[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#416397: ITP: haproxy -- fast and reliable load balancing reverse proxy

On Wednesday 28 March 2007 21:51, Javier Fernández-Sanguino Peña 
<jfs@computer.org> wrote:
> On Wed, Mar 28, 2007 at 10:11:51AM +1100, Russell Coker wrote:
> > Has this problem been solved for a protocol other than HTTP?  In theory
> > you could have a user-space TCP stack that sends data to the back-end
> > server with a source address that is the same as that of the origin.  Has
> > anyone done this?
> If it has, I've not seen it in any RFCs nor in any of the most common
> load-balancing solutions for Enterprises (all products I know of are
> closed-sourced so I will not provide names) I've worked with.  Most of them
> avoid this issue by working inline and NATting the destination IP of
> incoming requests transparently. That way they original IP address is
> preserved.

An RFC would not be needed for such things.  Van Jacobson has demonstrated TCP 
in user-space for performance reasons.  dsniff is one of the packages in 
Debian that has user-space TCP code for sniffing data.

There's nothing radically new about this idea, it's just a matter of whether 
it's been implemented for HA proxies.

NATing connections avoids the issue of source addresses at the cost of being 
unable to modify data in-flight (apart from the minor modifications needed 
for NAT - eg the FTP module).

If you want to do serious modifications to the data (EG taking a HTTPS stream 
from the net and then forwarding HTTP to the back-end server) then writing a 
kernel module isn't a good option - I don't think that Linus would accept 
GNUTLS in kernel-space.

http://etbe.blogspot.com/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development

Reply to: