Architectural heads-up/call for comments

Cosimo Streppone cosimo at streppone.it
Thu Jan 7 10:18:14 CET 2010 

On 06 january 2010 12:46:07, Poul-Henning Kamp <phk at phk.freebsd.dk> wrote:

> [...] call for comments from the users of varnish [...]


> 1.  Kill the magic default VCL.

It's great that you're asking feedback, thanks.

> You will no longer be able to just give Varnish a subset of the VCL
> instruction, ie. just a vcl_recv{} function

I understand and appreciate the motivation for this.
However, I must say I find it really easy to just have
a default behavior built-in.

In one of our deployments, we have a VCL consisting only
of a 5 lines vcl_recv(). Very simple and effective.

OTOH, it's true that you have to know what you're doing.
I would suggest to have several presets files, sort of what
mysql does with my-huge.cnf, etc...

Say, something like:

    - default.vcl        (the one with the built-in behavior)
    - simple-static.vcl  (for mostly static web servers, strip  
cookies+basicauth)
    - webapp-simple.vcl  (static + dynamic with 1 backend)
    - webapp-large.vcl   (like simple with a cluster of backends, director,  
etc...)
    - ...

> The current behaviour does not work the way it was intended and
> confuses a lot of people, because they do not see the full picture.

Yes, it confused me too when I wanted to just turn the key
and get the thing going. Then you realize you have to
stop and rftm :)

> Back in the ancient mists of time, spirits were brave, stakes were
> high and we thought it would be possible for users to use VCL
> "libraries" and have a VCL file that looked like:
> 	include "typo3.vcl";
> 	include "anti_dos.vcl";
> 	include "anti_malware.vcl";
> 	...
> Obviously, that does not work, because of the ordering necessary
> of the checks..

Please, can you explain?

> 2.  Client identity

That would be great, even if I/we (prefer to)
have completely stateless backends, so it doesn't matter
on which backend you end up.

> 3. Synth replies (and vcl_error{} ?)

We currently don't let varnish reply directly to clients,
so we don't use this feature for now.

> 4. VCL conversions
>
> if (ip(req.http.x-forwarded-for, 0.0.0.0) ~ acl_badguys)) {

I never had the need for this, but I understand
it's a good feature to prevent problems.

> Thanks for listening, now it's your turn to tell me

I hope it's useful feedback,
we're just starting with varnish.

-- 
Cosimo

More information about the varnish-misc mailing list