Memcached

Memcached

Developer(s)	Danga Interactive
Initial release	May 22, 2003(2003-05-22)
Stable release	1.6.31[1] / 7 September 2024;28 days ago(7 September 2024)
Repository	github/memcached/memcached
Written in	C
Operating system	Cross-platform
Type	distributed memory caching system
License	Revised BSD license[2]
Website	memcached.org

Memcached(pronounced variouslymem-cash-deeormem-cashed) is a general-purpose distributedmemory-cachingsystem. It is often used to speed up dynamicdatabase-driven websites by caching data andobjectsinRAMto reduce the number of times an external data source (such as a database or API) must be read. Memcached isfree and open-source software,licensed under theRevised BSD license.^[2]Memcached runs onUnix-likeoperating systems (LinuxandmacOS) and onMicrosoft Windows.It depends on thelibeventlibrary.

Memcached'sAPIsprovide a very largehash tabledistributed across multiple machines. When the table is full, subsequent inserts cause older data to be purged inleast recently used(LRU) order.^[3][4]Applications using Memcached typically layer requests and additions into RAM before falling back on a slower backing store, such as a database.

Memcached has no internal mechanism to track misses which may happen. However, some third party utilities provide this functionality.

Memcached was first developed byBrad Fitzpatrickfor his websiteLiveJournal,on May 22, 2003.^[5][6]It was originally written inPerl,then later rewritten inCby Anatoly Vorobey, then employed by LiveJournal.^[7]Memcached is now used by many other systems, includingYouTube,^[8]Reddit,^[9]Facebook,^[10][11]Pinterest,^[12][13]Twitter,^[14]Wikipedia,^[15]andMethod Studios.^[16]Google App Engine,Google Cloud Platform,Microsoft Azure,IBM BluemixandAmazon Web Servicesalso offer a Memcached service through an API.^{[17][18][19][20]}

This sectiondoes notciteanysources.Please helpimprove this sectionbyadding citations to reliable sources.Unsourced material may be challenged andremoved.(June 2013)(Learn how and when to remove this message)

The system uses aclient–serverarchitecture. The servers maintain a key–valueassociative array;the clients populate this array and query it by key. Keys are up to 250 bytes long and values can be at most 1megabytein size.

Clients use client-side libraries to contact the servers which, by default, expose their service atport11211. Both TCP and UDP are supported. Each client knows all servers; the servers do not communicate with each other. If a client wishes to set or read the value corresponding to a certain key, the client's library first computes ahashof the key to determine which server to use. This gives a simple form ofshardingand scalableshared-nothing architectureacross the servers. The server computes a second hash of the key to determine where to store or read the corresponding value. The servers keep the values in RAM; if a server runs out of RAM, it discards the oldest values. Therefore, clients must treat Memcached as a transitory cache; they cannot assume that data stored in Memcached is still there when they need it. Other databases, such asMemcacheDB,Couchbase Server,provide persistent storage while maintaining Memcached protocol compatibility.

If all client libraries use the same hashing algorithm to determine servers, then clients can read each other's cached data.

A typical deployment has several servers and many clients. However, it is possible to use Memcached on a single computer, acting simultaneously as client and server. The size of its hash table is often very large. It is limited to available memory across all the servers in the cluster of servers in a data center. Where high-volume, wide-audience Web publishing requires it, this may stretch to many gigabytes. Memcached can be equally valuable for situations where either the number of requests for content is high, or the cost of generating a particular piece of content is high.

Most deployments of Memcached are within trusted networks where clients may freely connect to any server. However, sometimes Memcached is deployed in untrusted networks or where administrators want to exercise control over the clients that are connecting. For this purpose Memcached can be compiled with optionalSASLauthentication support. The SASL support requires the binary protocol.

A presentation atBlackHat USA 2010revealed that a number of large public websites had left Memcached open to inspection, analysis, retrieval, and modification of data.^[21]

Even within a trusted organisation, the flat trust model of memcached may have security implications. For efficient simplicity, all Memcached operations are treated equally. Clients with a valid need for access to low-security entries within the cache gain access toallentries within the cache, even when these are higher-security and that client has no justifiable need for them. If the cache key can be either predicted, guessed or found by exhaustive searching, its cache entry may be retrieved.

