On Hacker News today there was a mention of how LinkedIn is using the Dust.js templating system. Dust.js is doing what XSLT always promised to do but never delivered on.
In the post, they make a pretty compelling argument for why to use client-side templating. Their problems are all similar to the ones I’ve seen countless times — anywhere a services based architecture is employed like at TV.com.
At LinkedIn they have a services based architecture with applications written in a slew of frameworks across multiple languages. Because of this, it’s hard to re-use visual components. Requiring that all components be written in the same language reduces productivity of developers and hinders their ability to rapidly prototype new features, but having the templates reimplemented in each language makes maintenance a chore. What LinkedIn settled on doing was to only require applications to produce JSON responses (light weight and efficient to render) and rely on client-side (browser) rendering to transform the layout templates with JavaScript. This puts the expensive cost of rendering on the browser (totally scalable), and allows for LinkedIn to cache the layout on CDNs to accelerate their delivery (in addition to the CSS, Images, JS, etc.)
Some might argue that well written HTML+CSS is essentially the same thing. It’s not. First, HTML is verbose; the amount of data needed to even express a simple document far exceeds that of JSON because it includes layout information. Then generating the HTML is an expensive operation on the server involving parsing some source templates in (ERB, JSP, Jinja, Smarty, etc) and assembling them in a string object with lots of concatenation. Lastly, no matter how “light” you make the HTML, you’re still mixing layout with data so you can’t statically cache the layout on a CDN without using ESI (fancy XSLT).
Compare this to simply requiring apps to produce JSON responses. JSON is lightweight and efficient to generate. Most scripted languages have native bindings to libjson so that rendering is done in C.
Lastly, if the thought of templating done entirely in the browser is not appealing (perhaps for SEO reasons), there’s always Node.js which can sit in between; however, this negates the CDN-effect for template caching and puts the computational onus back into your datacenter / cloud.
I’m not a “frontend” guy, so maybe that’s why this immediately appeals to me. I’m curious what frontend developers think about this approach?
Route53 DNS Round-Robin CNAMEs with Weighted Sets
According to RFC1034, CNAMES cannot reference multiple canonical hosts in the RDATA section. In other words, you can’t have the CNAME “www.domain.com” alias (or resolve to) “www1.domain.com” and “www2.domain.com”.
This sucks because you may want to use DNS for round-robin (RR) load-balancing across CNAME records much like you would for A records. The good news is that Route53 supports “Weighted Sets” which allow you to do round-robin-eque load balancing between multiple CNAMEs. For example, you might want to distribute your load evenly between multiple AWS regions like us-west-1 and us-west-2 that each contain an Elastic Load Balancer (ELB).
The other possibility is you cannot use an ELB because a particular service is private. Remember, services behind an ELB are internet accessible from 0.0.0.0/0; ELBs themselves cannot be controlled by security groups. Using A records, one can do DNS-RR to either the public or private IP address on an instance, but not both (it just wouldn’t make sense). The drawback here is that you cannot use the same hostname for services that are inside Ec2 as services that are outside of Ec2. If instead, you use a Weighted-Set with a short TTL (e.g. 10 seconds), you can create a CNAME that points to the CNAMEs of each of the EC2 instances. Because the CNAME points to another CNAME, when it’s resolved inside of EC2 a private ip address is returned; conversely when it’s resolved from outside of EC2 a public IP address is returned.
The reason it’s important to return either a public or private IP address is due to the way EC2 security groups work. When an ingress rule is granted from a particular security group (e.g. allow “Group A” to access “Group B”), it only applies to the private IP addresses of instances in “Group A”. This means that when instances in “Group A” need to access instances in “Group B”, they should use the private IP address of instances in “Group B”. Using the CNAME of an EC2 instance ensures you’re always connecting to the most appropriate IP address whether your inside or outside of EC2.