Traditionally, content delivery networks (CDNs) were known to accelerate static content. Amazon CloudFront has come a long way and now supports delivery of entire websites that include dynamic and static content. In this session, we introduce you to CloudFront’s dynamic delivery features that help improve the performance, scalability, and availability of your website while helping you lower your costs. We talk about architectural patterns such as SSL termination, close proximity connection termination, origin offload with keep-alive connections, and last-mile latency improvement. Also learn how to take advantage of Amazon Route 53's health check, automatic failover, and latency-based routing to build highly available web apps on AWS.
2. Fundamental Facts
• Any web application must have…
– Tight security
– High availability
– High performance
3. Why Does Availability Matter?
• If your application is not available, your revenue loss is
100%.
• Impact to customer loyalty and your brand image.
4. How AWS Helps?
• Use Amazon Route 53 to health-check your origin
webservers with automatic failover.
• Use Amazon CloudFront to front your origins to reduce load
on your origins.
• Use Amazon CloudFront to customize your error pages.
• Amazon CloudFront will automatically serve stale content
when origin is unavailable.
7. Why Performance Matters?
• Great amount of time and money spent improving back-end
infrastructure performance.
• 80% of user’s perceived latency comes from front-end.
8. How do we Improve Performance?
• A typical web application has…
– Static or Re-Usable content
• High TTLs
• Low TTLs (Customized Content)
• Can be cached
– Dynamic or Unique content
• Zero TTL
• Cannot be cached BUT affects 100% of your viewers!
11. Why Don’t Customers Use CDNs for Dynamic Content?
I don’t see the value - each request is unique and must go
back to the origin web server.
I see the value, but my current CDN charges premium rates
for dynamic content acceleration, with many additional fees.
Configuring a CDN for dynamic content acceleration requires
expensive professional services and is not self-service.
12. How Can Amazon CloudFront Help?
• TCP/IP optimizations for the network path
• Keep-Alive connections to reduce RTT
• SSL termination close to viewers
• POST/PUT upload optimizations
• Latency based routing
• Low prices; same as static content delivery!
13. Re-Usable or Unique Content?
• Static or Re-Usable
– A given content where the state of the content does NOT change for
a given period of time.
t
0
t
1
14. Re-Usable or Unique Content?
• Dynamic or Unique
– A given content where the state of the content changes as soon as it
gets created.
t
0
t
1
25. Optimizing Static Content
• Content is static: images, JS, CSS
– It can be distributed to more than one user.
– State of the object does not change: sec, minute, hours, etc.
– Caching is a way to server static content to more than one user.
34. Optimizing Static Content with Caching
• Bring content closer to the users
• Improves the experience and performance
• Offloads your infrastructure
37. • Are we done? Not so fast! Goal is 0.5 seconds.
Optimizing Static Content with Caching
index.jsp
38. Optimizing Static Content with Caching
• Cache as much as you can.
• How? I’m caching all my images, CSS, and JS.
• Find cacheable content.
– Collect web (w3c) logs from your web-tier
– Run a report on your logs (EMR, RDS, or Redshift)
– Identify top N URLs
39. Optimizing Static Content with Caching
• Steps to find cacheable content
– Example query
Select count(url) count, url
from logs_table
Group by url sort by count;
41. Re-Usable or Unique Content?
• Static or Re-Usable
– A given content where the state of the content does NOT change for
a given period of time.
t
0
t
1
42. Caching for Smaller Time Units
• Goal: find content that can be cached for any given period
of time.
– Hours
– Minutes
– Seconds
• CloudFront can cache content for any period of time.
43. Optimizing Static Content with Caching
• Content with query strings
• Reusable?
• CloudFront can cache content with query strings.
• Every unique query-string combination is a new object in
CloudFront’s cache.
110 /factor/create_image?name=book1&size=10x10
44. Optimizing Static Content with Caching
• API calls
• Reusable?
• CloudFront can cache content with query strings.
