Varnish Cache
Varnish Cache Server Configuration: High-Performance Web Acceleration Platform
This document details the technical specifications, performance benchmarks, recommended use cases, comparative analysis, and maintenance requirements for a dedicated server optimized specifically for running the Varnish Cache reverse proxy HTTP accelerator. This configuration is engineered for maximum request throughput, minimal latency, and high concurrency in demanding web service environments.
1. Hardware Specifications
The Varnish Cache server (designated internally as `VC-PROD-01`) is designed around a balance of high core frequency for Varnish's event-driven architecture and substantial, low-latency memory capacity to maximize the in-memory cache hit ratio.
1.1. Platform Overview
The platform utilizes a dual-socket server architecture to provide superior I/O bandwidth and PCIe lane availability for high-speed networking components.
| Component | Specification | Rationale |
|---|---|---|
| Chassis | 2U Rackmount, High Airflow (e.g., Supermicro/Dell PowerEdge R750 equivalent) | Density and thermal management for dense environments. |
| Motherboard Chipset | Intel C621A / AMD SP3 equivalent | Support for high-speed PCIe Gen4/5 lanes and extensive memory channels. |
| Operating System | FreeBSD 14.0 or Linux Kernel 6.8+ (with tuned networking stack) | Optimized for network I/O handling (e.g., sysctl` tuning, epoll/kqueue). |
| BIOS/Firmware | Latest Stable Version (with performance profiles enabled) | Ensures optimal memory timings and CPU power state management (C-states disabled for lowest latency). |
1.2. Central Processing Unit (CPU)
Varnish benefits significantly from high core frequency, as its core processing loop (the request handler) is highly sensitive to per-thread latency. While modern Varnish versions utilize multiple threads/processes, maximizing single-thread performance remains critical for initial request processing.
| Parameter | Specification | Impact on Varnish | |
|---|---|---|---|
| Model Family | Intel Xeon Scalable (4th Gen Sapphire Rapids) or AMD EPYC Genoa equivalent | High core count with excellent IPC. | |
| Configuration | 2 x 32-Core CPUs (Total 64 Physical Cores) | Provides ample threading capacity for connection handling and backend health checks. | |
| Base Clock Frequency | Minimum 3.2 GHz (All-Core Turbo) | Crucial for minimizing request processing latency. | |
| L3 Cache Size | Minimum 120 MB per socket (Total 240 MB) | Larger L3 cache reduces main memory access latency for Varnish configuration lookups and small objects. | |
| Socket Interconnect | UPI/Infinity Fabric Bandwidth > 60 GB/s | Important for inter-socket communication, especially during complex cache key hashing. |
1.3. Random Access Memory (RAM)
Memory is the most critical resource for a caching server. The capacity must be sufficient to hold the expected working set (the most frequently accessed objects) entirely in memory to achieve cache hit rates exceeding 95%. We mandate ECC DDR5 memory for integrity.
| Parameter | Specification | Justification | |
|---|---|---|---|
| Total Capacity | 1024 GB (1 TB) DDR5 ECC Registered | Allows for caching of significant web assets (e.g., several Gigabytes of JavaScript/CSS bundles and thousands of small images). | |
| Configuration | 8 Channels populated per CPU (16 DIMMs total) | Maximizes memory bandwidth utilization, crucial when Varnish has to fetch data from disk/backend (cache miss). | |
| Speed/Timing | 4800 MT/s or faster; Tight Timings (e.g., CL34) | Lower latency access to the VCL execution context and cache objects. | |
| Memory Allocation Strategy | 95% dedicated to Varnish Cache Storage (via `-M` parameter) | Minimizes OS overhead and maximizes application-level caching space. |
1.4. Storage Subsystem
While Varnish primarily operates in RAM, fast storage is required for the operating system, VCL configuration files, persistent session logging (if enabled), and crucially, the backend storage for the `file` storage type (used as overflow or for high-durability scenarios).
