[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#416397: ITP: haproxy -- fast and reliable load balancing reverse proxy

On Wed, Mar 28, 2007 at 10:11:51AM +1100, Russell Coker wrote:
> Has this problem been solved for a protocol other than HTTP?  In theory you 
> could have a user-space TCP stack that sends data to the back-end server with 
> a source address that is the same as that of the origin.  Has anyone done 
> this?

If it has, I've not seen it in any RFCs nor in any of the most common
load-balancing solutions for Enterprises (all products I know of are
closed-sourced so I will not provide names) I've worked with.  Most of them
avoid this issue by working inline and NATting the destination IP of incoming
requests transparently. That way they original IP address is preserved.

Including the "standard" X-Forwarded-For HTTP header when working with
transparents proxy is somewhat common for those devices not working inline
with the traffic flow. Although that is rarely used for more than log
statistics (visitors, etc) since authentication is typically application-level

Just my 2c.


Attachment: signature.asc
Description: Digital signature

Reply to: