NGINX Plus R9 – what’s newOWEN GARRETTApril 27, 2016

Building a great applicationis only half the battle, delivering the application is the other half.

The modern web requiresa new approachto application delivery

MORE INFORMATION AT NGINX.COM

Flawless Application Deliveryfor the Modern Web

4

Load Balancer Monitoring & ManagementWeb ServerContent Cache

Streaming Media

MORE INFORMATION AT NGINX.COM

What’s New?NGINX Plus R9

● Dynamic Modules○ Load rich extensions into NGINX Plus at

runtime

● UDP Load Balancing○ DNS, RADIUS, and other UDP services○ Emerging IoT applications

● Service Discovery using DNS SRV records○ Discover new services using a familiar DNS

interface

● NGINX Plus App Pricing○ “All you can eat” pricing for NGINX Plus

● Improved caching performance and other great new features…

Dynamic Modules

MORE INFORMATION AT NGINX.COM

NGINX and Third-Party Modules

● Over 100 third-party modules available• Lua, Naxsi, Pagespeed, etc.

● Over 60 NGINX written modules• GeoIP, HTTP/2, TCP load balancing, etc.

● Problem: Modules have to be statically compiled in• Compare: Apple selects third-party apps and distributes them as a part of

iOS• Multiple NGINX Plus images:

■ nginx-plus -- 56 NGINX modules, 0 third-party modules■ nginx-plus-extras -- 4 additional NGINX modules, 6 third-party

modules

MORE INFORMATION AT NGINX.COM

Static modules are compiled into the NGINX executable

MORE INFORMATION AT NGINX.COM

Dynamic modules are compiled into a separate binary module shared object

load_module "modules/ngx_http_geoip_module.so"; load_module "modules/ngx_stream_module.so";

MORE INFORMATION AT NGINX.COM

NGINX Plus and Dynamic Modules

● Modules can now be loaded in dynamically

● You can download tested and certified extensions from our repository• Accessible via standard package management tools

● We will begin building only a single NGINX Plus binary• Install only the extensions you want• nginx-plus-extras to be deprecated

MORE INFORMATION AT NGINX.COM

Dynamic Modules in NGINX Plus R9

● For this release we are still providing two images:• nginx-plus with support for dynamic modules• nginx-plus-extras same as before without support for dynamic modules

● All nginx-plus-extras modules are available as dynamic modules from our repository.

● Existing nginx-plus-extras users are encouraged to upgrade:• apt-get remove nginx-plus-extras• apt-get install nginx-plus

• apt-get install nginx-plus-module-lua

MORE INFORMATION AT NGINX.COM

Dynamic Modules in NGINX Plus R9

● NGINX written modules:• nginx-plus-module-geoip• nginx-plus-module-image-filter• nginx-plus-module-perl• nginx-plus-module-xslt

● 3rd party modules• nginx-plus-module-headers-more• nginx-plus-module-lua• nginx-plus-module-passenger• nginx-plus-module-rtmp• nginx-plus-module-set-misc

* lua-resty-redis can be installed on top of nginx-plus-module-lua

MORE INFORMATION AT NGINX.COM

Dynamic Modules Going Forward

● nginx-plus-extras will be maintained till NGINX Plus R10

● NGINX Plus R11 and beyond will only have a single nginx-plus image

● Our plan is to certify and add more modules to our repository

● We will soon provide a tool for you to compile your own dynamic modules• As of right now, can only extend NGINX Plus with modules from our

repository

UDP Load Balancing

MORE INFORMATION AT NGINX.COM

Overview

● UDP is used for common services such as DNS, RADIUS, syslog, and more that need load balancing

● UDP is emerging as protocol of choice for IoT due to its low overhead

● Released as part of open source NGINX 1.9.13

● NGINX Plus R9 has advanced features such as active health checks and on-the-fly reconfiguration

● NGINX Plus can now load balance (almost) any application: TCP, UDP, or HTTP

MORE INFORMATION AT NGINX.COM

TCP vs. UDP Refresher

TCP UDP

Reliable data transfer Unreliable data transfer

High overhead Low overhead

Typical applications:- Web pages- iPhone/Android apps- Email

Typical applications:- DNS- RADIUS authentication- VoIP (FaceTime, etc) *

* Not supported with NGINX or NGINX Plus

MORE INFORMATION AT NGINX.COM

DNS without NGINX Plus

MORE INFORMATION AT NGINX.COM

DNS with NGINX Plus

MORE INFORMATION AT NGINX.COM

Exclusive to NGINX Plus

● Least Time load balancing algorithm○ Send new connections to the server with lowest average response time

and least number of existing connections

● Active health checks○ Actively monitor the health of UDP applications

● On-the-fly reconfiguration○ Add and remove servers without restarting NGINX Plus

● Stats○ Critical visibility into the health and performance of UDP services

Service Discovery Using DNS SRV

MORE INFORMATION AT NGINX.COM

Service Discovery Overview

MORE INFORMATION AT NGINX.COM

How Does NGINX Query the Service Registry?