| Component | Specification | Role | |
|---|---|---|---|
| Boot Drive (OS/Logs) | 2 x 480GB NVMe SSD (Mirrored via ZFS/RAID 1) | High reliability for system integrity; logs are low priority. | |
| Varnish Overflow Storage (Optional/Persistent) | 4 x 3.84TB U.2 NVMe SSD (RAID 10 or ZFS Stripe) | Used for `vfs.cache.storage` fallback or for caching very large, infrequently accessed objects. Requires extremely high IOPS and low latency. | |
| Storage Controller | Integrated NVMe Host Controller (e.g., Intel VMD/AMD equivalent) | Direct connection to CPU lanes minimizes latency compared to external SAS controllers. |
1.5. Networking Interface
High throughput networking is essential, as the Varnish server often becomes the primary bottleneck between the client and the application servers.
| Parameter | Specification | Requirement | |
|---|---|---|---|
| Primary Interface (Uplink) | 2 x 25 Gigabit Ethernet (SFP28) | Configured for link aggregation (LACP) or active/standby failover. Must handle peak traffic bursts. | |
| Backend Interface | 2 x 10 Gigabit Ethernet (SFP+) | Dedicated, segregated network path to the application servers to prevent congestion on the public path. | |
| NIC Offloading | Full hardware offloading support (TSO, LRO, RSS, Checksum Offload) | Reduces CPU utilization, allowing the cores to focus solely on VCL execution and object lookups. See NIC Tuning. |
2. Performance Characteristics
The performance of Varnish is characterized by its ability to maintain a high cache hit ratio while processing requests at line rate. Benchmarks below reflect a heavily optimized environment utilizing the hardware detailed above.
2.1. Benchmark Methodology
Testing utilized `wrk2` against a target application stack (e.g., NGINX/Apache backend) configured to serve a mix of static assets (JS/CSS/Images) and dynamic content (short TTL dynamic pages).
- **Test Duration:** 300 seconds
- **Connections:** 10,000 concurrent connections
- **Requests per Connection:** 50
- **Target Workload:** 70% Cacheable Static (30KB average size); 30% Cacheable Dynamic (2KB average size, 60s TTL).
2.2. Latency and Throughput Results
| Metric | Result (99th Percentile Latency) | Result (Sustained Throughput) |
|---|---|---|
| Cache Hit Rate Target | N/A | > 98.5% |
| Request Latency (Hit) | 150 microseconds (µs) | N/A |
| Request Latency (Miss) | 750 microseconds (µs) | N/A |
| Sustained Throughput | N/A | 450,000 Requests Per Second (RPS) |
| Network Saturation Point | N/A | 22 Gbps (Sustained) |
The low hit latency (150µs) confirms that the CPU performance and memory access times are highly optimized. The latency is dominated by the time taken for the kernel network stack to process the request and Varnish to execute the VCL `vcl_recv` and `vcl_hash` routines.
2.3. Cache Hit Ratio Impact
The primary performance lever for Varnish is the cache hit ratio. The 1TB RAM allocation allows for significant object caching.
- **Small Object Performance:** Objects smaller than 128KB (common for CSS, JS, session tokens) constitute approximately 85% of the total object count in our typical dataset. These objects are served almost exclusively from the L3 cache and CPU caches, resulting in sub-100µs response times.
- **Large Object Performance:** Objects between 1MB and 16MB (common for high-resolution images or bundled assets) are stored directly in the main DRAM. Accessing these objects incurs the 150µs latency, provided the object header and index are resident in the higher-speed memory tiers.
If the working set exceeds the 1TB capacity, the performance degrades sharply. Miss latency increases by approximately 500µs as Varnish must wait for the backend TCP connection establishment and data transfer, resulting in the 750µs observed miss time. Accurate sizing is paramount.
2.4. Threading Model Performance
Varnish uses a multi-threaded model (or worker threads per child process). On this 64-core system, we configure Varnish to utilize 4 child processes, each spawning 16 worker threads (Total 64 active workers). This configuration balances context switching overhead against core saturation.
