You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Jens Schleusener <Je...@t-systems-sfr.com> on 2006/09/04 16:59:44 UTC
[users@httpd] Apache reverse proxy in front of a Windows NLB cluster
Hi,
we try to implement an Apache Linux server as a reverse proxy for
different kinds of backend web servers to achieve a homogeneous web space.
One of the backend servers is an Microsoft IIS server with an NLB (Network
Load Balancing) Cluster of two systems. On that IIS server runs a CMS
system that requires Load Balancing Affinity. That all works well but the
problem is that the NLB service sees always the same IP address (that of
the Apache reverse proxy) so only one of the two real servers got the
load.
So I tried to assign the hostname of the reverse proxy two IP-addresses
and assign to the only single physical network-interface that two
IP-adresses. In a first test I set up two IP-based virtual servers hoping
that round robin DNS resolution would lead to a nearly equally workload of
the so realized two reverse proxy servers. That seems to work well in the
first simple tests but unfortunately the outgoing requests to the backend
servers (via a "RewriteRule" using the "P" flag) always contain the
IP-address of the "main" (the first assigned) IP-adress and not the two
required IP-adresses to make the NLB probably "happier".
So another very raw idea of using (instead of the non-perfect DNS round
robin approach) two further internal reverse proxy servers with different
IP addresses and splitting the traffic conditionally via a "SetEnvIf
Remote_Addr ..." directive seems superfluous.
Any ideas to handle this situation (second network-interface, iptables,
additional server hardware or ...) ?
I hope my question isn't too off-topic.
Greetings
Jens
--
Dr. Jens Schleusener T-Systems Solutions for Research GmbH
Tel: +49 551 709-2493 Bunsenstr.10
Fax: +49 551 709-2169 D-37073 Goettingen
Jens.Schleusener@t-systems.com http://www.t-systems.com/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache reverse proxy in front of a Windows NLB
cluster
Posted by Jens Schleusener <Je...@t-systems-sfr.com>.
Hi,
On Mon, 4 Sep 2006, Nick Kew wrote:
> On Monday 04 September 2006 15:59, Jens Schleusener wrote:
>
> > Any ideas to handle this situation (second network-interface, iptables,
> > additional server hardware or ...) ?
>
> Erm, I may be missing your point, but why not just do the balancing
> in the proxy itself?
Since the IIS server respectively the CMS system runs on a NLB (Network
Load Balancing) Cluster and the CMS requires "affinity" meaning - as I
understand - that a client must send its request always to the same
cluster member for preserving session state ... and since the NLB system
is "given" and at least not directly under my control.
If we do the balancing in the proxy itself we must break up the NLB
cluster in order to can use two single servers and the requested
"affinity" functionality must be done by the Apache reverse proxy. Ok?
But how?
1) Something for e.g. like
RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^[0-9]\. [OR]
RewriteCond %{REMOTE_ADDR} ^[0-9][0-9]\.
RewriteRule ^(.*)$ http://1.2.3.4$1 [P,L]
RewriteRule ^(.*)$ http://1.2.3.5$1 [P,L]
(hopefully correct syntax, should arbitrarily send requests from subnets
0.0.0.0/8 til 99.0.0.0/8 to one backend and from all others to the second
one) may perhaps work but didn't have the probably existing "failover"
functionality of the NLB (or we must fo e.g. check the backends and adapt
the Apache configuration accordingly).
2) Ok, why not let do the work the Apache (2.2.x) "proxy_balancer"-module
and use a backend URL starting with the "balancer"-scheme? Since I til yet
didn't find out how to realize the described "affinity".
I found in the current context two interesting parameters ("route" and
"stickysession") but I don't know how to apply them correctly and how they
will work exactly. May be the Apache reverse proxy will add an additional
cookie to store the information which backend server was used for the
current "session" and use that cookie to serve further requests?
Would that be realized by roughly the following configuration?
ProxyPass / balancer://iis stickysession=iis_sessionid nofailover=On
<Proxy balancer://iis>
BalancerMember http://1.2.3.4:80 route=1
BalancerMember http://1.2.3.5:80 route=2
</Proxy>
Additionally the mapping rules of our reverse proxy are a little bit complex
so we use "mod_rewrite" and many "RewriteRule"s but in the documentation
I didn't find that the "mod_rewrite" module allows the "balancer"-scheme
so we had probaly to use <Location> or <LocationMatch> sections?
Sorry, I am a balancer newbie, so any corrections, hints or even examples?
Greetings
Jens
--
Dr. Jens Schleusener T-Systems Solutions for Research GmbH
Tel: +49 551 709-2493 Bunsenstr.10
Fax: +49 551 709-2169 D-37073 Goettingen
Jens.Schleusener@t-systems.com http://www.t-systems.com/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache reverse proxy in front of a Windows NLB cluster
Posted by Nick Kew <ni...@webthing.com>.
On Monday 04 September 2006 15:59, Jens Schleusener wrote:
> Any ideas to handle this situation (second network-interface, iptables,
> additional server hardware or ...) ?
Erm, I may be missing your point, but why not just do the balancing
in the proxy itself?
--
Nick Kew
Application Development with Apache - the Apache Modules Book
http://www.prenhallprofessional.com/title/0132409674
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org