NGINX Plus R7 is full of new features to help you deliver your applications. HTTP/2 is now fully supported. A redesigned graphical dashboard helps you quickly identify problems. And improvements to the core of NGINX enhance performance, security, and reliability for all your applications. These changes bring tremendous capability to help make your applications faster and more secure than ever.
View full webinar on demand at https://www.nginx.com/resources/webinars/whats-new-in-nginx-plus-r7/
3. Building a great application
is only half the battle,
delivering the application
is the other half.
4. Applications of the future
will be dramatically different
to the applications of today
5. MORE INFORMATION AT NGINX.COM
Modern Web, Modern Architecture
From Monolithic...
Three-tier, J2EE-style architectures
Complex protocols (HTML, SOAP)
Persistent deployments
Fixed, static Infrastructure
Big-bang releases
Silo’ed teams (Dev, Test, Ops)
...to Dynamic
Microservices
Lightweight (REST, Messaging)
Containers, VMs
SDN, NFV, Cloud
Continuous delivery
DevOps Culture
6. MORE INFORMATION AT NGINX.COM
Applications are made of Diverse components
PHP, Ruby, JavaScript, Python,… diversity is the new standard
Applications are made of Transient components
Servers and containers are deployed and destroyed almost continually
Applications are made of Lightweight components
Simple, highly-focused components are stitched together
Modern Web Applications are...
7. The modern web requires
a new approach
to application delivery
8. MORE INFORMATION AT NGINX.COM
Flawless Application Delivery
for the Modern Web
8
Load Balancer Monitoring &
Management
Web ServerContent Cache Streaming Media
11. Application delivery for microservices
Adopters deploy NGINX in front
of and within each
microservice, ensuring they are:
• Connected
• Available
• Authenticated
• Secured
• Cached
• Load Balanced
• Accelerated
• Scaled
11
13. NGINX Plus R7 extends our
capabilities as an enterprise-grade
load balancer, proxy,
& server platform
for the modern web.
14. MORE INFORMATION AT
NGINX.COM
Key New Features
● HTTP/2 - NGINX Plus now provides a fully supported implementation of the new HTTP/2 web
standard
● Performance - Support for socket sharding and thread pools give up to 9x improvement in
some cases
● Security - NTLM support for Microsoft application and new TCP security enhancements
improve the security and reliability of your applications
● Monitoring - Improved monitoring and diagnostics tools to help with tuning and debugging
● Visibility - Significantly enhanced status monitoring dashboard
16. MORE INFORMATION AT
NGINX.COM
• HTTP/2 is the new standard for transmitting data over the internet.
• Ratified as a standard on February 17, 2015 by the IESG
• Supported by Firefox, Chrome and Safari (with iOS9 and El Capitan)
• Over 50% of users have a browser that supports HTTP/2
• Better performance through a few key optimizations:
• Connection multiplexing
• Single connection
• Binary Header encoding
• Header compression
• SSL not mandated by standard, but Firefox and Chrome won’t support without encryption
• Support will be by a special package: nginx-plus-http2
• No -extras package
• Regular nginx-plus* packages will support SPDY/3.1
HTTP/2 Overview
17. MORE INFORMATION AT
NGINX.COM
● All elements of a webpage are downloaded over a single connection for greater efficiency
● True multiplexing of requests across the connection
HTTP/2 vs. HTTP/1
18. MORE INFORMATION AT
NGINX.COM
• HTTP/2 Gateway - NGINX Plus translates HTTP/2 into a protocol existing app servers can understand
• Backwards Compatibility - Using NPN, NGINX Plus can support HTTP/2 alongside older browsers that only run
HTTP/1.x
How NGINX Supports HTTP/2
20. MORE INFORMATION AT
NGINX.COM
• Improves performance up to 9x for disk based workloads such as caching or serving static content
• Disk operations are slow in general and blocking in Linux
• If disk operation blocks, NGINX worker process blocks and can’t do productive work
• Instead of doing disk operation directly, worker process hands the work off to a ‘thread pool’
• After hand off, worker process continues on as usual
• Thread pool notifies worker process when disk operation is done
Thread Pools
21. MORE INFORMATION AT
NGINX.COM
Socket Sharding
• Improves performance up to 3x for workloads with short lived connections
• More efficient handoff of packets from Linux kernel to NGINX worker processes
• Linux kernel round robin load balances packets between worker processes
• Otherwise packets are put up for grabs to first available worker
• Requires SO_REUSEPORT socket option committed into Linux kernel 3.9
• Supported in Red Hat Enterprise Linux 7 or later and Ubuntu 13.10 or later
23. MORE INFORMATION AT
NGINX.COM
• Microsoft standard used to authenticate users to services.
• Succeeded by Kerberos for modern Microsoft applications.
• Still used by legacy Microsoft applications and for some scenarios with modern Microsoft applications.
• Has a unique requirement that connections to backend servers are persistent and not multiplexed.