Some attempt to isolate setting and reading data may be made in situations such as high volume web publishing. A farm of outward-facing content servers havereadaccess to memcached containing published pages or page components, but no write access. Where new content is published (and is not yet in memcached), a request is instead sent to content generation servers that are not publicly accessible to create the content unit and add it to memcached. The content server then retries to retrieve it and serve it outwards.

In February 2018,CloudFlarereported that misconfigured memcached servers were used to launchDDoS attacksin large scale.^[22]The memcached protocol over UDP has a hugeamplification factor,of more than 51000.^[23]Victims of the DDoS attacks includeGitHub,which was flooded with 1.35 Tbit/s peak incoming traffic.^[24]

This issue was mitigated in Memcached version 1.5.6, which disabled UDP protocol by default.^[25]

Note that all functions described on this page arepseudocodeonly. Memcached calls and programming languages may vary based on the API used.

Converting database or object creation queries to use Memcached is simple. Typically, when using straight database queries, example code would be as follows:

functionget_foo(intuserid)
data=db_select("SELECT * FROM users WHERE userid =?",userid)
returndata

After conversion to Memcached, the same call might look like the following

functionget_foo(intuserid)
/* first try the cache */
data=memcached_fetch("userrow:"+userid)
ifnotdata
/* not found: request database */
data=db_select("SELECT * FROM users WHERE userid =?",userid)
/* then store in cache until next get */
memcached_add("userrow:"+userid,data)
end

returndata

The client would first check whether a Memcached value with the unique key "userrow:userid" exists, where userid is some number. If the result does not exist, it would select from the database as usual, and set the unique key using the Memcached API add function call.

However, if only this API call were modified, the server would end up fetching incorrect data following any database update actions: the Memcached "view" of the data would become out of date. Therefore, in addition to creating an "add" call, an update call would also be needed using the Memcached set function.

functionupdate_foo(intuserid,stringdbUpdateString)
/* first update database */
result=db_execute(dbUpdateString)
ifresult
/* database update successful: fetch data to be stored in cache */
data=db_select("SELECT * FROM users WHERE userid =?",userid)
/* the previous line could also look like data = createDataFromDBString(dbUpdateString) */
/* then store in cache until next get */
memcached_set("userrow:"+userid,data)

This call would update the currently cached data to match the new data in the database, assuming the database query succeeds. An alternative approach would be to invalidate the cache with the Memcached delete function, so that subsequent fetches result in a cache miss. Similar action would need to be taken when database records were deleted, to maintain either a correct or incomplete cache.

An alternate cache-invalidation strategy is to store a random number in an agreed-upon cache entry and to incorporate this number into all keys that are used to store a particular kind of entry. To invalidate all such entries at once, change the random number. Existing entries (which were stored using the old number) will no longer be referenced and so will eventually expire or be recycled.

functionstore_xyz_entry(intkey,stringvalue)
/* Retrieve the random number - use zero if none exists yet.
* The key-name used here is arbitrary. */
seed=memcached_fetch(":xyz_seed:")
ifnotseed
seed=0
/* Build the key used to store the entry and store it.
* The key-name used here is also arbitrary. Notice that the "seed" and the user's "key"
* are stored as separate parts of the constructed hashKey string: ":xyz_data:(seed):(key)."
* This is not mandatory, but is recommended. */
stringhashKey=sprintf(":xyz_data:%d:%d",seed,key)
memcached_set(hashKey,value)

/* "fetch_entry," not shown, follows identical logic to the above. */

functioninvalidate_xyz_cache()
existing_seed=memcached_fetch(":xyz_seed:")
/* Coin a different random seed */
do
seed=rand()
untilseed!=existing_seed
/* Now store it in the agreed-upon place. All future requests will use this number.
* Therefore, all existing entries become un-referenced and will eventually expire. */
memcached_set(":xyz_seed:",seed)

• MySQL- directly supports the Memcached API as of version 5.6.^[26]
• Oracle Coherence- directly supports the Memcached API as of version 12.1.3.^[27]
• Infinispan- directly supports Memcached.^[28]

• Amazon ElastiCache
• Aerospike
• Couchbase Server
• Redis
• Mnesia
• MemcacheDB
• Hazelcast
• Cassandra
• ScyllaDB
• Tarantool
• Ehcache
• Infinispan

• Official website