Does pound redirect all traffic back to the Pound server?

 

Were using pound to load balance across some high bandwidth apache web
servers.

 

I noticed that all the requests seem to get send from the backend servers,
to the pound server, before its sent to the client. 

 

Is there a way to make pound send the client the request directly? Rather
then it going back to the pound server and then to the client? 

 

We would like to use Pound as a load balancer for distribution servers, but
it doesn't make sense if all the traffic is routed back through pound.

 

Our bottleneck is bandwidth, the pound server cant pass all the traffic
through it and maintain the load. If all the traffic is sent back to the
pound server there is no load balancing of the bandwidth going on here. 

 

I assumed Pound would redirect the request to the back-end server and then
be "out of the loop" with the backend server sending the content directly to
the client, but this doesn't seem to be the case.

 

Am I correct in my assessment? And is there a way to implement the
functionality we are looking for? 

 

Thank You, 

 

Kiriki Delany

What you are describing is direct server return.  Pound doesn't do this.  In
fact, I don't even recommend it and I work with a pretty high volume site.
At a previous job (Musicmatch), we also opted to avoid DSR and it helped us
enormously.  One problem that you get is that you have to do some pretty
clever configuration on the backend servers so that they masquerade
correctly.  Having a proxy like pound in the chain avoids this.  I generally
try to avoid having the network and the software levels have to interact too
much.  DSR puts network configuration responsibilities onto the server
deployment team which is not a good idea.  With a proxying load-balancer,
the network guys do networking and the software guys do software.

Generally, if you have a very high bandwidth solution, you are in the market
for a hardware load balancer such as an f5.  Haproxy might also be a
solution for your, but you will probably have problems scaling that beyond
Gb/s levels.  Pound is good, but it doesn't yet go to really high bandwidth
levels.  The hardware solutions are expensive, but in my experience, they
are well worth it.  I will be thrilled the day that free software solutions
get good enough to change my mind.  There is no reason why this can't happen
other than time and maturation.

The real thing that pushed us away from software solutions such as pound was
not the bandwidth, however, but was instead the fact that the f5's do
real-time session replication to the cold standby system and you can do
real-time mods to the configuration without dropping traffic or sessions.
Those two requirements are absolutely non-negotiable for us.  We use pound
internally when we build a toy version of our system for QA, but that system
can go down for reconfiguration while the production system absolutely
cannot.

We also use a content delivery network to moderate our traffic to the origin
servers.  We get about 5:1 scaling there.  The f5, however, handles not only
our outbound traffic but also many levels of internal indirection between
web services and even the database, so the content delivery network is not
necessary for our system.  We don't even have the high end f5 system and I
think it is rated at something north of 5Gbps.  We rarely even budge the
needles on the load measurement and we have a pretty high volume site.


On 10/30/06 11:52 AM, "Kiriki Delany" <kiriki(at)streamguys.com> wrote:
[...]

Thanks for the thorough analysis Ted.

I'm pretty well versed in the DSR implementation with hardware load
balancers, we run server irons for it within a single data center.

However, there is a big need for a middle of the road product. Hardware load
balancers are out of the realm for this project, were not pushing gbps, only
a few hundred mbps per server. We are also looking for a load balancing
solution that works over the WAN in separate data centers where you would
need multiple hardware load balancers in each POP

Pound is great because it's a light-weight traffic cop in front of http
services. 

I can understand why for most web services the DSR method would not work.
With our particular application I think its exactly what were looking for.
Were pushing downloads basically to clients that don't need interactive
support.

We really do want exactly what pound does on the front end, but with a DSR
approach on the back-end servers

Has any thought been put into what it would take to enable DSR for Pound? Is
this in the realm of possibilities? Maybe for Apsis commercial?

Thank You, 


Kiriki Delany


-----Original Message-----
From: Ted Dunning [mailto:tdunning(at)veoh.com] 
Sent: Monday, October 30, 2006 12:24 PM
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] Pound - Does it redirect all traffic back
to the pound server?



What you are describing is direct server return.  Pound doesn't do this.  In
fact, I don't even recommend it and I work with a pretty high volume site.
At a previous job (Musicmatch), we also opted to avoid DSR and it helped us
enormously.  One problem that you get is that you have to do some pretty
clever configuration on the backend servers so that they masquerade
correctly.  Having a proxy like pound in the chain avoids this.  I generally
try to avoid having the network and the software levels have to interact too
much.  DSR puts network configuration responsibilities onto the server
deployment team which is not a good idea.  With a proxying load-balancer,
the network guys do networking and the software guys do software.

Generally, if you have a very high bandwidth solution, you are in the market
for a hardware load balancer such as an f5.  Haproxy might also be a
solution for your, but you will probably have problems scaling that beyond
Gb/s levels.  Pound is good, but it doesn't yet go to really high bandwidth
levels.  The hardware solutions are expensive, but in my experience, they
are well worth it.  I will be thrilled the day that free software solutions
get good enough to change my mind.  There is no reason why this can't happen
other than time and maturation.

The real thing that pushed us away from software solutions such as pound was
not the bandwidth, however, but was instead the fact that the f5's do
real-time session replication to the cold standby system and you can do
real-time mods to the configuration without dropping traffic or sessions.
Those two requirements are absolutely non-negotiable for us.  We use pound
internally when we build a toy version of our system for QA, but that system
can go down for reconfiguration while the production system absolutely
cannot.

We also use a content delivery network to moderate our traffic to the origin
servers.  We get about 5:1 scaling there.  The f5, however, handles not only
our outbound traffic but also many levels of internal indirection between
web services and even the database, so the content delivery network is not
necessary for our system.  We don't even have the high end f5 system and I
think it is rated at something north of 5Gbps.  We rarely even budge the
needles on the load measurement and we have a pretty high volume site.


On 10/30/06 11:52 AM, "Kiriki Delany" <kiriki(at)streamguys.com> wrote:
[...]
but[...]
to[...]

[...]

We ran with pound on a pretty high volume side of our web-site before we
moved to hardware.

The trick is to put a caching proxy on the outside of pound.  You can use
very low level balancing (any IP based method will work) on the proxies
since they are stateless (except for the cached data).  Then pound behind
the proxies does load balancing and special direction on the residue of
cache misses.

Another option is to use haproxy.  This doesn't do DSR, but it does handle
really high transfer rates.  It should be able to easily saturate your 100's
of Mbps requirement.




On 10/30/06 3:23 PM, "Kiriki Delany" <kiriki(at)streamguys.com> wrote:
[...][...][...][...][...][...][...]

On Mon, 2006-10-30 at 11:52 -0800, Kiriki Delany wrote:[...]

Yes: you can define a service with a bunch of Redirects instead of
BackEnds. That way each incoming request will be answered with a 302,
sending the client to some server.

This is similar to DNS-based load-balancing, but is done entirely in
HTTP.[...]