• Every unique query-string combination is a new object in
CloudFront’s cache.
100 /api/GetBooks?category=math
45. Caching for Smaller Time Units
• Imagine your have a read heavy API GETS hit 100 or 1,000
RPS.
• Offload your web-tier from handling 1,000 RPS.
• Offload your load balancer; Elastic Load Balancing or any
other LB.
• Provision less capacity and reduce costs.
100 /api/GetBooks?category=math
46. Caching Personalized Content Just Launched!
• Optionally configure CloudFront to forward request headers
to your origin.
• Enables caching for personalized content:
• Mobile Device Detection
• Geo Targeting
• Multi-Site Hosting
• Cross Origin Resource Sharing (CORS)
• Protocol Detection
50. Optimizing Dynamic Content
• Can dynamic content be optimized?
– Dynamic content is not cacheable.
– Content can be “proxied” by CDN to the origin and back.
61. Optimizing Dynamic Content
• Can dynamic content be optimized?
– That adds latency?
– How to optimize dynamic content?
– Response time = ∑ Time (DNS + Connection + First Byte + Content
Download)
DNS lookup
Content downloadTCP connection
Time to first byte
62. Faster Response Time =
Reduced DNS Time
+
Reduced Connection Time
+
Reduced First Byte Time
+
Reduced Content Download Time
Optimizing Dynamic Content
63. Faster Response Time =
Reduced DNS Time
+
Reduced Connection Time
+
Reduced First Byte Time
+
Reduced Content Download Time
Optimizing Dynamic Content
64. Keep-Alive connections
& SSL termination
Faster Response Time =
Reduced DNS Time
+
Reduced Connection Time
+
Reduced First Byte Time
+
Reduced Content Download Time
Optimizing Dynamic Content
65. Keep-Alive connections
& SSL termination
Faster Response Time =
Reduced DNS Time
+
Reduced Connection Time
+
Reduced First Byte Time
+
Reduced Content Download Time
Keep-Alive connections
Optimizing Dynamic Content
66. Keep-Alive connections
& SSL termination
Faster Response Time =
Reduced DNS Time
+
Reduced Connection Time
+
Reduced First Byte Time
+
Reduced Content Download Time
Keep-Alive connections
TCP/IP optimization
Optimizing Dynamic Content
68. • How to optimize DNS response time? – with Route 53
Optimizing DNS Response Time
DNS lookup
69. • Amazon Route 53 managed DNS offering
• Designed for high availability
• Low latency DNS resolution
• Global network of DNS servers
• Queries routed to nearest DNS server
Optimizing DNS Response Time
72. • How to optimize TCP connections? – with CloudFront Keep
Alive connections.
Optimizing TCP Connections and First Byte
TCP connection
Amazon CloudFront
Keep-Alive Connections
73. • TCP/IP handshake
– HTTP runs on TCP/IP
– TCP has the concept of TCP handshake
– Every HTTP connection has to complete TCP handshake
– TCP/IP handshake penalizes dynamic content
Optimizing TCP Connections
77. Two Users without CloudFront
SYN
SYN-ACK
ACK
GET /index.jsp
90ms
Region
78. Two Users without CloudFront
360ms
SYN
SYN-ACK
ACK
GET /index.jsp
90ms
Region
79. Two Users without CloudFront
360ms
SYN
SYN-ACK
ACK
GET /index.jsp
SYN
90ms
Region
80. Two Users without CloudFront
360ms
SYN
SYN-ACK
ACK
GET /index.jsp
SYN
SYN-ACK
90ms
Region
81. Two Users without CloudFront
360ms
SYN
SYN-ACK
ACK
GET /index.jsp
SYN
SYN-ACK
ACK
GET /index.jsp
90ms
Region
360ms
82. • Every user is a new connection.
• More users = more TCP connections.
Without CloudFront
Region
83. • Every user is a new connection.
• More users = more TCP connections.
