On Mon, Aug 07, 2006 at 10:47:10PM +0200, Phil Pennock wrote: > On 2006-08-07 at 19:23 +0200, Hack Kampbjorn wrote: > > Phil Pennock wrote: > > >The "easy" fix is theoretically to configure up extra private addresses > > >as aliases on the backend, and distribute the load over all of them. > > >This avoids having multiple ports and multiple entries -- it's one > > >cyrus.conf listening. The problem may be making sure that the front-end > > >knows that several backends are tied together as being one real system, > > >to avoid interesting failover effects. > > > > Why not have the extra IPs on the front-end? > > Selecting the source address, where there are multiple source addresses, > requires programming to manually force the non-default IP. The client > needs to explicitly bind() a socket, then connect it to the remote host. > If the software supports it, that's cool, but I was assuming that no > programming was preferred. Sorry, it's the sysadmin in me. > > Adding the IPs on the backend involves no changes in programming. Yes, exactly - though we're thinking about asking Igor (the author of Nginx) to allow you to choose a local bind address for each connection. We already send back everything else as HTTP response headers from the authentication daemon. Using HTTP as an authentication protocol felt strange for a bit, but it's actually really flexible, and you can just run up a CGI for easy testing. Bron. ---- Cyrus Home Page: http://asg.web.cmu.edu/cyrus Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html