Netflix UpdateMeetBSD 2014
FreeBSD - Still being awesome
Other22.0%
Amazon Video
SSL
iTunes
Hulu
MPEG
BitTorrent
HTTP11.7%
Youtube13.2%
Netflix34.2%
Sandvine 1H 2014 Global Internet Phenomenon Report
What if we do SSL?
Other22.0%
Amazon Video
SSL
iTunes
Hulu
MPEG
BitTorrent
HTTP11.7%
Youtube13.2%
SSL (Netflix)34.2%
Sandvine 1H 2014 Global Internet Phenomenon Report
Network I/O kernel
write() read()
Classic Web Serving
• Data is copied in
• Data is copied out
• High memory bandwidth, Cpu load
• L1/2/3 cache thrashed web
serverworker thread
Network
Sendfile
I/O
V/M
kernel
Optimized Nginx Web Serving
• Data is directed in and out of RAM
• No copies through the CPU
• Async sendfile hints
• variable read-ahead
• Cache-behind nginxworker thread
Network I/O kernel
write() read()
ssl nginx
Classic SSL Web Serving
• SSL Bulk encryption is expensive
• AESNI still costs CPU cycles
• Back to having data copies
• 2.5-3x hit on serving
Network
Sendfile
I/O
V/M
kernel
nginxssl
Socket bulkencryption
In-Kernel SSL Web Serving
• Encryption-aware sockets
• Key exchange, session mgmt still in user libraries
• AESNI, crypto-offload plug-in worker thread
Stay tuned…
Top Related