httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain De Rasse <romain.dera...@atosorigin.com>
Subject Re: RE: RE: [users@httpd] multipath proxy chaining (failover)
Date Wed, 03 Feb 2010 09:08:29 GMT
Hi,

about DNS, the problem is more about timeouts than about TTLs or caches because I don't use
round robin but fixed rrsets. But still DNS is not the right solution.

I'll definitely look more deeply at LVS and haproxy ; I firstly focused on Apache and DNS
in order not to change the existing architecture too much (cost effectiveness :-)

Thanks for your help.

Regards,

Romain


========================================
 Date du message : févr. 02 2010, 07:13 PM
 De : "Emmanuel Bailleul" <Emmanuel.Bailleul@telindus.fr>
 A : "users@httpd.apache.org" <users@httpd.apache.org>
 Copie : 
 Sujet : RE: RE: [users@httpd] multipath proxy chaining (failover)
 
 > -----Message d'origine-----
 > De : Romain De Rasse [mailto:romain.derasse@atosorigin.com]
 > Envoyé : mardi 2 février 2010 17:09
 > À : users@httpd.apache.org
 > Cc : Emmanuel Bailleul
 > Objet : Re: RE: [users@httpd] multipath proxy chaining (failover)
 > 
 > Emmanuel,
 > 
 > thank you for your answer.
 > 
 > I read some docs, made some tests and I don't think I will succeed using
 > ProxyPass and the balancer.
 > 
 > To be more specific, here is the original architecture, which is OK :
 > Web clients have a proxy configured in their browser : IP1 port 999.
 > The first Apache proxy (with IP address IP1) listens on port 999 and has a
 > ProxyRemote configuration ("ProxyRemote * http://IP2:999"),
 > The second Apache proxy in the chain (with IP address IP2) is the las
 > proxy in the chain, so he performs the DNS request on behalf of the client
 > and reaches the web server.
 > 
 > I don't use any Reverse Proxy fonctionnality, and I try to provide
 > failover for the second Apache proxy in the chain with IP address IP2.
 > 
 > I tried this configuration for the first proxy in the chain (IP1) :
 > "ProxyRemote * http://FQDN:999"
 > resolving "FQDN" with 2 IP addresses, always in the same order (IP2 then
 > the IP of the new proxy used for failover).
 > Unfortunately this is too slow if the first address become unreachable.
 > 
 > It seems that Apache is not designed to do what I try to do. I keep
 > searching.
 > 
 > Regards,
 > 
 > Romain
 > 
 > ========================================
 >  Date du message : févr. 02 2010, 10:57 AM
 >  De : "Emmanuel Bailleul" <Emmanuel.Bailleul@telindus.fr>
 >  A : "users@httpd.apache.org" <users@httpd.apache.org>
 >  Copie :
 >  Sujet : RE: [users@httpd] multipath proxy chaining (failover)
 > 
 >  > -----Message d'origine-----
 >  > De : Romain De Rasse [mailto:romain.derasse@atosorigin.com]
 >  > Envoyé : mardi 2 février 2010 10:26
 >  > À : users@httpd.apache.org
 >  > Objet : [users@httpd] multipath proxy chaining (failover)
 >  >
 >  > Hi,
 >  >
 >  > I use the ProxyRemote Directive from the mod_proxy module.
 >  >
 >  > I try to do multipath proxy chaining.
 >  >
 >  > I mean :
 >  > ProxyRemote * http://192.168.1.1:999
 >  > ProxyRemote * http://192.168.1.254:999
 >  >
 >  > The desired effect is that Apache firstly tries the proxy "192.168.1.1"
 >  > and forward the request to this proxy if he is available.
 >  > If this proxy is down, then I'd like Apache to try the second proxy
 >  > (192.168.1.254), so the path to the web server would be different
 >  > (failover in case of a dead proxy).
 >  >
 >  > At this time I didn't succeed ;if the first proxy is down then the
 >  > connection fails.
 >  >
 >  > Does someone have already succeeded in doing such a thing ?
 >  >
 >  > regards,
 >  >
 >  > Romain
 >  >
 >  >
 > 
 >  Hi,
 > 
 >  The 'ProxyRemote' directive does not seem to handle failover on its own,
 > as per http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxyremote.
 >  Depending on the config of your Apache server (in particular if you use
 > it for other purposes -ie reverse proxy), you could maybe use a "balancer
 > setup" with two members, the latter being configured as 'hot-standby' (?).
 > See http://httpd.apache.org/docs/2.2/mod/mod_proxy.html#proxypass in the
 > same doc for an sample config.
 >  If your goal is only to perform failover of proxy servers, you may also
 > use other "failover" techniques and/or softwares, for ex. : LVS, haproxy,
 > ...
 > 
 >  Regards.
 > 
 >  Emmanuel
 > 
 > 
 > 
 > Romain De Rasse
 > Atos Origin Infogérance
 > Workplace et Communications Services
 > Tour Horizon
 > 64 rue du 8 Mai 1945
 > 92025 Nanterre Cedex
 
 
 IMHO, using dns round robin is not the right way to go in your situation, due to TTLs of
records and various dns caches (including in browsers) that could make the failover unusable
...
 Again, if you just have to provide http proxy failover for 2 boxes, one of the simplest setup
would be to use LVS (http://www.linuxvirtualserver.org/), in LVS-DR mode for example, or some
other soft load balancer like haproxy (http://haproxy.1wt.eu/), which I would recommend for
several reasons, including its ease of use.
 
 Emmanuel
 


Romain De Rasse 
Atos Origin Infogérance 
Workplace et Communications Services
Tour Horizon 
64 rue du 8 Mai 1945 
92025 Nanterre Cedex


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message