January 11, 2022
3 min read time

Two-Minute Tech Tuesdays - Ykey

Welcome back to Two-Minute Tech Tuesday! In this week’s episode, we'll take a closer look at Ykey. Ykey is a Varnish Enterprise VMOD that performs tag-based invalidation.

 

 

Ykey is a lot more flexible than typical purges in Varnish because it doesn't depend on the URL to identify objects in the cache. In terms of flexibility, it is somewhat on par with banning, but Ykey is a lot faster than banning.

Features of Ykey:

  • Assign tags through response headers
  • Assign tags in VCL
  • Compatible with traditional purge and ban logic
  • Hard & soft invalidation supported
  • Register and invalidate multiple tags at once

Let's take a look at a VCL example on how to register tags via headers:

vcl 4.1;
import ykey;

backend default {
.host = "backend.example.com";
.port = "80";
}

sub vcl_backend_response{
ykey.add_header(beresp.http.Ykey);
}

 

The first thing you need to do is import the Ykey VMOD and then in vcl_backend_response, register the header that needs to be inspected. In this case, that's Ykey.

 

As you can see in the HTTP response (below), the Ykey header that is used contains 2 tags, type:blogpost and id:53340. Both of these tags will be automatically registered because of the VCL code.

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Ykey: type:blogpost, id:53340

 

Tag registration is not restricted to response headers, it can also be done in VCL by, for example, inspecting the response. In the case of the following, we're checking the content type of the response. If it contains "image", we're dealing with an image and we will add the image tag.

vcl 4.1;
import ykey;

backend default {
.host = "backend.example.com";
.port = "80";
}

sub vcl_backend_response{
ykey.add_header(beresp.http.Ykey);

if (beresp.http.Content-Type ~ "^image/") {
ykey.add_key("image");
}
}

 

In terms of execution of the invalidation, it's compatible with existing purge logic. You will first need to import the ykey vmod but apart from that, most of the logic is the same:

  1. You have to define an ACL to prevent unauthorized access
  2. You have to intercept purge requests through the PURGE request method
  3. You have to check the client IP and return a "405 Method Now Allowed"
  4. In case of invalid access, you can even return a typical "return(purge)".

However, when the "Ykey-Purge" header is set, Ykey will be used. The "Ykey-Purge" header will contain the tags which will be invalidated through the "ykey.purge_header()" function. The output from the function is the number of objects that have been invalidated which will be parsed in the synthetic response.

 

That was the first Two-Minute Tech Tuesday of the year. Ykey, a very important Varnish Enterprise VMOD that gives you the flexibility to invalidate content based on tags. This is convenient in situations where changes in your object structure or in your database probably reflect multiple URLs.

 

Sometimes it can be tough to keep track of all the URLs that are affected. If you can do this based on tags, it provides a lot more flexibility and faster speed of execution.


varnish_6_by_example_download