Presentation is loading. Please wait.

Presentation is loading. Please wait.

ELFms meeting, 2/3/04 German Cancio, 2/3/04 Proxy servers in CERN-CC.

Published byGabriel Hamilton Modified over 8 years ago

Similar presentations

Presentation on theme: "ELFms meeting, 2/3/04 German Cancio, 2/3/04 Proxy servers in CERN-CC."— Presentation transcript:

1 German.Cancio@cern.chGerman.Cancio@cern.ch ELFms meeting, 2/3/04 German Cancio, 2/3/04 Proxy servers in CERN-CC

2 German.Cancio@cern.chGerman.Cancio@cern.ch ELFms meeting - n° 2 The problem u Service availability on all (quattor managed) CC nodes n Base installation (Anaconda server->client) n Software packages (SWRep->SPMA) n CDB configuration profiles (CDB->CCM/NCM) n User/password information (Regis server->client) u How to offer a reliable, redundant and load balanced access

3 German.Cancio@cern.chGerman.Cancio@cern.ch ELFms meeting - n° 3 Current deployment architecture LXSERV linuxsoft/AIMS DNS-load balanced HTTP DNS load balanced NFS/(HTTP) M M M’ HHH rsync mirror backend frontend

4 German.Cancio@cern.chGerman.Cancio@cern.ch ELFms meeting - n° 4 Problems with current solution u Scalability is limited n Bottlenecks eg. network and switches u Efficiency n Server->server: All contents need to be replicated (disk size, speed) n Server->client: Multiplication of identical transfers u Reliability n Low ratio server/clients (few servers need to cope with 1000’s of clients) n Requires smart and quick load balancing in case a server becomes unavailable (not always there – eg. swrep.cern.ch round robin)

5 German.Cancio@cern.chGerman.Cancio@cern.ch ELFms meeting - n° 5 Proxies u Proxy caching: concepts n Proxy: Intermediary between client/server interactions n Caching proxy: Acts as a transparent store for server objects u Caching proxy types n Transparent: client is completely unaware of proxy (same service endpoints). Requires IP routing modifications (eg. ipchains or switches reconfig) n Forward (or ‘cient-side’): client makes server requests via specified proxy server. Caching typically done on (or near to) the client, to reduce outgoing connections n Reverse (or ‘server-side’): client application talks to front-end server(s), which forwards requests to back-end server(s). u Reverse proxy easiest to set up, as only requires client reconfiguration

6 German.Cancio@cern.chGerman.Cancio@cern.ch ELFms meeting - n° 6 Proxies (II) u Proxy hierarchies n Possible to have chains of proxies, which can be of different type u Protocol types n Protocols eg. HTTP(S), FTP used within stateless services u Proxy implementations: n Apache (via plug-in modules (mod_proxy/mod_rewrite/mod_expire) n Squid u Apache used for tests n + standard, and reliable n clear and flexible configuration n no functionality duplication (can be used as proxy and non-proxy)

7 German.Cancio@cern.chGerman.Cancio@cern.ch ELFms meeting - n° 7 Data caching u Invariant objects n Same object ID (file name) -> same contents n No expiry (excepting object deletion). Lifetime = ∞ n Example: Software packages (RPM’s), Linux base install images (in principle…) u Dynamic objects n The same object may change over time n Expiry lifetime can be < ∞, or even 0 n Requires server revalidation check after expiry n Example: CDB XML profiles, passwd files n Cannot be cached: cgi scripts, ASP pages u Objets on a proxy can be forced to expire independently of their remaining lifetime n Useful for regular garbage cleanup (..and unexpected updates) n Can be done per object type or location

8 German.Cancio@cern.chGerman.Cancio@cern.ch ELFms meeting - n° 8 Proxy architecture LXSERV linuxsoft/AIMS DNS-load balanced HTTP DNS load balanced HTTP M M M’ HHH backend frontend

9 German.Cancio@cern.chGerman.Cancio@cern.ch ELFms meeting - n° 9 Proxy support u quattor client/servers are by design reverse proxy compatible n Stateless, no server-based processing or queries, in order to work with any proxy/replication system n Server location is configurable per client u Anaconda (Linux installer) as well (using HTTP installs) n Per-node KS file contains server location u SPMA enhanced support (since v1.9.1): n Multiple proxy servers – uses the first one available, if none it reverts to the original package SW repository locations n Forward proxies (via delegation to syspackager) n Configurable via CDB u Other applications eg. regis client, GPG keypairs compatible as well (check if location is configurable)

10 German.Cancio@cern.chGerman.Cancio@cern.ch ELFms meeting - n° 10 apache configuration u Apache set up as reverse proxy on LXSERV front end and head nodes. u Most important settings: Load and enable mod_proxy ( libproxy.so ) n Enable cache (/var/cache/httpd), size ~ 6GB n Cache garbage collection runs every 4h n Cache max expiry: 24h n Set father server for each proxy directory (/xml,/swrep, /redhat, /regis,..) n Force complete file download in case of partial requests (eg. rpmt/SPMA asking for rpm header information) u LXSERV master (not a proxy server!) n Set expiry type (via mod_expire: ExpiresActive and ExpiresDefault rules) for dynamic objects (/regis, /encrypted/sensitive-files, /xml). Set to ‘now’, but could be fine- tuned u Enhanced verbosity: Add X-Cache header contents into HTTPD log file (cache operations, HIT and MISS) n Enable server-status pagesserver-status u No changes done to linuxsoft (to be discussed with ADC). No merge SWRep+Linuxsoft needed anylonger.

