[drewg123]

Responding to a few points. We do indeed use the OS page cache. The hottest files remain in cache and are not served from disk. We manage what is cached in the page cache and what is directly released using the SF_NOCACHE flag.

I believe our TLS initiative was started before browsers started to complain, and was done to protect our customer's privacy.

We have lots of fancy congestion optimizations in TCP. We offload TLS to the NIC, *NOT* TCP.

[daper]

Can I ask if your whole content can be stored on a single server so content is simply replicated everywhere or there is some layer above that that directs requests to the specific group of servers storing the requested content? I assume the described machine is not just part of tiered cache setup since I don't think nginx capable for complex caching scenarios.

[drewg123]

No, the entire catalog cannot fit on a single server.

There is a Netflix Tech Blog from a few years ago that talks about this better than I could: https://netflixtechblog.com/content-popularity-for-open-conn...

[arkj]

> We offload TLS to the NIC, NOT TCP.

How is this possible? If TCP is done on the host and TLS on the NIC data will need to pass through the CPU right? But the slides show cpu fully bypassed for data

[toast0]

The CPU gets the i/o completion for the read, and is in charge of the ram address where it was stored, but it doesn't need to read that data...

Modern NICs use packet descriptors that allow you to more or less say take N bytes from this address, then M bytes from some other address, etc to form the packet. So the kernel is going to make the tcp/ip header, and then tell the nic to send that with the next bytes of data (and mark it for TLS however that's done).