[Nix-dev] still waiting for https://cache.nixos.org after 5 seconds...

Denis denis at camfex.cz
Mon May 8 13:55:39 CEST 2017


As for the debugging of the connectivity issues, it was done few
months ago and it was found out that the same CDN hosted some websites
forbidden by goverments and traffic to its IP went through some
government router.

How this information could help us to fix the issue? How can we be
sure that it will not happen again? Or that IPs or domain be blocked
completely on some territory?

I do not think it is one of those problems which can be debugged and
fixed, the only option for reliable content distribution is
diversification.

On 5/8/17, Denis <denis at camfex.cz> wrote:
> Eelco said few days ago in another thread of this mailing list that
> only EU and US endpoints are enabled on Cloudfront CDN due to higher
> cost of the rest of the world.
>
> Also, despite all the buzzwords and 9999, any single provider is a
> single point of failure (and as we know from the news the failures
> used to happen on Amazon). Another single point of failure is DNS of
> "nixos.org".
>
> I really do not understand the reasons of the strong opposition to
> another mirror on Cloudflare (free of cost, although it may not solve
> the problem completely - it has no endpoint in Vietnam, for example -
> it may increase availability and reduce Amazon bills) and to allowing
> the people in regions to host mirrors (it should not be a security
> breach as the packages are cryptographic signed).
>
> On 5/8/17, Graham Christensen <graham at grahamc.com> wrote:
>> Denis <denis at camfex.cz> writes:
>>
>>> There are many issues with cache.nixos.org (slowness in some regoins,
>>> downtimes) so setting up a second CDN would be useful. It is for free.
>>
>> Hi,
>>
>> Unfortunately, these problems are very hard to diagnose. More often than
>> not, the issue is between the user and AWS.
>>
>> I have a tool that provides information to help Amazon debug the
>> problem:
>>
>> https://gist.github.com/grahamc/df1bb806eb3552650d03eef7036a72ba
>>
>> If you run this when when you are having issues, please send the results
>> to me and I'll collect them.
>>
>> Cloudfront is an extremely stable platform (along the axis of
>> "availability") to build off of. They promise a minimum of 99.9%[0] of
>> all requests will be correctly serviced, while simultaneously providing
>> edge-caching to improve performance in certain regions.
>>
>> Our Cloudfront distribution is backed by S3, a similar promise of 99.9%
>> availability[1]. S3 provides additional guarantees, like its durability
>> (99.999999999% [2].)
>>
>> Our cloudfront distribution sees almost almost 100,000 unique users each
>> month, each downloading hundreds or thousands of NARs and narinfo files.
>> At the size of the cache (many TBs) and traffic it sees, these numbers
>> aren't an easy feat.
>>
>> 0: https://aws.amazon.com/cloudfront/sla/
>> 1: https://aws.amazon.com/s3/sla/
>> 2: https://aws.amazon.com/s3/faqs/
>>
>> Best,
>> Graham
>>
>


More information about the nix-dev mailing list