|
/
Zope
/
Apsis
/
Pound Mailing List
/
Archive
/
2011
/
2011-08
/
Pound DNS and TCP Proxy / Load Balancing
[
How to force outgoing IP ? / Morgan Cox ... ]
[
Log only anonymized IP addresses / Christian ... ]
Pound DNS and TCP Proxy / Load Balancing
Mark <linuxmad(at)hotmail.com> |
2011-08-06 20:06:08 |
[ FULL ]
|
Hi All,
This looks like an interesting product - one I came across a long time ago but
have not had the need to use until perhaps now. With that i've got 2 simple and
short questions.
1. Can pound include backend servers where the backends are are called by
hostname DNS and then the TTL of the DNS is adhered to thus once reached pound
will resolve the DNS to the backend hostname again so that when the IP changes
for the backend pound will pick-up on this without me needing to restart pound?
2. I see lots about http and https etc, but i'm looking at pound more for TCP
load balancing, I don't need any special gadgets and abilities just a simple
TCP balancing of SSL and http. IE i don't want pound to terminate the SSL and
look at the request, but I do want it to be able to load balance SSL and http
and pick-up on failure of backends if all that is possible with pound?
If both those are a yes it can do, then I'm going to start using it ASAP.
Best and thanks for any guidance provided,
Mark
|
|
|
|
|
Re: [Pound Mailing List] Pound DNS and TCP Proxy / Load Balancing
Anthony Somerset <anthony(at)somersettechsolutions.co.uk> |
2011-08-06 20:15:39 |
[ FULL ]
|
Pound can't load balance ssl traffic without terminating it first. You need
real hardware that balances at a lower network layer
Anthony Somerset
Please excuse the brevity.
Sent from my iPhone.
On 6 Aug 2011, at 19:12, Mark <linuxmad(at)hotmail.com> wrote:
Hi All,
This looks like an interesting product - one I came across a long time ago
but have not had the need to use until perhaps now. With that i've got 2
simple and short questions.
1. Can pound include backend servers where the backends are are called by
hostname DNS and then the TTL of the DNS is adhered to thus once reached
pound will resolve the DNS to the backend hostname again so that when the IP
changes for the backend pound will pick-up on this without me needing to
restart pound?
2. I see lots about http and https etc, but i'm looking at pound more for
TCP load balancing, I don't need any special gadgets and abilities just a
simple TCP balancing of SSL and http. IE i don't want pound to terminate the
SSL and look at the request, but I do want it to be able to load balance SSL
and http and pick-up on failure of backends if all that is possible with
pound?
If both those are a yes it can do, then I'm going to start using it ASAP.
Best and thanks for any guidance provided,
Mark
|
|
|
|
|
RE: [Pound Mailing List] Pound DNS and TCP Proxy / Load Balancing
Mark <linuxmad(at)hotmail.com> |
2011-08-06 20:21:15 |
[ FULL ]
|
Thanks for the reply.
So pound can only load balance http/s and can't do anything based on just tcp
load balancing.
Shame - well good to know.
Thanks,
Mark
From: anthony(at)somersettechsolutions.co.uk
Date: Sat, 6 Aug 2011 19:15:39 +0100
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] Pound DNS and TCP Proxy / Load Balancing
Pound can't load balance ssl traffic without terminating it first. You need
real hardware that balances at a lower network layer
Anthony Somerset
Please excuse the brevity.
Sent from my iPhone.
On 6 Aug 2011, at 19:12, Mark <linuxmad(at)hotmail.com> wrote:
Hi All,
This looks like an interesting product - one I came across a long time ago but
have not had the need to use until perhaps now. With that i've got 2 simple and
short questions.
1. Can pound include backend servers where the backends are are called by
hostname DNS and then the TTL of the DNS is adhered to thus once reached pound
will resolve the DNS to the backend hostname again so that when the IP changes
for the backend pound will pick-up on this without me needing to restart pound?
2. I see lots about http and https etc, but i'm looking at pound more for TCP
load balancing, I don't need any special gadgets and abilities just a simple
TCP balancing of SSL and http. IE i don't want pound to terminate the SSL and
look at the request, but I do want it to be able to load balance SSL and http
and pick-up on failure of backends if all that is possible with pound?
If both those are a yes it can do, then I'm going to start using it ASAP.
Best and thanks for any guidance provided,
Mark
|
|
|
|
|
Re: [Pound Mailing List] Pound DNS and TCP Proxy / Load Balancing
Dave Steinberg <dave(at)redterror.net> |
2011-08-06 20:21:21 |
[ FULL ]
|
On 8/6/2011 2:06 PM, Mark wrote:[...]
I think there was a patch floating around for this, but I don't believe
it's been merged into the main distribution. I may never be - I'm not
sure exactly where that discussion ended.
[...]
Pound is probably not what you want, since pound's modus operandi is to
parse incoming HTTP headers and do stuff based on that. You'll probably
find HAProxy more to your liking if you want TCP load balancing with the
option of getting into HTTP specific stuff. Or relayd, if you happen to
be an Openbsd user.
Regards,[...]
|
|
|
Re: [Pound Mailing List] Pound DNS and TCP Proxy / Load Balancing
Anthony Somerset <anthony(at)somersettechsolutions.co.uk> |
2011-08-06 20:32:02 |
[ FULL ]
|
Yes. Pretty much. you could theoretically load balance non http traffic but
that isn't what its designed for and I certainly haven't tried it for that
purpose. You certainly can't balance ssl traffic in this way without
terminatin the ssl connection in pound, you could however use https backends
but pound still has to decrypt the first
Anthony Somerset
Please excuse the brevity.
Sent from my iPhone.
On 6 Aug 2011, at 19:28, Mark <linuxmad(at)hotmail.com> wrote:
Thanks for the reply.
