SRE/Traffic
| Documentation | Team members | Currently working on |
We are a remote-first, globally distributed team responsible for designing and operating a private and privacy-protecting global CDN for Wikipedia and related sister projects. Our Traffic stack handles public DNS, global request routing, TLS termination, HTTP content caching, and internal service routing for the public services of the Foundation, and is a critical layer in bringing our free content to our global audiences.
You can reach us at:
- IRC: #wikimedia-traffic connect
- Email: SRE-Traffic Mailing List
- Bug reporting:
trafficPhabricator tag
What we own
Presently, all Phabricator tasks of the Traffic team use one all-encompassing tag (traffic) rather than any granular, per-component tags.
| Service | Description |
|---|---|
| Acme-chief | Centrally request configured TLS certificates from ACME servers, then make the public and private parts available to authorized API users. |
| Apache Traffic Server | aka ATS, is a caching HTTP proxy used as the backend (on-disk) component of Wikimedia's CDN. In-memory, ephemeral caching is done by cache frontends running Varnish.. |
| DNS | Wikimedia uses two separate kinds of The DNS servers, authoritative nameservers (that respond to queries from third party nameservers for our domains) and recursive resolvers (that resolve DNS queries when any of our servers need to look up a name) |
| HAProxy | TLS and HTTP/2 termination at the CDN |
| LVS | A high-traffic Layer 4 load balancer. |
| Ncmonitor | Monitor Wikimedia domains and sync with downstream services |
| Ncredir | Non-Canonical Redirect service (e.g. wikipedia.com to wikipedia.org) |
| Purged | Daemon that reads Kafka purge messages, parses them, and turns them into HTTP purge requests for ATS and Varnish |
| PyBal | Automated manager for LVS |
| Varnish | A caching HTTP proxy used as the frontend (in-memory) component of Wikimedia's CDN. |