Without CloudFront
Region
84. • Every user is a new connection.
• More users = more TCP connections.
Without CloudFront
Region
85. • Every user is a new connection.
• More users = more TCP connections.
Without CloudFront
Region
86. • Without Keep-Alive connections
– Puts load on memory/CPU
– Puts load on your web servers
– Load on your web servers, increases the time to first byte.
Optimizing TCP Connections
87. Two Users with CloudFront Keep-Alive
SYN
60ms30ms
Region
88. Two Users with CloudFront Keep-Alive
SYN
SYN-ACK
60ms30ms
Region
89. Two Users with CloudFront Keep-Alive
SYN
SYN-ACK
ACK
GET /index.jsp
60ms30ms
Region
90. Two Users with CloudFront Keep-Alive
SYN
SYN-ACK
ACK
GET /index.jsp
SYN
60ms30ms
Region
91. Two Users with CloudFront Keep-Alive
SYN
SYN-ACK
ACK
GET /index.jsp
SYN
SYN-ACK
60ms30ms
Region
92. Two Users with CloudFront Keep-Alive
360ms
SYN
SYN-ACK
ACK
GET /index.jsp
SYN
SYN-ACK
ACK
GET /index.jsp
60ms30ms
Region
93. Two Users with CloudFront Keep-Alive
360ms
SYN
SYN-ACK
ACK
GET /index.jsp
SYN
SYN-ACK
ACK
GET /index.jsp
60ms
SYN
30ms
Region
94. Two Users with CloudFront Keep-Alive
360ms
SYN
SYN-ACK
ACK
GET /index.jsp
SYN
SYN-ACK
ACK
GET /index.jsp
60ms
SYN
SYN-ACK
30ms
Region
95. Two Users with CloudFront Keep-Alive
360ms
SYN
SYN-ACK
ACK
GET /index.jsp
SYN
SYN-ACK
ACK
GET /index.jsp
60ms
SYN
SYN-ACK
ACK
GET /index.jsp
30ms
Region
GET /index.jsp
180ms
96. • CloudFront Keep-Alive connections
– More users does not have to equal more TCP connections
– Without CloudFront two users equal two connections
– With CloudFront two users equal one connection
– Offloads your web tier’s CPU/memory
– Improves response time
– Without CloudFront two users equal 720ms
– With CloudFront two users equal 540ms
Optimizing TCP Connections
98. • How to optimize SSL connections? – with CloudFront SSL
termination.
Optimizing SSL Connections
TCP connection
Amazon CloudFront
SSL termination
99. • CloudFront has the ability to support SSL traffic.
• Use CloudFront cert or bring your own.
• SSL traffic gets terminated at the closet CloudFront
location.
Optimizing SSL Connections
100. • Taking advantage of Keep-Alive connections
– SSL introduces additional TCP handshake packets.
– Keep-Alive eliminates additional SSL TCP handshake packets
– Offloading your infrastructure from terminating 1,000s of end-users
SSL connections.
Optimizing SSL Connections
101. • Two optimization patterns:
– Half bridge SSL termination
– Full bridge SSL termination
SSL Optimization Patterns with CloudFront
102. Half Bridge SSL Termination
CloudFront
HTTP
• Better performance by leveraging HTTP connections to
origin
Region
111. • CloudFront can optimize slow start for new connections.
• CloudFront uses existing connections so users can skip slow
start.
• Users benefit from TCP window optimized with an existing
connection.
• More packets transferred in a single round trip.
Optimizing Content Download
119. • Without CloudFront
• With CloudFront
Performance Tests
Oregon Virginia
Oregon Virginia
120. Performance Tests Results
Test # Of Packets Response Time Per Request
Response Time For 200
Requests
Without
CloudFront
2605 170 ms 33.876 s
With
CloudFront
896 96 ms 19.24 s
121. • How to optimize content PUT/POST? – with CloudFront
PUT/POST Verb optimization
Optimizing PUT/POST
TCP connection
Amazon CloudFront
PUT/POST Verb optimization
122. • CloudFront can support verbs: PUT, POST, DELETE,
OPTIONS, and PATCH.
