Presentation is loading. Please wait.

Presentation is loading. Please wait.

The mod_proxy_balancer Cookbook A module overview with practical solutions to common problems Daniel Ruggeri.

Published byArthur Randall Modified over 8 years ago

Similar presentations

Presentation on theme: "The mod_proxy_balancer Cookbook A module overview with practical solutions to common problems Daniel Ruggeri."— Presentation transcript:

1 The mod_proxy_balancer Cookbook A module overview with practical solutions to common problems Daniel Ruggeri

2 Introduction About Daniel Ruggeri –DRuggeri primary.net Standard Disclaimer –I'm speaking personally and not on behalf of my employer. The examples and comments are my personal opinions and should not be considered the official practices or positions of MasterCard.

3 Introduction Title is a misnomer –Not just mod_proxy –Application dependencies Warning – eye charts ahead! –Examples may be hard to read –Included for completeness Download this presentation!

4 Features of Load Balancers Load balancing Session stickiness Connection pooling Failover Health checking Dynamic modification of members Cache/compress/shape traffic TCP and SSL offload Attack mitigation

5 How HTTPD Stacks Up

6 Load Distribution byrequests –Perform balancing based solely on requests served. bytraffic –Perform balancing by byte count (in response body) served. bybusyness –Perform balancing based on how many pending requests exist for a backend.

7 Load Distribution Asymmetric distribution –loadfactor option for BalancerMember higher number == higher load. –+H option for hot-standby Disables worker until others are unavailable. Don’t forget lbset. –Selective proxying using ! and ordering Do not proxy certain requests or choose a different backend.

8 Example: weighting BalancerMember http://1.2.3.4:8009 loadfactor=2 BalancerMember http://1.2.3.5:8009 smax=10 loadfactor=2 #Less powerful server, don't send as many requests there BalancerMember http://1.2.3.6:8009 smax=1 loadfactor=1 ProxyPass / balancer://mycluster/ stickysession=JSESSIONID

9 Example: hot standby BalancerMember http://1.2.3.4:8009 BalancerMember http://1.2.3.5:8009 #Hot standby BalancerMember http://1.2.3.6:8009 status=+H ProxySet lbmethod=bytraffic ProxyPass / balancer://hotcluster/

10 Example: selective proxying BalancerMember http://1.2.3.4:8009 BalancerMember http://1.2.3.5:8009 BalancerMember http://9.8.7.6:8080 BalancerMember http://9.8.7.5:8080 ProxyPass /static/ ! ProxyPass /applicationA/ balancer://AppCluster1/ ProxyPass /applicationB/ balancer://AppCluster2/ ProxyPass / balancer://hotcluster/

11 Session Stickiness Built-in (as designed) –mod_proxy_balancer includes facilities to do this. –Not always compatible or easy. Roll your own –Use the built-in functions but tweak to your liking. Route parameter comes into play

12 A Sticky Matter Many different formats for session identifiers based on backend. –Cookies, URLs, formats, etc Built-in is not 100% compatible. –Requires dot or semicolon as a delimiter

13 Example: universal sticky LoadModule headers_module modules/mod_headers.so BalancerMember http://1.2.3.4:8009 route=mercury BalancerMember http://1.2.3.5:8009 route=venus ProxySet stickysession=DanielsApp_STICKY Header add Set-Cookie "DanielsApp_STICKY=sticky.%{BALANCER_WORKER_R OUTE}e;path=/;" env=BALANCER_ROUTE_CHANGED ProxyPass /daniel/ balancer://DanielCluster/daniel/

14 Connection Pooling Parameters –min hard minimum –max hard maximum –smax soft maximum –ttl time allowed above smax Other parameters come into play Complications…

15 Example: connection pooling BalancerMember http://1.2.3.4:8009 min=5 smax=7 max=10 ttl=10 BalancerMember http://1.2.3.5:8009 min=5 smax=7 max=10 ttl=10 ProxyPass / balancer://myCluster/

16 Failover/Health Check Yes, it does… but…. –Failover capability for connection only Connection errors fail over to next backend seamlessly. SSL errors go back to user (are not taken out of service). Hung backend errors go back to user (are not taken out of service). –2.2.17 has some light intelligence added

17 Failover/Health Check No heath check capability –Requires real, live traffic –In the future… Lots of discussion on dev@ list –Something in 2.4? You must come up with a way to work around it

18 Failover - Mitigating Controls connectiontimeout –Sets the number of seconds to wait for a TCP connection. ProxyTimeout –Sticks and stones – fail fast (but not a real failure). Monitoring –Create external monitoring to force traffic through HTTPD.

