Page MenuHomePhabricator
Create Task
Maniphest T263049

Avoid extra HTTPS connections for most Event Platform beacons
Open, LowPublic
Actions

Description

Writing this in a fairly general form assuming the title/description will be edited to be more general since this doesn't exactly relate to Event Platform stuff, even though that's where it arose.

https://phabricator.wikimedia.org/T261340, proposes to resolve some URLs (in this specific case, https://intake-logging.wikimedia.org) to a different datacenter than normal. In particular here, different from the legacy /beacon endpoint, or the https://intake-analytics.wikimedia.org endpoint, etc.

This ticket is based on an observation @Krinkle made in https://phabricator.wikimedia.org/T226986#6467370

For EventLogging, we specifically moved away from separate domains to using /beacon so that the majority of non-deferred events that are sent off during user interactions don't require separate connections to be established etc. It has been a while since we last quantified the benefits of this choice, so it's certainly worth revisiting.

I see that EventGate, which is not used yet for most events, uses a separate domain again at https://intake-logging.wikimedia.org. That'll involve a DNS query, but given it points to dyna.wikimedia.org same as text-lb, I'm assuming this means it is handled through the same connection and traffic layer as other requests.

Again, per @Krinkle:

Starting to establish more than one primary connection on a majority of page views is something we phased out 5+ years ago and would be great not to bring back without further research and consideration first.

Related Objects

Event Timeline

jlinehan created this task.Sep 16 2020, 6:43 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 16 2020, 6:43 PM
Krinkle added projects: Performance-Team, Event-Platform, Product-Infrastructure-Team-Backlog-Deprecated.Sep 16 2020, 6:46 PM
Restricted Application added a project: Analytics. · View Herald TranscriptSep 16 2020, 6:46 PM
jlinehan edited projects, added Product-Data-Infrastructure; removed Product-Infrastructure-Team-Backlog-Deprecated.Sep 16 2020, 7:00 PM
mforns moved this task from Incoming to Event Platform on the Analytics board.Sep 17 2020, 3:48 PM
Ottomata added subscribers: ema, BBlack.Sep 17 2020, 3:49 PM

In https://phabricator.wikimedia.org/T226986#6467482 I wrote:

Huh, I'm pretty sure I discussed this with @BBlack or @ema when we were first setting up eventgate-analytics-external, and they preferred that the intake service got its own unique URL, rather than serving it in the wiki domains.

I can't find a public discussion of this in Phab, just https://phabricator.wikimedia.org/T233629#557637, so we must have discussed it in IRC or elsewhere.

Ottomata added a comment.Sep 17 2020, 3:50 PM

Also relevant: T262996: Don't set cookies in traffic layer for non-user facing domains (avoid false third-party cookie warning)

jlinehan moved this task from Inbox to Watching on the Product-Data-Infrastructure board.Sep 21 2020, 3:15 PM
Mholloway subscribed.Sep 22 2020, 8:19 PM
Ottomata added a comment.EditedSep 22 2020, 8:26 PM

Also relevant: T261340: 'skip_first' feature flag for gdnsd GeoIP plugin
Chris is making use of the fact that there is a separate endpoint to route logging events to the next nearest datacenter in case there is something wrong with the route to the nearest datacenter.

Nemo_bis subscribed.Sep 23 2020, 6:59 AM
Krinkle added a comment.Sep 28 2020, 6:40 PM

To instrument this, and gauge any background/side impact during page load, I'd recommend creating two speed-tests scenarios under wikipedia.org/speed-tests/ where one is simple like the current Banksy page, and another that performs a handful of sendBeacon() calls from inline scripts against a domain that requires a separate DNS resolution and TLS/TCP connection. Either intake-logging is it has already been configured this way by now, or a any different production URL that doesn't sharre the same dns target and tls cert with the canonical wiki domains.

Then to add both scenarios to our synthetic test config for a few days to compare them side-by-side:
https://wikitech.wikimedia.org/wiki/Performance/WebPageTest#Add_a_new_URL_to_test

Krinkle moved this task from Inbox, needs triage to Radar on the Performance-Team board.Sep 28 2020, 6:40 PM
Krinkle edited projects, added Performance-Team (Radar); removed Performance-Team.
Krinkle moved this task from Limbo to Perf recommendation on the Performance-Team (Radar) board.Jan 26 2021, 4:44 PM
jlinehan added a project: Better Use Of Data.Feb 8 2021, 4:40 PM
Ottomata mentioned this in T280256: [session length] Change domain of event collection to avoid ad-blocker issue.Apr 15 2021, 2:24 PM
Ottomata mentioned this in T256463: QuickSurveys should show an error when response is blocked.May 11 2021, 1:08 PM
Ottomata triaged this task as Low priority.Jun 11 2021, 6:36 PM
Krinkle renamed this task from Research and consider network connections made due to Event Platform to Avoid extra HTTPS connections for most Event Platform beacons.Oct 3 2022, 9:25 PM
Restricted Application added a project: Data-Engineering. · View Herald TranscriptOct 3 2022, 9:25 PM
Krinkle added a comment.Oct 3 2022, 9:27 PM

Updated title to reflect to recognise that the original one of these (NEL: Network Error Logging) was intentionally done as a separate domain and DC for logicial seperation of networking problems when trying to have the browser notify us of networking problems.

However, for all first-party and in-page use of EventLogging/EventGate, this doesn't apply.

