You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

User:Vgutierrez/CDN

From Wikitech-static
Jump to navigation Jump to search

TLS Termination Layer

The current implementation of the TLS Termination Layer leverages HAProxy 2.4.

Headers

The TLS Termination layer sets the following headers

X-Client-IP

Reports the User-Agent IP as reported by the layer 3 (no HTTP headers are parsed to populate the header).

X-Client-IP: 185.15.58.224
X-Client-IP: 2a02:ec80:600:ed1a::1

X-Client-Port

X-Forwarded-Proto

X-Connection-Properties

X-Analytics-TLS

Frontend Caching Layer

The current implementation of the Frontend Caching Layer (FCL) leverages Varnish 6. Varnish setup is split in three clusters: text, upload and misc. Text and misc are deployed in cache::text servers and upload is deployed in cache::upload servers.

Headers

X-Analytics

This header is used for measurement purposes and its behavior is documented in X-Analytics.

X-Varnish-Cluster

This header is used to signal the Backend Caching layer which varnish cluster handled a request. Currently is only set for misc[1].

X-Varnish-Cluster: misc

Request Normalization

Query sorting

Query parameters are alphabetically sorted by the FCL to improve cache hitrate. Example: /favicon.ico?vgutierrez=1&c=1&b=0&a=0 gets sorted as /favicon.ico?a=0&b=0&c=1&vgutierrez=1

This very same sorting strategy is implemented[2] on the daemon responsible of fetching purge events from the application layer and inject them on both the FCL and the BCL.

Caching logic

text cluster

The FCL hides non-session cookies (those that don't match ([sS]ession|Token)=) for cache lookup purposes. After cache lookup is performed the cookies are restored so they reach upstream as expected. This assumes that any upstream that requires some non-session cookie to work properly (like the GeoIP one) will return a non cacheable response.

By default, varnish doesn't cache requests with cookies, to be able to cache responses with cookies and without Vary:Cookie varnish will replaces session cookies with the fixed string Token=1 if and only if Vary:Cookie isn't present in the response

Backend Caching Layer

The current implementation of the Backend Caching Layer (BCL) leverages ATS 8.x (currently being upgraded to 9.x)

Caching logic

The BCL avoids caching responses that meet any of the following requirements:

  • Response contains a Set-Cookie header
  • Response contains a Vary:Cookie header and an uncacheable cookie
  • Content-Length is bigger than 1GB
  • Response status is higher than 499
  • Request contains an Authorization header

Additionally the BCL will skip cache lookup for any request that meet any of the following requirements:

  • Request contains an Authorization header

Caching optimizations

The BCL hides cacheable cookies during the cache lookup stage for text/upload (not misc) to improve hitrate and avoid unnecessary cache writes[3]. This assumes that any upstream that requires some non-session cookie to work properly (like the GeoIP one) will return a non cacheable response