The mod_proxy_balancer Cookbook A module overview with practical solutions to common problems Daniel Ruggeri.

Slides:



Advertisements
Similar presentations
Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.
Advertisements

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Apache Performance Tuning Part 2: Scaling Out Sander Temme.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Clustering and load balancing with Apache 2.2 mod_proxy
Apache Performance Tuning Part 2: Scaling Out Sander Temme.
Scalability and planning for growth 1WUCM1. Content management issues Structural – Naming (e.g. file, URL) policy – File and directory naming needs: invent/design/borrow.
Analysis and Performance Information Systems 337 Prof. Harry Plantinga.
Computer Networks Transport Layer. Topics F Introduction  F Connection Issues F TCP.
© 2014 ScaleArc. All Rights Reserved. 1 Creating an Agile Data Environment for Apps in the Cloud Summer 2014.
CLUSTER WEBLOGIC SERVER. 1.Creating clusters and understanding its concept GETTING STARTED.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Fronting Tomcat with Apache Httpd Mladen Turk Red Hat, Inc.
On the Use and Performance of Content Distribution Networks Balachander Krishnamurthy Craig Wills Yin Zhang Presenter: Wei Zhang CSE Department of Lehigh.
Additional SugarCRM details for complete, functional, and portable deployment.
CIS679: RTP and RTCP r Review of Last Lecture r Streaming from Web Server r RTP and RTCP.
Basics of the HTTP Protocol and Apache Web Server Brandon Checketts.
Server Load Balancing. Introduction Why is load balancing of servers needed? If there is only one web server responding to all the incoming HTTP requests.
Lighttpd & Modcache 2009/06/28. Basic lighttpd info Event-driven, single process Event-driven, single process Uses non-block io (network) + writev (memory)
Design Windows Media Services Infrastructure. Module 7: Design Windows Media Services Infrastructure Design Windows Media Services for live streaming.
SANGFOR AD INTRODUCTION
1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.
Access Gateway Operation
11 Copyright © 2005, Oracle. All rights reserved. Configuring the Oracle Network Environment.
Socket based Client/Server Systems Exercises in. Exercises Build a generic client Build an echo server Build a http client and server Build a proxy/firewall.
APEX power! Alan Arentsen brought to you by GlassFish.
The Power of mod_proxy Proxy servers, load balancers and how to implement with Apache HTTP Server.
London April 2005 London April 2005 Creating Eyeblaster Ads The Rich Media Platform The Rich Media Platform Eyeblaster.
Apache Performance Tuning Part 2: Scaling Out Sander Temme.
Apache Web Server. Aim of this section –Introduce you to workings of the most common webserver –Give you a little experience in role of webmaster Configuring.
On the Performance of TCP Splicing for URL-aware Redirection Ariel Cohen, Sampath Rangarajan, and Hamilton Slye The 2 nd USENIX Symposium on Internet Technologies.
1 Internet Control Message Protocol (ICMP) Used to send error and control messages. It is a necessary part of the TCP/IP suite. It is above the IP module.
Module 10 Administering and Configuring SharePoint Search.
Module 9: Implementing Caching. Overview Caching Overview Configuring General Cache Properties Configuring Cache Rules Configuring Content Download Jobs.
Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.
® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management
Integrating and Troubleshooting Citrix Access Gateway.
1 Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess AFNOG X Cairo, Egypt May 2009 Hervey Allen.
Operating Systems Lesson 12. HTTP vs HTML HTML: hypertext markup language ◦ Definitions of tags that are added to Web documents to control their appearance.
Apache HTTP Server from 10,000 feet An open source Apache feature overview and discussion.
D-Link TSD 2009 workshop D-Link Net-Defends Firewall Training ©Copyright By D-Link HQ TSD Benson Wu.
Combining ArcGIS for Server & ArcGIS Online Julia Guard and Matt Monson.
Internet Information Server 6.0 & new management features.
Overview on Web Caching COSC 513 Class Presentation Instructor: Prof. M. Anvari Student name: Wei Wei ID:
Virtual Machine Movement and Hyper-V Replica
Draft-carpenter-v6ops-label-balance-02 Brian Carpenter Sheng Jiang (Speaker) Willy Tarreau March 2012 IPv6 Flow Label for Server Load Balancing - update.
V2 January © 2015 Citrix | Confidential – Content in this presentation is under NDA. NetScaler Pitch Deck One solution for all apps.
Andrew Lahiff HEP SYSMAN June 2016 Hiding infrastructure problems from users: load balancers at the RAL Tier-1 1.
1 Super/Ultra-Basic Load-Balancing Introduction For AFNOG 2012 Joel Jaeggli.
Linux Virtual Server Jim Lawson VAGUE/University of Vermont /
2B3309 Server Security Lars Noodén ( ) Web Server Configuration.
Presented by Michael Rainey South Mississippi Linux Users Group
BUILD SECURE PRODUCTS AND SERVICES
NAT、DHCP、Firewall、FTP、Proxy
Layer 3 Redundancy 1. Hot Standby Router Protocol (HSRP)
NodeJS Security Using PassportJS and HelmetJS:
Lab A: Planning an Installation
Essential tools for implementing and testing websites
Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.
HTTP – An overview.
F5 BIGIP V 9 Training.
Web Development Web Servers.
Securing the Network Perimeter with ISA 2004
Network Load Balancing
Web Caching? Web Caching:.
Hints and tips for faster web apps
Apache Performance Tuning
Application Performance & Availability with vCloud Hybrid Service and KEMP Technologies New York: • Limerick: • Hannover:
Apache Performance Tuning
Presentation transcript:

The mod_proxy_balancer Cookbook A module overview with practical solutions to common problems Daniel Ruggeri

Introduction About Daniel Ruggeri –DRuggeri primary.net Standard Disclaimer –I'm speaking personally and not on behalf of my employer. The examples and comments are my personal opinions and should not be considered the official practices or positions of MasterCard.