- If the system were configured with only 1 worker thread per core (64 threads total), performance often plateaus due to excessive context switching under extremely high connection counts (e.g., > 100,000 established connections). The current model balances concurrency and execution efficiency. Further research on thread scaling.
3. Recommended Use Cases
This high-specification Varnish configuration is designed for scenarios where web acceleration provides a strategic advantage, not just marginal improvement.
3.1. High-Traffic Public Websites and E-commerce
For large retail sites or media portals experiencing unpredictable traffic spikes (e.g., flash sales, breaking news), this setup acts as a robust shield.
- **Goal:** Absorb 90%+ of all GET requests, ensuring the backend application servers only handle POST, PUT, and cache-miss GET requests.
- **Benefit:** Protects expensive application logic (e.g., database queries for personalized pricing) from being overloaded by static asset requests or highly repetitive informational pages.
3.2. API Edge Caching (Edge Side Includes - ESI)
When caching complex API responses that contain small, personalized fragments, Varnish excels when configured with ESI processing enabled.
- **Scenario:** A large homepage constructed from multiple microservices. Static components are cached for hours; the small ESI-marked personalization block (e.g., "Welcome Back, User X") is fetched dynamically but served within the context of the main cached page.
- **Requirement:** Requires VCL logic to correctly identify and process ESI tags. Implementation details.
3.3. Content Delivery Network (CDN) Edge Node
In a private or hybrid CDN deployment, this server acts as the primary edge point for a specific geographic region or large client base.
- The 25GbE networking ensures that regional traffic demands can be met without becoming the egress bottleneck.
- The large RAM pool allows for aggressive caching of regional content variations (e.g., localized images, language-specific CSS).
3.4. Session-Based Caching for Logged-In Users
While Varnish is fundamentally an anonymous caching layer, it can be used effectively for logged-in users where sessions are short-lived or where personalized content is only slightly varied.
- Varnish uses the cookie header (or a stripped-down version thereof) as part of the cache key.
- **Use Case:** Caching personalized dashboards for 1-5 minutes. This configuration handles the high volume of concurrent, slightly unique keys efficiently due to the large memory pool and fast hashing performance of the CPU. Key management strategy.
3.5. Microservice Gateway Acceleration
In a service-oriented architecture, Varnish can sit in front of several backend web services (e.g., Service A, Service B).
- It centralizes connection pooling to those backends, reducing the overhead of establishing many short-lived TCP connections from individual client requests. Backend management.
4. Comparison with Similar Configurations
Choosing Varnish over other caching mechanisms involves trade-offs, primarily concerning complexity versus raw speed and feature set.
4.1. Varnish vs. NGINX Plus (as a Reverse Proxy Cache)
NGINX is often deployed for both serving static files and acting as a reverse proxy. While highly capable, Varnish is purpose-built solely for HTTP acceleration.
| Feature | Varnish Cache (VC-PROD-01) | NGINX Plus (Equivalent Hardware) |
|---|---|---|
| Core Focus | Pure HTTP Acceleration (Layer 7) | General Purpose Web Server/Proxy |
| Request Latency (Hit) | ~150 µs | ~350 µs (Due to additional module overhead) |
| Configuration Language | VCL (Very expressive, Turing-complete) | NGINX Configuration Directives (More restrictive) |
| Memory Management | Highly optimized slab allocation for objects. | Standard OS memory management; less granular control. |
| ESI Processing | Native, high-performance module. | Requires commercial license or external modules. |
| Caching Backend Flexibility | Primarily RAM (`malloc`, `file`). | Supports in-memory, disk-based, and commercial key-value stores. |
- Conclusion:* Varnish offers superior raw performance and control over the request lifecycle (VCL), making it the choice for environments where every microsecond counts. NGINX is favored when a single piece of software must handle SSL termination, routing, basic application serving, *and* caching. Detailed technical breakdown.