11 German.Cancio@cern.chGerman.Cancio@cern.ch ELFms meeting - n° 11 Current experience u LXSERV front-end nodes: proxy in production since ~ 2w, no problems experienced n Lxserv01, 02, 03 pointing to lxservb01 n SWRep, XML profiles, regis n Rsync disabled: s speedup of 50% on complete CDB recompilation s SWRep nightly upload speedup (negligible) n Lxservb02 not in proxy mode since not everything is backed up on lxservb01 u Head nodes: tests on lxc1m603 n ccconf DNS alias (XML), lxservb01 and lxserv01 (SWRep), linuxsoft (base installation) n Complete reinstallation of test node only using lxc1m603 as proxy n Lxplus001,lxb0001 using lxc1m603 as proxy since 2w u Server interruptions in the proxy chain: n If cached and invariant -> OK n (dynamic AND expired) OR not cached -> proxy error. Not problematic in case of CCM requests, as local cache exists

12 German.Cancio@cern.chGerman.Cancio@cern.ch ELFms meeting - n° 12 Remaining issues, next steps u Making remaining services head-node aware in terms of cfg n Regis n NCM component for CCM configuration n KSGenerator u Apache NCM configuration component u Possible extension: adding failover capabilities to other services than SPMA … Improve SPMA failover procedure (currently using ping ) n Implement SPMA retry u.. or provide DNS aliases to redirect head node requests u Entering client->head node info into CDB, including failovers n Requires head nodes to be known n Will require adapting CDB schema to accommodate other head node info into CDB u Operator alarms and procedures for head nodes n Single-big-point of failure -> many-small-point-of failures n Future extensions, eg. dynamic experiment software distribution

Download ppt "ELFms meeting, 2/3/04 German Cancio, 2/3/04 Proxy servers in CERN-CC."

Similar presentations

Welcome to Middleware Joseph Amrithraj

Welcome to Middleware Joseph Amrithraj
W3C Workshop on Web Services Mark Nottingham

W3C Workshop on Web Services Mark Nottingham
2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.

2.1 Installing the DNS Server Role Overview of the Domain Name System Role Overview of the DNS Namespace DNS Improvements for Windows Server 2008 Considerations.
1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.

1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.
ASIS et le projet EU DataGrid (EDG) Germán Cancio IT/FIO.

ASIS et le projet EU DataGrid (EDG) Germán Cancio IT/FIO.
Module 8: Concepts of a Network Load Balancing Cluster

Module 8: Concepts of a Network Load Balancing Cluster
Logically Centralized, Physically Distributed Mark Stuart Day Cisco Systems.

Logically Centralized, Physically Distributed Mark Stuart Day Cisco Systems.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Scalability and planning for growth 1WUCM1. Content management issues Structural – Naming (e.g. file, URL) policy – File and directory naming needs: invent/design/borrow.

Scalability and planning for growth 1WUCM1. Content management issues Structural – Naming (e.g. file, URL) policy – File and directory naming needs: invent/design/borrow.
Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.

Hands-On Microsoft Windows Server 2003 Networking Chapter 6 Domain Name System.
Current Status of Fabric Management at CERN, 26/7/2004 Current Status of Fabric Management at CERN CHEP 2004 Interlaken, 27/9/2004 CERN IT/FIO: G. Cancio,

Current Status of Fabric Management at CERN, 26/7/2004 Current Status of Fabric Management at CERN CHEP 2004 Interlaken, 27/9/2004 CERN IT/FIO: G. Cancio,
Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.

Implementing ISA Server Caching. Caching Overview ISA Server supports caching as a way to improve the speed of retrieving information from the Internet.
1 Web Content Delivery Reading: Section 9.2.2 and 9.4.3 COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:

1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:
DotSlash: Providing Dynamic Scalability to Web Applications Weibin Zhao and Henning Schulzrinne Department of Computer Science, Columbia University More.

DotSlash: Providing Dynamic Scalability to Web Applications Weibin Zhao and Henning Schulzrinne Department of Computer Science, Columbia University More.
Web Cache. Introduction what is web cache?  Introducing proxy servers at certain points in the network that serve in caching Web documents for faster.

Web Cache. Introduction what is web cache?  Introducing proxy servers at certain points in the network that serve in caching Web documents for faster.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.

Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
CERN DNS Load Balancing Vladimír Bahyl IT-FIO. 26 November 2007WLCG Service Reliability Workshop2 Outline  Problem description and possible solutions.

CERN DNS Load Balancing Vladimír Bahyl IT-FIO. 26 November 2007WLCG Service Reliability Workshop2 Outline  Problem description and possible solutions.
10/02/2004ELFms meeting1 Linux Virtual Server Miroslav Siket FIO-FS.

10/02/2004ELFms meeting1 Linux Virtual Server Miroslav Siket FIO-FS.
1 Content Distribution Networks. 2 Replication Issues Request distribution: how to transparently distribute requests for content among replication servers.

1 Content Distribution Networks. 2 Replication Issues Request distribution: how to transparently distribute requests for content among replication servers.

Similar presentations

Ads by Google