliant platform. • We transport client IP information into X-Forwarded-For headers in order to log users IPs because law enforcements. • We terminate SSL in the load balancer because balancing TCP (SSL) you can’t inform the backend about the client IP.
  • 41. stud: The Scalable TLS Unwrapping Daemon • Supports both SSL and TLS using OpenSSL. • Uses a process-per-core model. • Asynchronous I/O using libev. • Very little overhead per connection. • Designed for long-living connections. • Supports PROXY protocol. • Recently they added inter-process communication [5].
  • 42. PROXY protocol • Created by HAProxy [5] author for safely transport connection information across multiple layers of NAT or TCP proxies. • Native support in stud. Patches available for stunnel4. • We use it for stud informing to HAProxy about the real IP of the client, converting this information to X-Forwarded-For header that we can read and store in our application.
  • 43. PROXY protocol # stud --ssl -c OPENSSL_CIPHERS -b 127.0.0.1 8888 -f x.x.x.x 443 -n 2 -u stud --write-proxy certificate.pem frontend http-localhost-proxy-443 bind 127.0.0.1:8888 accept-proxy mode http reqadd X-Protocol: SSL reqadd X-Port: 443 default_backend www_farm
  • 44. REST API • Not official feature (yet) [6] • You can easily communicate to the server via HTTP. • Awesome for orchestrating your web tier.
  • 46. Related links http://software.intel.com/en-us/articles/improved-linux-smp-scaling- • [1] user-directed-processor-affinity/ • [2] http://en.wikipedia.org/wiki/Equal-cost_multi-path_routing • [3] stud repo: https://github.com/bumptech/stud • [4] Scaling SSL: http://blog.exceliance.fr/2011/11/07/scaling-out-ssl/ PROXY protocol: http://haproxy.1wt.eu/download/1.5/doc/proxy- • [5] protocol.txt • [6] REST API patch: https://github.com/jbuchbinder/haproxy-forked • HAProxy configuration doc: http://haproxy.1wt.eu/download/1.5/doc/configuration.txt