4.2. Varnish vs. Dedicated In-Memory Key-Value Stores (Redis/Memcached)
These are often used for caching application *data* (database query results, session data), not full HTTP responses.
| Feature | Varnish Cache | Redis (In-Memory KV Store) |
|---|---|---|
| Data Type Cached | Full HTTP Responses (Headers + Body) | Key/Value Pairs (Strings, Hashes, Lists) |
| Protocol | HTTP/1.1, HTTP/2, HTTP/3 (via Varnish Edge HTTP/3 module) | Custom TCP Protocol (Redis) |
| Workflow | Transparent to the client (Client talks to Varnish, Varnish talks to Backend). | Requires application logic modification (Client must explicitly query Redis). |
| Cache Key Generation | Automatic based on URL, headers, cookies (configurable). | Manual serialization/hashing within application code. |
| Persistence | Optional (`file` storage type). | Primary persistence via AOF/RDB (slower than Varnish's RAM focus). |
- Conclusion:* They are complementary, not competitive. Varnish caches the *result* of the application logic; Redis caches the *inputs* to the application logic. A sophisticated setup often uses both. Best practices for combined usage.
4.3. Varnish vs. CDN Layers (e.g., Cloudflare, Akamai)
This comparison focuses on the trade-off between control and managed service.
- **Control:** The VC-PROD-01 configuration provides complete control over latency, network peering, and VCL logic, crucial for compliance or highly specific routing rules.
- **Scalability:** A public CDN offers near-infinite horizontal scaling instantly. Our dedicated hardware requires manual capacity planning and scaling (adding more VC-PROD units).
- **Cost:** The dedicated hardware has high upfront CAPEX/OPEX but lower per-transfer cost at extreme scale compared to public CDN egress fees. When to keep traffic local.
5. Maintenance Considerations
Maintaining a high-performance caching layer requires rigorous attention to thermal management, power stability, and configuration integrity, as any downtime directly impacts the entire web service availability.
5.1. Thermal and Power Requirements
The concentration of high-TDP components (high-frequency CPUs, NVMe drives) necessitates a robust infrastructure.
- **Cooling:** The 2U chassis requires a minimum of 45 CFM airflow across the CPU heatsinks. Rack density must be managed to prevent recirculation of hot exhaust air. Recommended ambient operating temperature: 18°C – 22°C. Airflow management.
- **Power Draw:** Under peak load (high RPS, high backend transfers), the system can draw up to 850W. It must be provisioned with redundant (N+1) 16A PDUs.
- **Power Management:** The BIOS must have CPU C-states disabled to ensure the CPU cores remain in P-states capable of delivering maximum single-thread frequency instantly, avoiding the wake-up latency associated with deep sleep states. Impact on service quality.
- 5.2. Configuration Management and Deployment
Varnish configuration files (VCL) are the operational heart of the system. Changes must be atomic and instantly verifiable.
- **VCL Integrity Check:** Before loading any new VCL, the `varnishd -C` command must be run to compile and check syntax without applying the configuration.
- **Atomic Reload:** Use the `varnishadm` tool to load the new configuration into a new child process slot, ensuring zero downtime.
```console varnishadm vcl.load new_config_id new_config_file varnishadm vcl.use new_config_id ```
- **Rollback Strategy:** Always keep the previous working configuration loaded in a standby slot (`vcl.list` should show at least two active versions). If the new configuration fails health checks or causes unexpected backend traffic spikes, immediate rollback (`vcl.use old_config_id`) is possible within seconds. Best practices.
- 5.3. Health Checking and Backend Monitoring
Varnish must accurately determine the health of its backends to avoid routing traffic to failing application servers.
- **Health Check Frequency:** For high-volume setups, aggressive health checks (e.g., every 3 seconds) are necessary. However, the health check mechanism itself must be lightweight; simple HEAD requests to a dedicated `/healthz` endpoint are preferred over full page fetches.
- **Backend Thresholds:** Configure Varnish to mark a backend as `sick` only after N failures (e.g., 3 consecutive timeouts) and restore it only after M successes (e.g., 5 consecutive successes). This prevents flapping due to transient network issues. Tuning failure tolerance.