Krinkle mentioned this in T295427: Problem with delay caused by intake-analytics.wikimedia.org.Oct 3 2022, 9:27 PM
EChetty edited projects, added Data-Engineering-Planning; removed Data-Engineering.Oct 18 2022, 6:04 PM
EChetty moved this task from Backlog to Event Platform on the Data-Engineering-Planning board.Nov 7 2022, 10:56 AM
JArguello-WMF removed a project: Data-Engineering-Planning.Jun 29 2023, 9:51 PM
Restricted Application added a project: Data-Engineering. · View Herald TranscriptJun 29 2023, 9:51 PM
JArguello-WMF moved this task from Incoming (new tickets) to Event Platform Backlog on the Data-Engineering board.Jun 29 2023, 10:22 PM
JArguello-WMF added a project: Data Engineering and Event Platform Team.Jun 30 2023, 4:31 PM
JArguello-WMF moved this task from Data Eng Backlog to Event Platform Backlog on the Data Engineering and Event Platform Team board.Jun 30 2023, 4:38 PM
Krinkle edited projects, added Wikimedia-Performance-recommendation; removed Performance-Team (Radar).Aug 18 2023, 8:42 PM
lbowmaker removed a project: Data Engineering and Event Platform Team.Nov 10 2023, 2:29 PM
Ottomata merged a task: T280256: [session length] Change domain of event collection to avoid ad-blocker issue.Oct 25 2024, 1:15 PM
Ottomata mentioned this in T355837: Add Prometheus support to statsd.js via mw.track().
Ottomata moved this task from Event Platform Backlog to Estimated (To be planned) on the Data-Engineering board.
Ottomata moved this task from Estimated (To be planned) to Backlog on the Data-Engineering board.
Ottomata added subscribers: mforns, MSantos, kzimmerman.
Ottomata moved this task from Backlog to Components on the Event-Platform board.Oct 25 2024, 1:35 PM
dr0ptp4kt subscribed.Jan 15 2025, 5:01 PM
Ottomata mentioned this in T390328: Enable querying operational (prometheus) metrics via the WMF Data Platform.Mar 28 2025, 8:20 PM
Ottomata added a subscriber: phuedx.Jul 22 2025, 1:34 PM

@phuedx @dr0ptp4kt I assume the new beacon endpoint (/beacon/v2/events ?) exists now? If so, I believe this task is do-able by changing wgEventLoggingServiceUri to /beacon/v2/events?hasty=true ?

dr0ptp4kt added a subscriber: Vgutierrez.Jul 27 2025, 4:23 PM
In T263049#11024145, @Ottomata wrote:

@phuedx @dr0ptp4kt I assume the new beacon endpoint (/beacon/v2/events ?) exists now? If so, I believe this task is do-able by changing wgEventLoggingServiceUri to /beacon/v2/events?hasty=true ?

It exists, although is presently only intended for processing the "everyone" (i.e. edge cache-varied experiments, typically intended for readers) A/B test-related events.

Presently the same-domain path for the evt-103e beacons disallow event missing a proper edge unique with an associated everyone A/B tests in wikimedia-frontend.vcl.erb and vmod_wmfuniq.c.

Before modifying wgEventLoggingServiceUri I think we would need to make just one change to the wikimedia-frontend.vcl.erb.

This said, I'll loop you @Ottomata onto a call soon with @Vgutierrez, @BBlack, and @phuedx so we can discuss there how we should go about doing this, and doing it in a pretty controlled manner to hopefully sidestep event loss or excess errors.

dr0ptp4kt mentioned this in T226986: Client side error logging production launch.Aug 7 2025, 2:46 PM
dr0ptp4kt added a comment.Aug 7 2025, 2:49 PM

I should have put the comment on this here ticket instead of the old closed ticket, so doing so now (thanks again @Ottomata for heads up) - question for you @Krinkle . Any guidance appreciated if you've happened to be in the browser codebases or happened to be viewing their real world behaviors around this lately.

In T226986#11066040, @dr0ptp4kt wrote:

@Krinkle nowadays do the items in T226986#6467370 still apply? We're considering implementing a new URL path on the same domain as the webpage. But if browser implementations have shifted since this writeup @phuedx shared it would be helpful to understand what we may gain, or at least measure to see what we gain.

One expected side effect of this might be that more events would start showing up as some things become exempt because they're no longer in blocklists (at least for a while); of course implementations of these blocklists vary from plugin/proxy-to-plugin/proxy.

CDanis added a comment.EditedAug 7 2025, 3:14 PM

You got me curious, so I spent a little time digging on this -- as far as I can tell not much has changed in the real world since Daniel Stenberg's blog post.

The only thing meaningful thing I could find that has changed is that, as of some time between 2016 and 2021, Safari implemented h2 connection coalescing similar to other browsers, requiring both IP address and TLS SAN match: https://mailarchive.ietf.org/arch/msg/quic/0nqKySdzmXK6CwZ9dKfD5GsQgqE/ although weirdly I couldn't find anything more authoritative or verbose than this post.

The immaterial changes:

  • The QUIC / http3 spec says to coalesce based solely on TLS SANs, and to not consider IP address, but in practice no browsers implement this in either their h2 or h3 protocol stacks.
  • In the internet standards space, there's a proposal for ORIGIN frames, but the real-world support for them is very very limited on both the server and client sides. Cloudflare has tried to get some attention around them.
TAndic subscribed.Sep 17 2025, 5:49 PM
TAndic mentioned this in T404476: QuickSurveys is dropping initiation and response events due to ad blockers.Sep 19 2025, 7:21 PM
mpopov subscribed.Sep 23 2025, 6:35 PM
Isaac subscribed.Nov 17 2025, 7:04 PM
tchin subscribed.Dec 9 2025, 9:23 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits