From users-return-7571-archive-asf-public=cust-asf.ponee.io@trafficserver.apache.org Thu Feb 28 04:42:02 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 299FB180608 for ; Thu, 28 Feb 2019 05:42:01 +0100 (CET) Received: (qmail 71557 invoked by uid 500); 28 Feb 2019 04:41:59 -0000 Mailing-List: contact users-help@trafficserver.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@trafficserver.apache.org Delivered-To: mailing list users@trafficserver.apache.org Received: (qmail 71547 invoked by uid 99); 28 Feb 2019 04:41:59 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 28 Feb 2019 04:41:59 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 4F21DC927A for ; Thu, 28 Feb 2019 04:41:59 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.01 X-Spam-Level: ** X-Spam-Status: No, score=2.01 tagged_above=-999 required=6.31 tests=[DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, KAM_SHORT=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=encompasscorporation-com.20150623.gappssmtp.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id EcAAErjh_-TP for ; Thu, 28 Feb 2019 04:41:57 +0000 (UTC) Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com [209.85.221.47]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id B24AF60DDB for ; Thu, 28 Feb 2019 04:41:56 +0000 (UTC) Received: by mail-wr1-f47.google.com with SMTP id q1so20394108wrp.7 for ; Wed, 27 Feb 2019 20:41:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=encompasscorporation-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=komc5u5qkeHMAGhFXqd9cqgcqV6DdV9XhwECG4yDD90=; b=Bppxx15gcDdnmsniCSKuZCplMucmwiJNLLvFesQXxARj1uuQM+cKat7CDKFTNc9E6G Cvixq+SKEm7/5CGI6vWNhA5rkbK11On6Gh0eVNJIlY9AKgfrP66QCV6LvGMI+cPOQRAz G9WoS2Qee/3Pisq2bF53OjwdDPn0OULfftFPjDY+S2HordWTPwx8CTJN1NXEVzZXH+75 sc1jrNEqqFJJ9X2hQ3CJ4xzbMUQHztlTptiTWVV8P9grtLdPRiKyVLhtyLaqc8We7T1Z hpxtIuC3ITLOnckZSNAqEsiGV6Vx56G3E/Fznd5PaUmqJypJ7s0D86Uqm/B+lCwjp26/ Nffg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=komc5u5qkeHMAGhFXqd9cqgcqV6DdV9XhwECG4yDD90=; b=GrmO1kQ+acyZBN7yufXJzTJRfwlogQyiddHLQQpjQh+fs9zqG1q7Cnxo177JXQ0dVM 6EWrWCe7Z4LFhcnFa2DlSkCtg/2/zS1rXxeRiM/Cj6ZxR1nreuUv+aOmqFwmENKbkzl8 oiwKihecsxzcLdiB74MvoOS70AusJRHNXUCe0vwxwI0B6NLnZ3HxkNewtHAeiKM8JqWI LCM9Kj2QiQJ7MB3aFKCArwHQF+GWNefo9pyKGC0PdBfJrPo0xz6rrCOFDbR2on6SWVuN iKalw0Bzwp739x6lSQ/Qmsycvi7D4k/odpbQ2RbvqaRup8zUyel0KDo3OVroKdb7u2U4 2uMA== X-Gm-Message-State: APjAAAWV7Sl9NCTV4OAovlCv+OQUWXnSyjCSgDktG3A+8QKxP/7ZuyyY qKYRbg46Y9RfgFO0bcxx737KO3bQ0fMEhawHaNfGL6ZOMRf6Mw== X-Google-Smtp-Source: APXvYqyyRmfrXsSCCwBIcO6z8tVwC2+mTTJ4Tlm+PzNEG1gpOKf+Jv5QibOhaW32qcc6FZOuft5tAncTEcGYBkfmYvc= X-Received: by 2002:a5d:6346:: with SMTP id b6mr4776681wrw.118.1551328909188; Wed, 27 Feb 2019 20:41:49 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Igor Cicimov Date: Thu, 28 Feb 2019 15:41:36 +1100 Message-ID: Subject: Re: Can ATS handle other protocols other than HTTP/HTTPS? To: users@trafficserver.apache.org Content-Type: multipart/alternative; boundary="0000000000008ff5100582ece8b5" --0000000000008ff5100582ece8b5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi Eric, Great answers :-) ! However, if caching is not a requirement I would recommend Haproxy for this task though, I'm sure you will find it much easier to setup and use and more appropriate for the task in hand. On Thu, Feb 21, 2019 at 1:59 AM Eric Chaves wrote: > Hi Igor, > > Great questions! The short answer: it allows me to handle integration at > the edge of my networks. > > The long answer: > > The majority of our application runs in cloud-based solutions, some of > them in serverless environments and even those who do require (virtual) > servers (ie ec2 based) are dynamically allocated across a multiple > regions/locations. On top of that some communications must follow a given > route but other should be able to work in the actual IP network where the= y > are. In this scenario the network design (ie network ranges, nat, routing > tables, ip tables, vpn, etc) have too many moving parts. > > Since the majority of my integrations falls into two categories: > Webservices (HTTP/REST/SOAP etc) and File Transfers (FTP, SFTP, FTPS). > Those are all very well handled by proxies battled tested over years in > high demanding scenarios and it's easier to setup in accordance with my > integrations endpoint network requirements without actually incurring in = a > complex network design on my side. > > Caching is not a requirement, in fact it will hardly be used. But I need > to have good management support, ability to growth in cluster modes and > some other facilities where ATS (at a first glance) seems better than > squid, which is why I'm giving ATS a shot. The Proxy does need to know no= r > handle anything specific to support my applications, it just need to do > it's job. Everything else is on my application side =3D) > > Regards, > > Em qua, 20 de fev de 2019 =C3=A0s 00:28, Igor Cicimov < > igorc@encompasscorporation.com> escreveu: > >> Eric, >> >> On Wed, 20 Feb 2019 6:56 am Eric Chaves > >>> Nice! Thank you for answering! >>> >>> Em ter, 19 de fev de 2019 =C3=A0s 17:57, Jeremy Payne >>> escreveu: >>> >>>> i've configured putty to send traffic through ATS, same should work fo= r >>>> FTP. >>>> your FTP client will just have to support using a HTTP proxy. >>>> >>>> On Tue, Feb 19, 2019 at 2:47 PM Eric Chaves wrote: >>>> > >>>> > Hi Jeremy, thanks replying. I'm still working to have a basic >>>> version working on my AWS infrastructure (I'm having a hard time to wo= rk my >>>> way around the logs, I confess) so I wasn't able to test much yet. =3D= ) >>>> > >>>> > Your point on manually setting the proxy on the my application's is >>>> correct and are expected. >>>> > >>>> > Would you be able to confirm if the ATS knows how to handle the FTP >>>> protocol, or is it HTTP "aware" only? >>>> > >>>> > Cheers, >>>> > >>>> > Em ter, 19 de fev de 2019 =C3=A0s 17:32, Jeremy Payne >>>> escreveu: >>>> >> >>>> >> CONNECT method should work here.. Have you tried that ? >>>> >> Of course you'll have to explicitly set a proxy at the client end. >>>> >> >>>> >> >>>> >> On Tue, Feb 19, 2019 at 12:46 PM Eric Chaves wrote= : >>>> >> > >>>> >> > Hi Folks, >>>> >> > >>>> >> > I'm new to traffic-server and I'd like to evaluate it to be used >>>> as a non-cache forward proxy between my application servers and some 3= rd >>>> partners servers. My applications server are dynamically allocated (AW= S EC2 >>>> auto-scaled) but my partners services require us to reach them with a >>>> single IP addres, hence the idea of using ATS. >>>> >> > >>>> >> > In my scenario one important feature is the ability to handle >>>> other protcolos other than HTTP/S like FTP/S (and not required but des= ired >>>> SFTP). >>>> >> > >>>> >> > I've scouted the ATS docs but didn't found any specific reference >>>> for those other protocols. >>>> >> > >>>> >> > If possible I would like to hear from more experienced users if >>>> ATS is a good choice for this use case and if can handle other protoco= ls >>>> than HTTP. >>>> >> > >>>> >> > Thanks in advance for any help, >>>> >> > >>>> >> > Eric >>>> >>> >> Just out of curiosity, why ats? Why not something simpler, squid or soca= t >> or even iptables on an ec2 instance will do the job as tcp proxy? Is it >> caching the requirement? Also how good is ats in supporting dynamic >> backends like constantly changing ec2 instances? Is it something custom >> made taking care of it? >> >>> --=20 Igor Cicimov | Senior DevOps Engineer t +61 (1) 300-362-667 e igorc@encompasscorporation.com w www.encompasscorporation.com a Level 4, 65 York Street, Sydney, NSW, Australia 2000 follow encompass Blogs | LinkedIn | Twitte= r --0000000000008ff5100582ece8b5 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi = Eric,

