On Tue, 2015-03-24 at 10:18 -0400, Brendan Kearney wrote: > while load balancing is not a requirement in a proxy environment, it > does afford a great deal of functionality, scaling and fault tolerance > in one. several if not many on this list probably employ them for their > proxies and likely other technologies, but they are not all created > equal. > > i recently looked to see if a specific feature was in HAProxy. i was > looking to see if HAProxy could reply to a new connection with a RST > packet if no pool member was available. > > the idea behind this is, if all of the proxies are not passing the > service check and are marked down by the load balancer, the reply of a > RST in the TCP handshake (i.e. SYN -> RST, not SYN -> SYN/ACK -> ACK) > tells the browser to failover to the next proxy assigned by the PAC > file. > > where i work, we have this configuration working. the load balancers > are configured with the option to send a reset when no proxy is > available in the pool. the PAC file assigns all 4 of the proxy VIPs in > a specific order based on which proxy VIP is assigned as the primary. > In every case, if the primary VIP does not have an available pool > member, the browser fails over to the next in the list. failover would > happen again, if the secondary VIP replies with a RST during the > connection establishing. the process repeats until a TCP connection > establishes or all proxies assigned have been exhausted. the browser > will use the proxy VIP that it successfully connects to, for the > duration of the session. once the browser is closed and reopened, the > evaluation of the PAC file occurs again, and the process starts anew. > plug-ins such as Proxy Selector are the exception to this, and can be > used to reevaluate a PAC file by selecting it for use. > > we have used this configuration several times, when we found an ISP link > was flapping or some other issue more global in nature than just the > proxies was affecting our egress and internet access. i can attest to > the solution as working and elegantly handling site wide failures. > > being that the solutions where i work are proprietary commercial > products, i wanted to find an open source product that does this. i > have been a long time user of HAProxy, and have recommended it for > others here, but sadly they cannot perform this function. per their > mailing list, they use the network stack of the OS for connection > establishment and cannot cause a RST to be sent to the client during a > TCP handshake if no pool member is available. > > they suggested an external helper that manipulates IPTables rules based > on a pool member being available. they do not feel that a feature like > this belongs in a layer 4/7 reverse proxy application. > > my search for a load balancer solution went through ipvsadm, balance and > haproxy before i selected haproxy. haproxy was more feature rich than > balance, and easier to implement than ipvsadm. do any other list > members have a need for such a feature from their load balancers? do > any other list members have site failover solutions that have been > tested or used and would consider sharing their design and/or pain > points? i am not looking for secret sauce or confidential info, but > more high level architecture decisions and such. > trying to send this again, as it was rejected previously. _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