19 Dynamic Modification BalancerManager is currently the only method to modify members. Limited set of parameters –Balancer sticky identifier, timeout, failover, lbmethod –Worker loadfactor, lbset, route, redirect Be safe out there

20 BalancerManager

21 Cache/Compress/Shape Caching via mod_cache –Too much to cover here. Compress via mod_deflate Shape via… –mod_headers, mod_rewrite, mod_substitute, mod_env/mod_setenvif, mod_expires, mod_*filter The sky is the limit!

22 Example: traffic shaping … ProxyPass /app balancer://myCluster/appl ProxyPassReverse /app balancer://myCluster/app AddOutputFilterByType SUBSTITUTE text/html Substitute "s|http://127.0.0.1:7004|http://mypage|n" RequestHeader set environment production AddOutputFilterByType DEFLATE text/html text/xml

23 TCP/SSL offload Funnel into the pipeline –Many requests one backend connection –keepalive is a beautiful thing SSL benefits as well –HTTPS to HTTPD –Can run HTTP or HTTPS to backend Either will be more efficient!

24 Attack Mitigation Security modules Separation –Tiered approach –Standards enforcement Filtering/Blocking/Restricting –Allow from certain hosts –Authn/Authz modules

25 Questions/Scenarios?

Download ppt "The mod_proxy_balancer Cookbook A module overview with practical solutions to common problems Daniel Ruggeri."

Similar presentations

Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.

Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.
Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.

Internet Information Server 6.0. IIS 6.0 Enhancements  Fundamental changes, aimed at: Reliability & Availability Reliability & Availability Performance.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Apache Performance Tuning Part 2: Scaling Out Sander Temme.

Apache Performance Tuning Part 2: Scaling Out Sander Temme.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Clustering and load balancing with Apache 2.2 mod_proxy

Clustering and load balancing with Apache 2.2 mod_proxy
Apache Performance Tuning Part 2: Scaling Out Sander Temme.

Apache Performance Tuning Part 2: Scaling Out Sander Temme.
Scalability and planning for growth 1WUCM1. Content management issues Structural – Naming (e.g. file, URL) policy – File and directory naming needs: invent/design/borrow.

Scalability and planning for growth 1WUCM1. Content management issues Structural – Naming (e.g. file, URL) policy – File and directory naming needs: invent/design/borrow.
Analysis and Performance Information Systems 337 Prof. Harry Plantinga.

Analysis and Performance Information Systems 337 Prof. Harry Plantinga.
Computer Networks Transport Layer. Topics F Introduction  F Connection Issues F TCP.

Computer Networks Transport Layer. Topics F Introduction  F Connection Issues F TCP.
© 2014 ScaleArc. All Rights Reserved. 1 Creating an Agile Data Environment for Apps in the Cloud Summer 2014.

© 2014 ScaleArc. All Rights Reserved. 1 Creating an Agile Data Environment for Apps in the Cloud Summer 2014.
CLUSTER WEBLOGIC SERVER. 1.Creating clusters and understanding its concept GETTING STARTED.

CLUSTER WEBLOGIC SERVER. 1.Creating clusters and understanding its concept GETTING STARTED.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Fronting Tomcat with Apache Httpd Mladen Turk Red Hat, Inc.

Fronting Tomcat with Apache Httpd Mladen Turk Red Hat, Inc.
On the Use and Performance of Content Distribution Networks Balachander Krishnamurthy Craig Wills Yin Zhang Presenter: Wei Zhang CSE Department of Lehigh.

On the Use and Performance of Content Distribution Networks Balachander Krishnamurthy Craig Wills Yin Zhang Presenter: Wei Zhang CSE Department of Lehigh.
Additional SugarCRM details for complete, functional, and portable deployment.

Additional SugarCRM details for complete, functional, and portable deployment.
CIS679: RTP and RTCP r Review of Last Lecture r Streaming from Web Server r RTP and RTCP.

CIS679: RTP and RTCP r Review of Last Lecture r Streaming from Web Server r RTP and RTCP.
Basics of the HTTP Protocol and Apache Web Server Brandon Checketts.

Basics of the HTTP Protocol and Apache Web Server Brandon Checketts.
Server Load Balancing. Introduction Why is load balancing of servers needed? If there is only one web server responding to all the incoming HTTP requests.

Server Load Balancing. Introduction Why is load balancing of servers needed? If there is only one web server responding to all the incoming HTTP requests.
Lighttpd & Modcache 2009/06/28. Basic lighttpd info Event-driven, single process Event-driven, single process Uses non-block io (network) + writev (memory)

Lighttpd & Modcache 2009/06/28. Basic lighttpd info Event-driven, single process Event-driven, single process Uses non-block io (network) + writev (memory)

Similar presentations

Ads by Google