Enable High-Performance Content Delivery Using Varnish Enterprise
Deliver great web experiences to large audiences by loading web pages faster and reducing the latency of media streaming.
Deploying Varnish Enterprise’s reverse proxy and HTTP engine technology in the cloud reduces backend server load by up to 99% so that you can scale up your deployment while protecting critical infrastructure and keeping costs predictable.
The Varnish Enterprise 6 for Oracle Cloud Infrastructure OCI image available from the Oracle Cloud Marketplace contains a version of Varnish Enterprise 6 that’s optimized for cloud with high availability, cache persistence, and custom analytics. The software includes the following advanced features:
- Performance boost: Enhanced caching with high availability, provided by built-in content replication, prefetching, and finely tuned policies.
- Resilience and persistence: Contains a persistence layer that’s optimized for storage and caching large volumes of data. The cache can persist across restarts, and there is better storage for larger data sets to alleviate fragmentation and to regain performance.
- Personalization and fast decision-making: Deliver personalized content quickly and move content decision-making closer to your users with Parallel ESI, JSON parsing, device detection, and IP geolocation.
- Security: TLS encrypts communications and data on both the server and on the client. You can encrypt cached data both in memory and on disk. The software also contains a built-in web application firewall.
Architecture
This reference architecture deploys a public load balancer, Varnish Enterprise nodes running the software, block storage, and file storage.
The architecture uses a region with one availability domain and regional subnets. You can use the same architecture in a region with multiple availability domains. We recommend that you use regional subnets for your deployment, regardless of the number of availability domains.
The following diagram illustrates this architecture. The load balancer routes incoming requests to the Varnish Enterprise server. The server resolves the requests by using Oracle Cloud Infrastructure Domain Name System (DNS) service, sometimes called OCI DNS, and caches the content in attached block storage. If the content is already cached in block storage, the load balancer responds to the request.
Varnish Enterprise nodes are in a regional public subnet because they respond to requests directly using the internet gateway provided by Oracle Cloud Infrastructure.
File storage saves session information, which enables node synchronization on Varnish Enterprise servers.
The architecture has the following components:
- Region
A region is a localized geographic area composed of one or more availability domains. Regions are independent of other regions, and vast distances can separate them (across countries or continents).
- DNS
The DNS service lets you create and manage your DNS zones. You can create zones, add records to zones, and allow Oracle Cloud Infrastructure's edge network to handle your domain's DNS queries.
- Availability domains
Availability domains are standalone, independent data centers within a region. The physical resources in each availability domain are isolated from the resources in the other availability domains, which provides fault tolerance. Availability domains don’t share infrastructure such as power or cooling, or the internal availability domain network. So, a failure at one availability domain is unlikely to affect the other availability domains in the region.
- Fault domains
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain has three fault domains with independent power and hardware. When you place Compute instances across multiple fault domains, applications can tolerate physical server failure, system maintenance, and many common networking and power failures inside the availability domain.
- Virtual cloud network (VCN) and subnets
A VCN is a software-defined network that you set up in an Oracle Cloud Infrastructure region. VCNs can be segmented into subnets, which can be specific to a region or to an availability domain. Both region-specific and availability domain-specific subnets can coexist in the same VCN. A subnet can be public or private.
- Security lists
For each subnet, you can create security rules that specify the source, destination, and type of traffic that must be allowed in and out of the subnet.
- Load balancer
The load balancers distribute incoming traffic to the Varnish nodes.
- Varnish Enterprise (VE1 and VE2) nodes
These Compute instances run the Varnish Enterprise software. The nodes have high-availability agents that use session information saved in file storage to synchronize the nodes. These nodes also respond to requests directly by using the Oracle Cloud Infrastructure internet gateway.
- Block volumes
With block storage volumes, you can create, attach, connect, and move storage volumes, and change volume performance to meet your storage, performance, and application requirements. After you attach and connect a volume to an instance, you can use the volume like a regular hard drive. You can also disconnect a volume and attach it to another instance without losing data.
- File storage
The file system is mounted on Varnish Enterprise nodes and used to store session information. This information is used by high-availability agents to synchronize the Varnish Enterprise nodes.
Recommendations
Your requirements might differ from the architecture described here. Use the following recommendations as a starting point.
- Load balancer
The load balancer distributes incoming traffic to the Varnish Enterprise nodes. We recommend a minimum shape of 400 Mbps. We also recommend that you use the “least connections” or “IP Hash” load balancing policy.
- Varnish Enterprise (VE1 and VE2) nodes
Use the VM.Standard2.24 shape, which provides 24 OCPU and 320 GB of RAM. Start with two nodes in separate fault domains. Use instance configuration and the autoscaling feature to scale up or down as needed.
- Block volume
Use the maximum number of block volumes that you can attach to a single instance (32) with maximum allowable size (32 TB). This configuration provides sufficient storage space for caching the content.
- VCN
When you create the VCN, determine how many IP addresses your cloud resources in each subnet require. Using Classless Inter-Domain Routing (CIDR) notation, specify a subnet mask and a network address range large enough for the required IP addresses. Use an address space that falls within the standard private IP address blocks.
Select an address range that doesn’t overlap with your on-premises network, so that you can set up a connection between the VCN and your on-premises network later, if necessary.
After you create a VCN, you can't change its address range.
When you design the subnets, consider your functionality and security requirements. Attach all the compute instances within the same tier or role to the same subnet, which can serve as a security boundary.
Use regional subnets.
- Security lists
Use security lists to define ingress and egress rules that apply to the entire subnet. For example, this architecture allows ICMP internally for the entire private subnet.
Considerations
- Performance
To get the best performance, choose the correct Compute shape with appropriate bandwidth.
- Availability
Consider using a high-availability option based on your deployment requirements and region. Options include using multiple availability domains in a region and fault domains.
- Cost
A bare metal GPU instance provides necessary CPU power for a higher cost. Evaluate your requirements to choose the appropriate Compute shape.
- Monitoring and alerts
Set up monitoring and alerts on CPU and memory usage for your nodes, so that you can scale the shape up or down as needed.
Deploy
A Terraform stack to deploy this reference architecture is available in Oracle Cloud Marketplace.
- Go to Oracle Cloud Marketplace.
- Click Get App.
- Follow the on-screen prompts.