- 5.4. Logging and Monitoring
The massive volume of requests necessitates efficient logging that doesn't impact performance.
- **Logging Format:** Use the compact Common Log Format (CLF) or the Varnish Extended Log Format (ELF) with minimal fields enabled (e.g., timestamp, request header, response code, bytes in/out, cache status).
- **Log Aggregation:** Logs must be streamed off the local NVMe drives immediately using a tool like Fluentd or Logstash to a centralized logging cluster (e.g., ELK stack). Local log rotation should be configured conservatively (e.g., hourly rotation, maximum 12 hourly files stored locally) to prevent disk I/O spikes. Performance impact analysis.
- **Key Metrics to Monitor:**
1. Cache Hit Ratio (Target > 95%) 2. Backend Connection Failures (Should be zero during normal operation) 3. Memory Utilization (Warning if > 90% utilized) 4. Request Latency (P99)
- 5.5. Security Patching and Updates
Varnish is a critical security layer. Patches must be applied carefully.
- **VCL Sandboxing:** VCL is highly powerful. Any third-party VCL modules must be vetted rigorously. The core Varnish daemon itself runs with minimal privileges, but the VCL execution context should be monitored for unexpected resource consumption. Advanced configuration.
- **Kernel Updates:** Operating system kernel updates (especially network stack and driver updates) require a full reboot/reload cycle. These should be scheduled during lowest traffic windows (e.g., 03:00 UTC) and preceded by a full configuration backup. Risk assessment.
This comprehensive configuration provides a foundation for an extremely high-performance, resilient web acceleration platform capable of handling enterprise-scale traffic loads while maintaining sub-millisecond response times for cached content. Further operational details.
Intel-Based Server Configurations
| Configuration | Specifications | Benchmark |
|---|---|---|
| Core i7-6700K/7700 Server | 64 GB DDR4, NVMe SSD 2 x 512 GB | CPU Benchmark: 8046 |
| Core i7-8700 Server | 64 GB DDR4, NVMe SSD 2x1 TB | CPU Benchmark: 13124 |
| Core i9-9900K Server | 128 GB DDR4, NVMe SSD 2 x 1 TB | CPU Benchmark: 49969 |
| Core i9-13900 Server (64GB) | 64 GB RAM, 2x2 TB NVMe SSD | |
| Core i9-13900 Server (128GB) | 128 GB RAM, 2x2 TB NVMe SSD | |
| Core i5-13500 Server (64GB) | 64 GB RAM, 2x500 GB NVMe SSD | |
| Core i5-13500 Server (128GB) | 128 GB RAM, 2x500 GB NVMe SSD | |
| Core i5-13500 Workstation | 64 GB DDR5 RAM, 2 NVMe SSD, NVIDIA RTX 4000 |
AMD-Based Server Configurations
| Configuration | Specifications | Benchmark |
|---|---|---|
| Ryzen 5 3600 Server | 64 GB RAM, 2x480 GB NVMe | CPU Benchmark: 17849 |
| Ryzen 7 7700 Server | 64 GB DDR5 RAM, 2x1 TB NVMe | CPU Benchmark: 35224 |
| Ryzen 9 5950X Server | 128 GB RAM, 2x4 TB NVMe | CPU Benchmark: 46045 |
| Ryzen 9 7950X Server | 128 GB DDR5 ECC, 2x2 TB NVMe | CPU Benchmark: 63561 |
| EPYC 7502P Server (128GB/1TB) | 128 GB RAM, 1 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (128GB/2TB) | 128 GB RAM, 2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (128GB/4TB) | 128 GB RAM, 2x2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (256GB/1TB) | 256 GB RAM, 1 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (256GB/4TB) | 256 GB RAM, 2x2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 9454P Server | 256 GB RAM, 2x2 TB NVMe |
Order Your Dedicated Server
Configure and order your ideal server configuration
Need Assistance?
- Telegram: @powervps Servers at a discounted price
⚠️ *Note: All benchmark scores are approximate and may vary based on configuration. Server availability subject to stock.* ⚠️