• NGINX Plus only
NTLM Support
24. MORE INFORMATION AT
NGINX.COM
• Connection Limiting
• Limit connections clients can have open at a time
• Slow down DDoS attackers
• Access Controls
• Create black/white lists of IP Addresses
• Quickly block malicious IPs
• Bandwidth Limits
• Limit client upload and download speed
• Prevent attackers from taking up precious bandwidth
TCP Load Balancing
25. MORE INFORMATION AT
NGINX.COM
NGINX F/OSS NGINX Plus
Core Features
• TCP load balancing
• Load-balancing methods
• PROXY_PROTOCOL support *
• SSL decryption and encryption
• TCP load balancing metrics and health check data
Compile-time option
RR, Hash, Least_Conn
Yes
Yes
Built-in
All, plus Least_Time
Yes
Yes
Yes
Dynamic Configuration
• DNS configuration
• Dynamic load balancing configuration
Static Dynamic
Upstream_Conf API
High Availability
• Passive health checks
• Application-aware health checks
• Slow-Start for recovered servers
Yes Yes
Yes
Yes
Security and Access Controls
• Access Controls *
• Bandwidth limiting *
• Client connection limits *
• Binding to a specific address *
• Server (upstream) connection limits
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
27. MORE INFORMATION AT
NGINX.COM
• 499 errors - Client closed connection while server was processing request.
• NGINX worker restarts - The number of times the NGINX worker restarted. This helps to detect NGINX worker
process crashes.
• NGINX reloads - The number of times NGINX was reloaded. This confirms that NGINX was actually reloaded,
or that it failed due to various reasons such as improper configuration.
• Queue overflows - Measures how well a server handles load. A high number of queue overflows indicates a
server that is struggling to keep up.
• SSL handshakes - The number of SSL handshakes completed.
• SSL sessions reused - The number of SSL sessions that were reused from an earlier session.
• New SSL sessions - The number of new SSL sessions negotiated.
• NGINX Plus only
New counters
30. MORE INFORMATION AT
NGINX.COM
• Health - Quickly identify failed servers
• Load - High Req/s and connection count can indicate a heavily loaded system or DDoS attack
• Cache - Learn the current state of the content cache
Dashboard Overview
31. MORE INFORMATION AT
NGINX.COM
• Start from the dashboard and quickly drill down for more specific data
• Tabs have easy red, yellow, green indicators for quick identification of health problems
Tabbed Navigation
32. MORE INFORMATION AT
NGINX.COM
• Quickly identify failed servers
• “Failed only” button to display only failed servers.
• Responses from servers broken down by response code
• A large number of 4xx or 5xx errors can indicate problems with backend server
• Monitor how much bandwidth is being used by each server
• Compare different servers in the pool and how evenly the traffic is being spread
• Click pencil icon to temporarily add/remove/modify servers
Upstream view
33. MORE INFORMATION AT
NGINX.COM
• Quickly add in a new server
• Only Server address field is required
• Changes are temporary and do not persist
across a reload
• Uses the NGINX Plus dynamic reconfiguration
API
Upstream view
34. MORE INFORMATION AT
NGINX.COM
• Hit ratio tracks how well the cache is performing
• A low hit ratio indicates most responses are missing the cache and going directly to backend
• Convenient red, yellow, green indicators
• Capacity bar shows how full the cache is
• Warm/cold indicator for whether or not the cache is ready to be used
Cache view
35. MORE INFORMATION AT
NGINX.COM
• Tooltips throughout the dashboard give more detailed information about upstream servers, configuration reloads,
cache status, and any error messages.
• Server zones view gives data on NGINX Plus interaction with clients
• Contains equivalent views for TCP and HTTP traffic
• Can also temporarily add/remove/modify backend servers for TCP applications
• NGINX Plus only
And More...
37. MORE INFORMATION AT
NGINX.COM
• Improved HLS streaming - Support for the start, end, and offset HLS tags for m3u8 URLs. This allows content
publishers to easily publish links to fragments of a video stream.
• Content modification - The sub_filter module has been extended to support variables and chains of substitutions,
making more complex changes possible. You can also use it to insert content into HTML pages, such as boilerplate text,
without having to modify the original HTML content.
• $upstream_connect_time - A new NGINX variable that tracks the time it takes to connect to a back-end server.
Slower servers will have a larger connect time.
• Config dump - nginx -T on the command line dumps the parsed NGINX configuration. Useful for archiving purposes
or when filing a support ticket.
• More configurable TCP load balancing - The proxy_bind, tcp_nodelay, proxy_protocol, and the backlog
parameter to the listen directives are all now configurable parameters.
• Redis support – The lua-resty-redis NGINX module is now included natively in the NGINX Plus Extras package. It
enables NGINX Plus to interact with a Redis database (for example, to get and set values).
• Updated Phusion Passenger module - The Phusion Passenger module has been updated to version 5.0.11.
Even more features
38. MORE INFORMATION AT
NGINX.COM
Learn more
• NGINX Plus R7 overview with code samples
• nginx.com/r7
• NGINX white paper on HTTP/2 and how to deploy it with NGINX and NGINX Plus
• nginx.com/http2-wp
• Special edition ebook on HTTP/2 and web performance by Ilya Grigorik of Google
• nginx.com/http2-ebook
• A demo of the new NGINX Plus dashboard
• demo.nginx.com
39. MORE INFORMATION AT
NGINX.COM
Summary
• Fully-supported HTTP/2 implementation
• Socket sharding and thread pools improve performance up to 9x
• NTLM support for Microsoft applications and more security for TCP applications
• Improved monitoring and diagnostics with additional counters
• Significantly enhanced dashboard
• …And a handful of tweaks and enhancements