Pound handles multiple backends with the same IP address but different 
port numbers just fine.  One standard application of pound is to 
redirect requests from the standard port (80) to whereever the 
application is really working.  This allows the backends to be restarted 
without root access if desired.

Franklin Grove wrote:

>...
>Also, how does pound handle backend sections using the same ip address but
>different port numbers? I have configured a separate backend for all of the
>port numbers required for the applets.
>...
>
>  
>

-- 
Ted Dunning
Chief Scientist
Veoh Networks

I have looked at other threads but was not able to see wether
there has been anything implemented sofar to reload the config
without restarting pound.

On Thu, 2006-02-09 at 16:33 -0500, Franklin Grove wrote:
> Greetings,
> 
> Can anyone explain how pound handles out of bound data (aka urgent request or
> urgent pointer)?

I think you are talking about out of band data. It is handled in-band
(i.e. no special handling at all).

> The particular server we're connecting to serves some java applets over odd
port
> numbers. The applets may be configured to pass through a proxy server. The
> documentation for the product states that out of bound/urgent request/urgent
> pointer data be passed through the proxy unchanged.

I never heard of a proxy that does that. I am not aware of any
"official" protocol specification that even uses out-of-band data
(though admittedly that doesn't mean much).

> The reason being that we'd like to use pound in our DMZ, in order that
clients
> connect via https, which is decrypted and forwarded to the internal backend
> server. The backend server responds to the proxy, which then encrypts the
> connection and sends it to the client.

Are you sure your applets use HTTP? There is no mention of out-of-band
data there (at least as far as I know). Pound is an HTTP proxy - it
can't proxy anything else.

> Also, how does pound handle backend sections using the same ip address but
> different port numbers? I have configured a separate backend for all of the
> port numbers required for the applets.

That is no problem whatsoever.

> If this is not feasible with pound does anyone have an alternative solution?
> Otherwise we'll probably end up with *gulp* Microsoft ISA server.

...which does support out-of-band data?
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904

On Fri, 2006-02-10 at 16:41 +0100, Hegedus Ervin wrote:
> Hello,
> 
> I try to measure performance of pound.
> Enviroment:
> 100MB/s FD switched Ethernet network
> 
> Pound:
> - PII 350MHz CPU, 128MB RAM

That's really modest...

In any case, I would look at the networking and card(s) you use: how
many of them, separate ones for server and back-end side, what type,
separate network segments, etc.

> - Debian Sarge, default install (no custom kernel, etc...)
> 
> Backends: 2x SUNFire V120, with Sun-ONE-Web-Server/6.1
> 
> Pound config:
> ========
> Daemon 1
> LogLevel 2
> Alive 1

That is horrible - you are wasting resources for nothing. Try Alive 30
(or at least 15).

> ListenHTTP
>   Address       10.2.1.228
>   Port          80
>   Service
>     BackEnd
>       Address   10.15.0.63
>       Port      80
>       Priority  9

When all your servers are equal you are better off with Priority 1 for
all of them.

>       TimeOut   2

Are you sure about this? If you have a congested network (or just a slow
CPU) you'll get time-outs and "dead" back-ends simply because a
"connect" or "read" do not complete on time. Try TimeOut 60 (or higher)
for more reliable results.

>     End
>     BackEnd
>       Address   10.15.0.73
>       Port      80
>       Priority  9
>       TimeOut   2     
>     End
>   End
> End
> 
> 
> Pound server-side IP is 10.15.0.83, connects to servers through a
> switch.
> 
> I test it with ab (apache-benchmark)

Where does ab run? On the same machine as the server, or on a separate
workstation?

