baidu / bfe-book Goto Github PK

In-depth Understanding of BFE《深入理解BFE》（Book for BFE, a CNCF open source project. both in English and in Chinese）

License: Creative Commons Attribution 4.0 International

bfe-book's Introduction

In-depth Understanding of BFE

English | 中文

This book focuses on BFE open source project, introduces the relevant technical principles of network access, explains the design idea of BFE open source software, and how to build a network front-end platform based on BFE open source software. Readers with development capabilities can also develop BFE extension modules according to their own needs or contribute code to BFE open source projects according to the instructions in this book.

BFE Open Source Project

BFE is Baidu's unified layer-7 load balancing platform. The BFE platform has been under construction since 2012. By the end of 2020, the BFE platform has forwarded more than trillions of requests per day, with a daily peak of more than 10 million QPS, which has great influence in the industry. In July 2019, BFE's forwarding engine was open-sourced, and was accepted by CNCF (Cloud Native Computing Foundation) as the "Sandbox Project" in June 2020.

Address of BFE open source project: https://github.com/bfenetworks/bfe

Authors

姓名	Github ID
Miles Zhang	mileszhang2016
Sijie Yang	iyangsj
Ming Dai	daimg
Chunhua Tao	ohscartao

Copyright Statement

This book adopts Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) Permission. The distribution copyright belongs to Publishing House of Electronics Industry. Do not reprint, print and distribute without authorization.

The copyright of this book belongs to the BFE open source community. The author of this book reserves the right of authorship for the content he wrote, and the remuneration will be used for the construction of the BFE open source community.

Background

Chap1 Introduction to BFE

Principles

Designs

Operations

Implementations

Development

Chap 34 How to Develop BFE Extension Module

Appendix

Appendix1 Multi-process GC mechanism of BFE

bfe-book's People

Contributors

Stargazers

Watchers

Forkers

lushan01 yes2eyes tshichun newlife007 dino-ma shengbinxu zhangyiyanyan kingljl yexihu spider-nns isgasho wishl swsiyu org-mars gifrop yzleebj googege liaoxin01 xiaofei0800 go-remind ikingye check-it-later jiayangchen zheng1 qia01ng andyroyal chaosstudygroup tsuihe joshuazero fucking-translation mryoungyu bugwz gonwalk shilling-h topprogrammer crashsol daheige khum08 john-kyq crackercat lingtaonju gydong xxm404 woniuxu sioncheng yan234280533 mirrorfork zer0n1 xiaobitao yianz liuhwww nigolarer 4honor wangfeiing m-sters zhaotao19860 handsaomeboy wolf-nest nightmarerevisited isaacjlwu tigerjibo istoliving hzl3151904214 chuntaojun jxd134 tech-jum zjh1315 beyondyyh 3rdrepo hualin-bj albertcy eysdo nietzschex guaneryuanyuan wb1t lzh2nix lackoxygen xxq8855 wangjinnana zorro-ly2016 gottaboy ai-newbee pangdahua 21bigticket jiangz222 cavalry87 yajunzhang fbwfbi cod1ingcoding pinkuburu pinghe zhongliangshan dalian-cloud odevilo lc-1010 kaizhiyu iglev ajunlonglive sneptune-love since1886

bfe-book's Issues

可以+一个反代HTTP2的配置示例么？

建议每个章节添加一个下一节的链接

建议每个章节添加一个下一节的链接方便查看文档阅读

性能损耗的疑问

https://github.com/baidu/bfe-book/blob/version1/design/ideas/ideas.md?plain=1#L60

这里描述了两点bfe相比于nginx性能差的原因，但感觉网络模型也是非常重要的一点

nginx 的每个worker是基于reactor的单线程模型

对与bfe而言，是否是每来一个连接，都要开一个新的协程处理请求？
比如这里：https://github.com/bfenetworks/bfe/blob/develop/bfe_server/http_server.go#L101

当来了一波并发，基于上述goroutine-per-connection模型，要开大量的协程分别处理这些请求，此时GPM的调度，cpu上下文切换，都需要消耗大量cpu时间，导致性能降低

上述的描述基于主观猜测，望指正~

SniConf as string instead of array.

In Chapter 22 the following configuration is displayed:

{
    "Version": "1",
    "DefaultNextProtos": ["http/1.1"],
    "Config": {
        "example_product": {
            "SniConf": "example.org",
            "CertName": "example.org.cert",
            "NextProtos": [
                "http/1.1"
            ],
            "Grade": "C"
        }
    }
}

But that throws the next error:

[EROR] [9188] (github.com/bfenetworks/bfe/bfe_server.StartUp:45) StartUp(): InitHttps():in TlsRuleConfLoad() :tls_rule_conf.BfeTlsRuleConf.Config: tls_rule_conf.TlsRuleConf.SniConf: []string: decode slice: expect [ or n, but found ", error found in #10 byte of ...|niConf": "example.org"|..., bigger context ...|ample.org"
            "SniConf": "example.org",
            "CertName": "example.org.cert",

The correct thing to do is to use an array:
"SniConf": ["example.org"]

加了一个在线阅读版本

感谢作者分享这本书。

在线看着不方便，所以我加了一个在线阅读版本： https://chaosstudygroup.github.io/bfe-book/ 。

第十八章信息的透传疑问

透传方案
BFE在扩展模块mod_header中默认提供了捎带客户端IP地址和端口的功能。只要在BFE启动时配置加载mod_header，在转发后请求中就会包含这两个信息。

在经过BFE转发后，在请求头部会增加2个字段：

X-Real-Ip：用于传递原始的客户端IP地址
X-Real-Port：用于传递原始的客户端端口

有些人可能会考虑从“X-Forwarded-For”来获取客户端的IP地址。BFE使用独立定义的“X-Real-Ip”是为了避免“X-Forwarded-For”被伪造。如果请求在到达BFE时已经包含了“X-Real-Ip”字段，BFE会将这个字段的值重写为BFE所见的客户端IP地址，从而避免这个字段被伪造。

没明白为什么不能使用 X-Forwarded-For ，同“X-Real-Ip”处理，如果请求在到达BFE时已经包含 "X-Forwarded-For" 字段， BFE会将这个字段的值重写为BFE所见的客户端IP地址，从而避免这个字段被伪造。有什么问题吗？

BFE的转发模型有些表述有问题？

步骤 5：确定HTTP请求所属的租户

多租户支持是BFE根据云场景所设计提供的能力。目前BFE可以根据HTTP请求头中的Host字段或HTTP请求的目标IP地址来确定租户。

在本案例中，针对HTTP请求头中demo.example.com域名，BFE找到对应的租户为demo。

这个时候拿到的http请求的目标ip地址是没有办法确定租户吧，因为这个时候拿到的http请求的目标ip地址要么是bgw的ip或者是被bgw改写的bfe的ip。

Error in the image code

In the first image of the BFE的路由转发机制 chapter. The boolean argument is enclosed in quotation marks.

req_path_prefix_in("/setting, false")

https://github.com/baidu/bfe-book/blob/version1/design/route/route.md