Great answers :-) != However, if caching is not a requirement I would recommend Haproxy for thi= s task though, I'm sure you will find it much easier to setup and use a= nd more appropriate for the task in hand.

On Thu, Feb 21, 2019 at = 1:59 AM Eric Chaves <eric@uolet.com> wrote:
Hi Igor,

Great questions!= The short answer: it allows me to handle integration at the edge of my net= works.

The long answer:

T= he majority of our application runs in cloud-based solutions, some of them = in serverless environments and even those who do require (virtual) servers = (ie ec2 based) are dynamically allocated across a multiple regions/location= s. On top of that some communications must follow a given route but other s= hould be able to work in the actual IP network where they are. In this scen= ario the network design (ie network ranges, nat, routing tables, ip tables,= vpn, etc) have too many moving parts.

Since the m= ajority of my integrations falls into two categories: Webservices (HTTP/RES= T/SOAP etc) and File Transfers (FTP, SFTP, FTPS). Those are all very well h= andled by proxies battled tested over years in high demanding scenarios and= it's easier to setup in accordance with my integrations endpoint netwo= rk requirements without actually incurring in a complex network design on m= y side.

Caching is not a requirement, in fact it w= ill hardly be used. But I need to have good management support, ability to = growth in cluster modes and some other facilities where ATS (at a first gla= nce) seems better than squid, which is why I'm giving ATS a shot. The P= roxy does need to know nor handle anything specific to support my applicati= ons, it just need to do it's job. Everything else is on my application = side =3D)

Regards,

Em qua, 20 de fev de= 2019 =C3=A0s 00:28, Igor Cicimov <igorc@encompasscorporation.com> escre= veu:
Eric,

On Wed= , 20 Feb 2019 6:56 am Eric Chaves <eric@uolet.com wrote:
Nice! Thank you for answering!
Em = ter, 19 de fev de 2019 =C3=A0s 17:57, Jeremy Payne <jp557198@gmail.com> escreveu:
i've configured putty to send traffic through ATS, same should work fo= r FTP.
your FTP client will just have to support using a HTTP proxy.

On Tue, Feb 19, 2019 at 2:47 PM Eric Chaves <eric@uolet.com> wrote: >
> Hi Jeremy, thanks replying. I'm still working to=C2=A0 have a basi= c version working on my AWS infrastructure (I'm having a hard time to w= ork my way around the logs, I confess) so I wasn't able to test much ye= t. =3D)
>
> Your point on manually setting the proxy on the my application's i= s correct and are expected.
>
> Would you be able to confirm if the ATS knows how to handle the FTP pr= otocol, or is it HTTP "aware" only?
>
> Cheers,
>
> Em ter, 19 de fev de 2019 =C3=A0s 17:32, Jeremy Payne <jp557198@gma= il.com> escreveu:
>>
>> CONNECT method should work here.. Have you tried that ?
>> Of course you'll have to explicitly set a proxy at the client = end.
>>
>>
>> On Tue, Feb 19, 2019 at 12:46 PM Eric Chaves <eric@uolet.com>= ; wrote:
>> >
>> > Hi Folks,
>> >
>> > I'm new to traffic-server and I'd like to evaluate it= to be used as a non-cache forward proxy between my application servers and= some 3rd partners servers. My applications server are dynamically allocate= d (AWS EC2 auto-scaled) but my partners services require us to reach them w= ith a single IP addres, hence the idea of using ATS.
>> >
>> > In my scenario one important feature is the ability to handle= other protcolos other than HTTP/S like FTP/S (and not required but desired= SFTP).
>> >
>> > I've scouted the ATS docs but didn't found any specif= ic reference for those other protocols.
>> >
>> > If possible I would like to hear from more experienced users = if ATS is a good choice for this use case and if can handle other protocols= than HTTP.
>> >
>> > Thanks in advance for any help,
>> >
>> > Eric

<= /div>
Just out of curiosity, why ats? Why not someth= ing simpler, squid or socat or even iptables on an ec2 instance will do the= job as tcp proxy? Is it caching the requirement? Also how good is ats in s= upporting dynamic backends like constantly changing ec2 instances? Is it so= mething custom made taking care of it?


--

Igor Cicimov =C2=A0| Senior DevOps Engineer

t =C2=A0+61 (1) 300-362-667

e =C2=A0igorc@encompasscorporation.com

w www.encompasscorporation.com

a =C2=A0Level 4, 65 York Street, Sydney, NSW, Australia 2000

=C2=A0

follow encompass

Blogs =C2=A0| LinkedIn<= /a> =C2=A0| Twitter

--0000000000008ff5100582ece8b5--