So pound can only load balance http/s and can't do anything based on just
tcp load balancing.
Shame - well good to know.
Thanks,
Mark
------------------------------
From: anthony(at)somersettechsolutions.co.uk
Date: Sat, 6 Aug 2011 19:15:39 +0100
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] Pound DNS and TCP Proxy / Load Balancing
Pound can't load balance ssl traffic without terminating it first. You need
real hardware that balances at a lower network layer
Anthony Somerset
Please excuse the brevity.
Sent from my iPhone.
On 6 Aug 2011, at 19:12, Mark <linuxmad(at)hotmail.com> wrote:
Hi All,
This looks like an interesting product - one I came across a long time ago
but have not had the need to use until perhaps now. With that i've got 2
simple and short questions.
1. Can pound include backend servers where the backends are are called by
hostname DNS and then the TTL of the DNS is adhered to thus once reached
pound will resolve the DNS to the backend hostname again so that when the IP
changes for the backend pound will pick-up on this without me needing to
restart pound?
2. I see lots about http and https etc, but i'm looking at pound more for
TCP load balancing, I don't need any special gadgets and abilities just a
simple TCP balancing of SSL and http. IE i don't want pound to terminate the
SSL and look at the request, but I do want it to be able to load balance SSL
and http and pick-up on failure of backends if all that is possible with
pound?
If both those are a yes it can do, then I'm going to start using it ASAP.
Best and thanks for any guidance provided,
Mark
|
|
|
|
|
RE: [Pound Mailing List] Pound DNS and TCP Proxy / Load Balancing
Mark <linuxmad(at)hotmail.com> |
2011-08-06 20:38:53 |
[ FULL ]
|
Thanks Dave.
Yea - i'm already using haproxy and it however has problem number 1 from my two
questions. I dont have static IPs so can't rely on what might be preferable to
use just IPs for a backend.
Its a headache at the moment, but nevermind. Just a case of finding the tool
for the job as it were.
Thanks,
Mark
[...]
|
|
|
|
|
RE: [Pound Mailing List] Pound DNS and TCP Proxy / Load Balancing
Mark <linuxmad(at)hotmail.com> |
2011-08-06 20:41:14 |
[ FULL ]
|
Again thanks for the reply.
Speed of reply from people in this mailing list is truly second to none. You
guys should pat yourselves on the back. I've not experienced replies flying
back as quick as this at any other mailing list. Awesome!
From: anthony(at)somersettechsolutions.co.uk
Date: Sat, 6 Aug 2011 19:32:02 +0100
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] Pound DNS and TCP Proxy / Load Balancing
Yes. Pretty much. you could theoretically load balance non http traffic but
that isn't what its designed for and I certainly haven't tried it for that
purpose. You certainly can't balance ssl traffic in this way without terminatin
the ssl connection in pound, you could however use https backends but pound
still has to decrypt the first
Anthony Somerset
Please excuse the brevity.
Sent from my iPhone.
On 6 Aug 2011, at 19:28, Mark <linuxmad(at)hotmail.com> wrote:
Thanks for the reply.
So pound can only load balance http/s and can't do anything based on just tcp
load balancing.
Shame - well good to know.
Thanks,
Mark
From: anthony(at)somersettechsolutions.co.uk
Date: Sat, 6 Aug 2011 19:15:39 +0100
To: pound(at)apsis.ch
Subject: Re: [Pound Mailing List] Pound DNS and TCP Proxy / Load Balancing
Pound can't load balance ssl traffic without terminating it first. You need
real hardware that balances at a lower network layer
Anthony Somerset
Please excuse the brevity.
Sent from my iPhone.
On 6 Aug 2011, at 19:12, Mark <linuxmad(at)hotmail.com> wrote:
Hi All,
This looks like an interesting product - one I came across a long time ago but
have not had the need to use until perhaps now. With that i've got 2 simple and
short questions.
1. Can pound include backend servers where the backends are are called by
hostname DNS and then the TTL of the DNS is adhered to thus once reached pound
will resolve the DNS to the backend hostname again so that when the IP changes
for the backend pound will pick-up on this without me needing to restart pound?
2. I see lots about http and https etc, but i'm looking at pound more for TCP
load balancing, I don't need any special gadgets and abilities just a simple
TCP balancing of SSL and http. IE i don't want pound to terminate the SSL and
look at the request, but I do want it to be able to load balance SSL and http
and pick-up on failure of backends if all that is possible with pound?
If both those are a yes it can do, then I'm going to start using it ASAP.
Best and thanks for any guidance provided,
Mark
|
|
|
|
|
RE: [Pound Mailing List] Pound DNS and TCP Proxy / Load Balancing
"Simon Matter" <simon.matter(at)invoca.ch> |
2011-08-06 20:55:43 |
[ FULL ]
|
Re: [Pound Mailing List] Pound DNS and TCP Proxy / Load Balancing
Heiko Schlittermann <hs(at)schlittermann.de> |
2011-08-07 00:19:23 |
[ FULL ]
|
Hello Mark,
Mark <linuxmad(at)hotmail.com> (Sat Aug 6 20:06:08 2011):[...]
The pound config may contain the name (not the IP) of the backend(s),
but pound seems to resolve this name only once at startup. We came
across this when we had a backend using a dynamically assigned IP.
We (my college) wrote "dynamic IP" patch for pound, with this patch (and
a new config option) pound resolves the host name(s) each time. Of
course, this causes some additionally load, but if you're using a local
caching resolver (obeying TTLs), it should be acceptable. BUT -- this
patch was not written with performance but with flexibility in mind!
[...]
This question I can't answer, I'm not sure if pound can forward/balance
HTTPS just as it is.
[...]
|
|
|
|
|
|