● Configuration templates○ Service discovery platform rewrites NGINX config and reloads NGINX○ Works with both NGINX and NGINX Plus○ Downside: Not as scalable, NGINX has to be restarted for every small

change

● NGINX Plus HTTP-based API○ Service discovery platform calls a script to add/remove services using the

API○ Upside: Fast, no reloads○ Downside: Requires additional code to maintain

● NGINX Plus DNS interface○ NGINX Plus polls DNS interface of service registry to get list of services○ Upside: No additional code to maintain, no reloads○ Downside: Polling based, depends on TTL

MORE INFORMATION AT NGINX.COM

What’s Changed in R9?

● New support for DNS SRV records○ SRV -> Service○ Contains additional information (port, weight, priority) not in standard

DNS records

● Ports are dynamically assigned in microservice environments, and NGINX Plus needs port information for services to load balance traffic to them

resolver consul:53 valid=10s;

upstream backend { zone upstream_backend 64k;

server app.local service=http resolve; }

NGINX Plus App Pricing

MORE INFORMATION AT NGINX.COM

What Is NGINX Plus App Pricing?

● All you can eat pricing - No matter how many VMs, containers, nodes, concurrent connections, or users, you pay one low rate per application for the entire year.

● NGINX Plus App Pricing is based on volume of web traffic, company size, and number of NGINX Plus instances currently used or estimated to be used.

● It includes:○ Unlimited use of NGINX Plus for a multitude of use cases within your

application○ Your choice of installation and/or tuning support from

NGINX Professional Services○ Training in NGINX fundamentals and/or advanced topics for your team

MORE INFORMATION AT NGINX.COM

Why NGINX Plus App Pricing?

● There is no counting of instances or licenses, enabling unlimited usage of NGINX Plus

● Single per-app price means there is a predictable cost, priced to fit your application for the entire subscription period

● Well suited to distributed and microservice-based architectures, and was originally created to serve the world’s most popular SaaS applications

● All-you-can eat pricing aligns with the modern approach of creating and destroying VMs or containers as needed

● App Pricing means you can use NGINX Plus across a multitude of use cases without limits or constraints

● One number to call if something goes wrong or if you need help

MORE INFORMATION AT NGINX.COM

Who Is NGINX Plus App Pricing for?

NGINX Plus App pricing is for applications that:

● Experience traffic spikes and/or have unpredictable traffic● Use containers or virtual machines to regularly create and destroy instances● Need flexibility to grow quickly during the term of their subscription with

NGINX● Don’t want to (or can’t) track instance counts

Additional Features

MORE INFORMATION AT NGINX.COM

● Cache performance improvements - Cache writes can now be offloaded to threads to avoid blocking the NGINX core and improve performance.

• An extension of the thread pool improvements we announced last year, which offloaded blocking reads from the NGINX core.

● DNS lookups over TCP - NGINX Plus can use DNS to locate servers. Prior to R9 this was restricted to UDP. In large environments UDP may not offer sufficient space for large DNS responses. From this release, NGINX Plus will immediately retry the request using TCP if it detects a truncated UDP response.

Even More Features

MORE INFORMATION AT NGINX.COM

● Idempotency - NGINX Plus automatically retries failed HTTP requests on a different server within the same upstream group. For non-idempotent operations, such as the HTTP POST request, this can potentially be dangerous as NGINX Plus does not know how much of the operation was completed before an error was received or the operation timed out.

From this release onwards, non-idempotent HTTP requests (POST, LOCK, PATCH) are not automatically retried if they fail.

Even More Features

MORE INFORMATION AT NGINX.COM

The following modules have been updated. Applies to both the nginx-plus-extras and dynamic modules:

● The Headers-More module is updated to 0.29● The Lua module is updated to 0.10.2● The Phusion Passenger Open Source module is updated to 5.0.26

Housekeeping

MORE INFORMATION AT NGINX.COM

Summary

● Dynamic modules enable NGINX Plus to be extended at runtime○ Managed module repository for us to distribute certified extensions○ New modules can be released “off cycle”

● UDP load balancing allows NGINX Plus to load balance (almost) any applications

○ Positions NGINX Plus as an IoT gateway○ Lots of UDP applications existing which can benefit from NGINX Plus

■ Reduced costs■ Software flexibility

● DNS SRV records gives us the ability to easily discover new services○ Supported by most service discovery platforms

● NGINX Plus App Pricing gives us a better fit into microservice environments