netflix update (meetbsd california 2014 lightning talk)
DESCRIPTION
The slides for Scott Long's lightning talk, "Netflix Update", given at MeetBSD California 2014 in San Jose.TRANSCRIPT
![Page 1: Netflix Update (MeetBSD California 2014 Lightning Talk)](https://reader033.vdocument.in/reader033/viewer/2022052907/55911f441a28abb8588b4682/html5/thumbnails/1.jpg)
Netflix UpdateMeetBSD 2014
![Page 2: Netflix Update (MeetBSD California 2014 Lightning Talk)](https://reader033.vdocument.in/reader033/viewer/2022052907/55911f441a28abb8588b4682/html5/thumbnails/2.jpg)
FreeBSD - Still being awesome
Other22.0%
Amazon Video
SSL
iTunes
Hulu
MPEG
BitTorrent
HTTP11.7%
Youtube13.2%
Netflix34.2%
Sandvine 1H 2014 Global Internet Phenomenon Report
![Page 3: Netflix Update (MeetBSD California 2014 Lightning Talk)](https://reader033.vdocument.in/reader033/viewer/2022052907/55911f441a28abb8588b4682/html5/thumbnails/3.jpg)
What if we do SSL?
Other22.0%
Amazon Video
SSL
iTunes
Hulu
MPEG
BitTorrent
HTTP11.7%
Youtube13.2%
SSL (Netflix)34.2%
Sandvine 1H 2014 Global Internet Phenomenon Report
![Page 4: Netflix Update (MeetBSD California 2014 Lightning Talk)](https://reader033.vdocument.in/reader033/viewer/2022052907/55911f441a28abb8588b4682/html5/thumbnails/4.jpg)
Network I/O kernel
write() read()
Classic Web Serving
• Data is copied in
• Data is copied out
• High memory bandwidth, Cpu load
• L1/2/3 cache thrashed web
serverworker thread
![Page 5: Netflix Update (MeetBSD California 2014 Lightning Talk)](https://reader033.vdocument.in/reader033/viewer/2022052907/55911f441a28abb8588b4682/html5/thumbnails/5.jpg)
Network
Sendfile
I/O
V/M
kernel
Optimized Nginx Web Serving
• Data is directed in and out of RAM
• No copies through the CPU
• Async sendfile hints
• variable read-ahead
• Cache-behind nginxworker thread
![Page 6: Netflix Update (MeetBSD California 2014 Lightning Talk)](https://reader033.vdocument.in/reader033/viewer/2022052907/55911f441a28abb8588b4682/html5/thumbnails/6.jpg)
Network I/O kernel
write() read()
ssl nginx
Classic SSL Web Serving
• SSL Bulk encryption is expensive
• AESNI still costs CPU cycles
• Back to having data copies
• 2.5-3x hit on serving
![Page 7: Netflix Update (MeetBSD California 2014 Lightning Talk)](https://reader033.vdocument.in/reader033/viewer/2022052907/55911f441a28abb8588b4682/html5/thumbnails/7.jpg)
Network
Sendfile
I/O
V/M
kernel
nginxssl
Socket bulkencryption
In-Kernel SSL Web Serving
• Encryption-aware sockets
• Key exchange, session mgmt still in user libraries
• AESNI, crypto-offload plug-in worker thread
![Page 8: Netflix Update (MeetBSD California 2014 Lightning Talk)](https://reader033.vdocument.in/reader033/viewer/2022052907/55911f441a28abb8588b4682/html5/thumbnails/8.jpg)
Stay tuned…