• Data won’t get cached.
• CloudFront can proxy data to origin.
Optimizing PUT/POST
126. Optimizing PUT/POST Performance Tests
Oregon Virginia
Upload
• Uploading 10MB data from an instance in US East region to
US West region: average result is 5 seconds.
127. Optimizing PUT/POST Performance Tests
Oregon Virginia
• Uploading 10MB data from an instance in US East region to
closest CloudFront location: average result is 3.5 seconds.
128. • How to optimize content download even more? – with
Route 53
Optimizing Content Download – Even More!
Content download
129. • Latency Based Routing (LBR)
• Run multiple stacks of your application in different AWS
regions around the world.
• Create LBR records for each location and tag the location
with GEO information.
• Route 53 will route end users to the endpoint that provides
the lowest latency.
Optimizing Content Download – Even More!
130. • LBR Benefits
– Better performance than running instances in single region.
– Improved reliability relative to running in a single region.
– Easier implementation than traditional DNS solutions.
– Much lower prices than traditional DNS solutions.
Optimizing Content Download – Even More!
133. • Use CloudFront for dynamic content optimization
• Host your origin at multiple AWS locations (or data centers)
– US
– Europe
Optimizing Content Download – Even More!
134. • Create origin DNS records in Route 53 at each location.
• Route 53 measures the latency between CloudFront and all
configured origins.
• Route 53 resolves origin’s hostname to the closest location.
• Reduce download time.
Optimizing Content Download – Even More!
151. • CloudFront & Route 53
• Normal interaction
– Users connect to CloudFront
– CloudFront connects to origin
Design For Failure
CloudFront
Region
152. • What happens if the origin fails to respond to CloudFront?
Design For Failure
CloudFront
Region
153. • Failures can be detected by Route 53 health checks.
Design For Failure
Region
Health checks
154. • The traffic shifts to the healthy instances or load balancers.
Design For Failure
Region
CloudFront
Health checks
155. • Can mix health checks and LBR.
• Can apply the same logic to multi-region deployments.
• Users get connected to the closest region if both regions
are healthy.
• Route 53 detects failures via health checks.
• Users get connected to the healthy region if the closest
region is not passing the health check.
Design For Failure
Region
157. • Caching improves performance.
• Caching can also improve availability.
• If your infrastructure is experiencing failure, CloudFront can
server cached content instead of 5xx, 4xx, etc.
Design For Failure
Region
168. • Accelerate all your content with CloudFront.
• Use CloudFront with Route 53 LBR to improve your
performance.
• Design for failure with CloudFront and Route 53.
Summary
Region
172. • PUT/POST
– “We are excited to use CloudFront's new POST, PUT, PATCH, and DELETE
capabilities to accelerate our RESTful APIs on Amazon EC2. With these
new HTTP methods we can now take advantage of CloudFront’s global
footprint and optimized connections back to our origin servers in AWS.
Routing our customers’ API requests via a CloudFront edge location near
them will help improve their experience by minimizing packet loss and
upload latency. This will help provide a streamlined experience for our
customers.” Ilan Rabinovitch, Tech Lead, Site Reliability Engineering
Customer Stories
Region
174. • Health Checks and Failover
– “Amazon Route 53’s DNS Failover feature provides high availability
across our multiple AWS regions and gives us the ability to offload
our origins.”
Customer Stories
Region
175. • AWS Free Usage Tier
• 50 GB CloudFront Data Transfer per Month
• 2,000,000 HTTP/HTTPS Requests per Month
• Learn More: http://aws.amazon.com/free/
• Office Hours with CloudFront Engineers
• July 30th, 2014
• 10 – 11am (PST)
• Register Here: http://aws.amazon.com/cloudfront/
Get Started with CloudFront
Region