> Here is the result of direct connection on of the Sun server:
> # /usr/sbin/ab -k -n 1000 -c 50 http://10.15.0.63/
> [...]
> Server Software:        Sun-ONE-Web-Server/6.1
> Server Hostname:        10.15.0.63
> Server Port:            80
> 
> Document Path:          /
> Document Length:        447 bytes
> 
> Concurrency Level:      50
> Time taken for tests:   0.553713 seconds
> Complete requests:      1000
> Failed requests:        0
> Write errors:           0
> Keep-Alive requests:    1000
> Total transferred:      673000 bytes
> HTML transferred:       447000 bytes
> Requests per second:    1805.99 [#/sec] (mean)
> Time per request:       27.686 [ms] (mean)
> Time per request:       0.554 [ms] (mean, across all
> concurrent requests)
> Transfer rate:          1186.54 [Kbytes/sec] received
> 
> Connection Times (ms)
>               min  mean[+/-sd] median   max
> Connect:        0    0   1.1      0       7
> Processing:     0   18  55.6      1     370
> Waiting:        0   18  55.6      1     370
> Total:          0   18  55.7      1     370
> 
> Percentage of the requests served within a certain time (ms)
>   50%      1
>   66%      1
>   75%      2
>   80%      4
>   90%     52
>   95%    101
>   98%    273
>   99%    315
> 100%    370 (longest request)
> 
> and here is the result of Pound:
> # /usr/sbin/ab -k -n 1000 -c 50 http://10.2.1.228/
> [...]
> Server Software:        Sun-ONE-Web-Server/6.1
> Server Hostname:        ovszbalance
> Server Port:            80
> 
> Document Path:          /
> Document Length:        447 bytes
> 
> Concurrency Level:      50
> Time taken for tests:   2.351253 seconds
> Complete requests:      1000
> Failed requests:        756
>   (Connect: 0, Length: 500, Exceptions: 256)
> Write errors:           0
> Keep-Alive requests:    500
> Total transferred:      336500 bytes
> HTML transferred:       223500 bytes
> Requests per second:    425.31 [#/sec] (mean)
> Time per request:       117.563 [ms] (mean)
> Time per request:       2.351 [ms] (mean, across all
> concurrent requests)
> Transfer rate:          139.50 [Kbytes/sec] received
> 
> Connection Times (ms)
>               min  mean[+/-sd] median   max
> Connect:        0    0   1.2      0      15
> Processing:     0   61  60.3     23     185
> Waiting:      -15   59  61.2     12     184
> Total:          0   61  60.5     24     185
> 
> Percentage of the requests served within a certain time (ms)
>   50%     24
>   66%    112
>   75%    116
>   80%    119
>   90%    131
>   95%    152
>   98%    164
>   99%    165
> 100%    185 (longest request)
> 
> 
> (please look again the "Failed request" section)
> 
> 
> when i look the syslog, i see more lines of these:
> "...pound: backend 10.15.0.73:80 connect: Cannot assign
> requested address..."
> "...pound: no back-end "GET / HTTP/1.0" from 10.2.1.210..."
> (10.2.1.210 is the address of client, where i made the test
> from)
> "...pound: error copy server cont: Connection reset by peer..."
> "...kernel: TCP: drop open request from 10.2.1.210/3387..."

See my remarks above.

> In the output of "netstat -an", there are several opened
> socket, in TIME_WAIT state, and those points to back-end
> servers.
> 
> What may be the problem? Is it possible the "low-end" hardvare?

That is certainly a problem - 50 requests per second on such limited
hardware is already high.

I suggest you fix your config as discussed above and try again.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904

Dear Robert,

thank you for your request,

> In any case, I would look at the networking and card(s) you use: how
> many of them, separate ones for server and back-end side, what type,
> separate network segments, etc.
ok,

> > Daemon 1
> > LogLevel 2
> > Alive 1
> 
> That is horrible - you are wasting resources for nothing. Try Alive 30
> (or at least 15).
ok,

> >       Priority  9
> 
> When all your servers are equal you are better off with Priority 1 for
> all of them.
thanks,

> >       TimeOut   2
> 
> Are you sure about this? If you have a congested network (or just a slow
> CPU) you'll get time-outs and "dead" back-ends simply because a
> "connect" or "read" do not complete on time. Try TimeOut 60 (or higher)
> for more reliable results.
ok,

> Where does ab run? On the same machine as the server, or on a separate
> workstation?
on a separate workstation - other IP segment, than Pound and
other, than back-ends.