Introduction Title is a misnomer –Not just mod_proxy –Application dependencies Warning – eye charts ahead! –Examples may be hard to read –Included for completeness Download this presentation!

Features of Load Balancers Load balancing Session stickiness Connection pooling Failover Health checking Dynamic modification of members Cache/compress/shape traffic TCP and SSL offload Attack mitigation

How HTTPD Stacks Up

Load Distribution byrequests –Perform balancing based solely on requests served. bytraffic –Perform balancing by byte count (in response body) served. bybusyness –Perform balancing based on how many pending requests exist for a backend.

Load Distribution Asymmetric distribution –loadfactor option for BalancerMember higher number == higher load. –+H option for hot-standby Disables worker until others are unavailable. Don’t forget lbset. –Selective proxying using ! and ordering Do not proxy certain requests or choose a different backend.

Example: weighting BalancerMember loadfactor=2 BalancerMember smax=10 loadfactor=2 #Less powerful server, don't send as many requests there BalancerMember smax=1 loadfactor=1 ProxyPass / balancer://mycluster/ stickysession=JSESSIONID

Example: hot standby BalancerMember BalancerMember #Hot standby BalancerMember status=+H ProxySet lbmethod=bytraffic ProxyPass / balancer://hotcluster/

Example: selective proxying BalancerMember BalancerMember BalancerMember BalancerMember ProxyPass /static/ ! ProxyPass /applicationA/ balancer://AppCluster1/ ProxyPass /applicationB/ balancer://AppCluster2/ ProxyPass / balancer://hotcluster/

Session Stickiness Built-in (as designed) –mod_proxy_balancer includes facilities to do this. –Not always compatible or easy. Roll your own –Use the built-in functions but tweak to your liking. Route parameter comes into play

A Sticky Matter Many different formats for session identifiers based on backend. –Cookies, URLs, formats, etc Built-in is not 100% compatible. –Requires dot or semicolon as a delimiter

Example: universal sticky LoadModule headers_module modules/mod_headers.so BalancerMember route=mercury BalancerMember route=venus ProxySet stickysession=DanielsApp_STICKY Header add Set-Cookie "DanielsApp_STICKY=sticky.%{BALANCER_WORKER_R OUTE}e;path=/;" env=BALANCER_ROUTE_CHANGED ProxyPass /daniel/ balancer://DanielCluster/daniel/

Connection Pooling Parameters –min hard minimum –max hard maximum –smax soft maximum –ttl time allowed above smax Other parameters come into play Complications…

Example: connection pooling BalancerMember min=5 smax=7 max=10 ttl=10 BalancerMember min=5 smax=7 max=10 ttl=10 ProxyPass / balancer://myCluster/

Failover/Health Check Yes, it does… but…. –Failover capability for connection only Connection errors fail over to next backend seamlessly. SSL errors go back to user (are not taken out of service). Hung backend errors go back to user (are not taken out of service). – has some light intelligence added

Failover/Health Check No heath check capability –Requires real, live traffic –In the future… Lots of discussion on list –Something in 2.4? You must come up with a way to work around it

Failover - Mitigating Controls connectiontimeout –Sets the number of seconds to wait for a TCP connection. ProxyTimeout –Sticks and stones – fail fast (but not a real failure). Monitoring –Create external monitoring to force traffic through HTTPD.

Dynamic Modification BalancerManager is currently the only method to modify members. Limited set of parameters –Balancer sticky identifier, timeout, failover, lbmethod –Worker loadfactor, lbset, route, redirect Be safe out there

BalancerManager

Cache/Compress/Shape Caching via mod_cache –Too much to cover here. Compress via mod_deflate Shape via… –mod_headers, mod_rewrite, mod_substitute, mod_env/mod_setenvif, mod_expires, mod_*filter The sky is the limit!

Example: traffic shaping … ProxyPass /app balancer://myCluster/appl ProxyPassReverse /app balancer://myCluster/app AddOutputFilterByType SUBSTITUTE text/html Substitute "s| RequestHeader set environment production AddOutputFilterByType DEFLATE text/html text/xml

TCP/SSL offload Funnel into the pipeline –Many requests one backend connection –keepalive is a beautiful thing SSL benefits as well –HTTPS to HTTPD –Can run HTTP or HTTPS to backend Either will be more efficient!

Attack Mitigation Security modules Separation –Tiered approach –Standards enforcement Filtering/Blocking/Restricting –Allow from certain hosts –Authn/Authz modules

Questions/Scenarios?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.