<p dir="ltr">Was not sure if bugzilla was used for mailing list issues. If you would like me to open one, I will but it looks like the list is working again.</p>
<div class="gmail_quote">On Mar 24, 2015 2:25 PM, "Brendan Kearney" <<a href="mailto:bpk678@gmail.com">bpk678@gmail.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On Tue, 2015-03-24 at 10:18 -0400, Brendan Kearney wrote:<br>
> while load balancing is not a requirement in a proxy environment, it<br>
> does afford a great deal of functionality, scaling and fault tolerance<br>
> in one. several if not many on this list probably employ them for their<br>
> proxies and likely other technologies, but they are not all created<br>
> equal.<br>
><br>
> i recently looked to see if a specific feature was in HAProxy. i was<br>
> looking to see if HAProxy could reply to a new connection with a RST<br>
> packet if no pool member was available.<br>
><br>
> the idea behind this is, if all of the proxies are not passing the<br>
> service check and are marked down by the load balancer, the reply of a<br>
> RST in the TCP handshake (i.e. SYN -> RST, not SYN -> SYN/ACK -> ACK)<br>
> tells the browser to failover to the next proxy assigned by the PAC<br>
> file.<br>
><br>
> where i work, we have this configuration working. the load balancers<br>
> are configured with the option to send a reset when no proxy is<br>
> available in the pool. the PAC file assigns all 4 of the proxy VIPs in<br>
> a specific order based on which proxy VIP is assigned as the primary.<br>
> In every case, if the primary VIP does not have an available pool<br>
> member, the browser fails over to the next in the list. failover would<br>
> happen again, if the secondary VIP replies with a RST during the<br>
> connection establishing. the process repeats until a TCP connection<br>
> establishes or all proxies assigned have been exhausted. the browser<br>
> will use the proxy VIP that it successfully connects to, for the<br>
> duration of the session. once the browser is closed and reopened, the<br>
> evaluation of the PAC file occurs again, and the process starts anew.<br>
> plug-ins such as Proxy Selector are the exception to this, and can be<br>
> used to reevaluate a PAC file by selecting it for use.<br>
><br>
> we have used this configuration several times, when we found an ISP link<br>
> was flapping or some other issue more global in nature than just the<br>
> proxies was affecting our egress and internet access. i can attest to<br>
> the solution as working and elegantly handling site wide failures.<br>
><br>
> being that the solutions where i work are proprietary commercial<br>
> products, i wanted to find an open source product that does this. i<br>
> have been a long time user of HAProxy, and have recommended it for<br>
> others here, but sadly they cannot perform this function. per their<br>
> mailing list, they use the network stack of the OS for connection<br>
> establishment and cannot cause a RST to be sent to the client during a<br>
> TCP handshake if no pool member is available.<br>
><br>
> they suggested an external helper that manipulates IPTables rules based<br>
> on a pool member being available. they do not feel that a feature like<br>
> this belongs in a layer 4/7 reverse proxy application.<br>
><br>
> my search for a load balancer solution went through ipvsadm, balance and<br>
> haproxy before i selected haproxy. haproxy was more feature rich than<br>
> balance, and easier to implement than ipvsadm. do any other list<br>
> members have a need for such a feature from their load balancers? do<br>
> any other list members have site failover solutions that have been<br>
> tested or used and would consider sharing their design and/or pain<br>
> points? i am not looking for secret sauce or confidential info, but<br>
> more high level architecture decisions and such.<br>
><br>
<br>
trying to send this again, as it was rejected previously.<br>
<br>
</blockquote></div>