> That is certainly a problem - 50 requests per second on such limited
> hardware is already high.
so, do you think, this may be really a hardwer problem?
(i just ask you, cause back-ends servers can serve these claim,
and i try to measure another Linux based Apache (PIII 1.5GHz,
256MB RAM), that gives very good results)

> I suggest you fix your config as discussed above and try again.
ok, thank you for your answer.

we will purchase a better hardware (a "very-better" hardware :)),
i just test the Pound.

is there any way to come up with back-ends servers throughput?
can you point me some documentation about sizing of hardware for
Pound, that depends the load of site?


thank you:

a.

On Fri, 2006-02-10 at 21:26 -0500, Kevin Minnick wrote:
> Hello,
> 
> I wrote earlier about a strange problem with disappearing cookies. 
> After adding some debugging to the application and thinking about the
> symptoms more, I now believe that the problem is not with the cookies
> disappearing, but rather the wrong headers (cookies) are being sent to
> the backend.

Please put something like tcpwatch between Pound and the back-end and
see exactly what is being sent back and forth.

> Our application outputs a top-frame with a username in it.  Users are
> reporting that the username is wrong, i.e. they are logged in as
> someone else.  This tells me that the server code is finding a valid
> session-id in the cookies, but the session-id does not match the
> actual session-id that the client has stored.  So the application
> looks up the username based on the session, and then outputs the wrong
> username to the client.
> 
> I hope this makes sense.  I'm wondering if the thread encounters an
> error but doesn't exit gracefully or has already sent some headers to
> the backend.  And then the thread tries to handle another request and
> the new headers are ignored by the backend.

More likely you loose the session due to time-out on Pound and/or on the
server.
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904

Am Freitag, 10. Februar 2006 18:39 schrieb Robert Segall:
> >       Priority  9
>
> When all your servers are equal you are better off with Priority 1
> for all of them.

just curious, what would be the difference? I would think, with all 
backends having the same priority, the chosen number wouldn't matter at 
all.

Cheers, Sascha

-- 
Gallileus - the power of knowledge

Gallileus GmbH                    http://www.gallileus.info/

Puschkinstraße 1                    fon +49-(0)361/541 43 80
99084 Erfurt                        fax +49-(0)361/541 43 79
                                        kontakt(at)gallileus.de

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
AKTUELLER HINWEIS (Februar 2006)

Gallileus zieht um nach Erfurt und sucht ab sofort
Praktikanten und studentische Hilfskräfte.

Weitere Informationen finden Sie hier:

http://www.gallileus.info/gallileusnews/gallijobs/
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

On Tue, 2006-02-14 at 19:06 +0100, Sascha Ottolski wrote:
> Am Freitag, 10. Februar 2006 18:39 schrieb Robert Segall:
> > >       Priority  9
> >
> > When all your servers are equal you are better off with Priority 1
> > for all of them.
> 
> just curious, what would be the difference? I would think, with all 
> backends having the same priority, the chosen number wouldn't matter at 
> all.

In the 1.x series the code is slightly less efficient if you use 9/9 (a
bit more memory used, and a few extra CPU cycles). This has been fixed
in 2.x
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904

Hello Pound Community,

we are searching for a apache https loadbalancing/failover solution on
windows 2003 platform.

Do you know if pound is running under windows without trouble?
If yes, do you have an howto/doc for (comiling)/configuring pound under windows

Thanks,
Robert

On Fri, 2006-02-24 at 07:52 +1000, Dean wrote:
> Hi,
> I have a device which sends a GET request in the format:
> dev.php?rd=1234567|i4gK2M0GL3M1SCFu00hOuw0Riu2f00j0000N801EKe02
> HTTP/1.1\r\nHost: 111.222.33.44\r\n\r\n
> The problem I face (I think) is that a pipe is not an allowed character?
> Hence I get a 501 error...or is it that the device isnt sending a proper
> header?
> How can I tell pound to turn off its checks for this url group (the port
> 8001 group)

Check your log files - Pound tells you exactly why it rejected the
request. With 2.x we have eliminated the (default) checks on URL, though
you can still specify them if you wish. In your case it's more likely
you have a bad request type (something other than GET, POST or HEAD).
-- 
Robert Segall
Apsis GmbH
Postfach, Uetikon am See, CH-8707
Tel: +41-44-920 4904