Lessons learned tuning TCP and Nginx in EC2
engineering.chartbeat.comIf I understand this correctly then the huge improvement in latency (from 200ms to 3ms) comes from not having to deal with slow clients directly. Traffic to your front-end server are now only from ELB, and ELB is "spoon-feeding" the web-clients. This is true if you are using ELB in "http-mode". This also explains why you can cut the front-end servers by 20% - as each request is handled more efficiently (lower latency equals higher throughput). Also, connection-reuse is more efficient as the set of servers in the ELB-pool is more limited that the set of web-clients.
ELBs have terrible TLS support... Cipher suite choice and ordering support is abysmal, and they only recently started supporting newer TLS versions. OCSP stapling isn't supported either.
https://wiki.mozilla.org/Security/Server_Side_TLS#Amazon_Web... gives more information if you're curious.
Small note - gratutious arp and traditional VIPs are available within a VPC.
It does, but it's not very useful, as you cannot have a VIP span multiple AZs and typically a spontaneous instance failure is correlated with an AZ problem. ENIs (and IPs) are tied to a subnet, which is tied to an AZ. Even the example only utilizes a single availability zone. While there may be a tiny bit of additional redundancy added by doing this, you still need a way to fail over to another availability zone.
I would love a way to do multicast UDP in a VPC (i.e. for discovery). I've been hopeful for years..
interesting, I can't find anything that supports this. Do you have a link to a doc?
edit: or are you referring to using ENIs?
Sure, here you go. Basically, you can set up a private subnet, from which you can use any IP.
This isn't ARP per se as one would traditionally expect it. This is the networking in VPC handling the movement of the ENI.
It looks like this is using APIs not ARP to move the IP address; am I wrong?
that's correct as far as I understand the capabilities in VPC.
Check you site with Ghostery, the CSS does not load.
sounds like a bug in Ghostery?
I see this issue a lot with blogs related to tracking companies (Mixpanel, for example). These companies are serving their blog CSS from the same hostname as they serve their tracking code, so Ghostery blocks it.
no, blog belongs to someone working for Internet equivalent of a cockroach.