You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2005/05/23 18:28:57 UTC
DO NOT REPLY [Bug 35025] New: -
Keep alive in proxy_http.c is buggy
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35025>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=35025
Summary: Keep alive in proxy_http.c is buggy
Product: Apache httpd-2.0
Version: 2.0.54
Platform: Other
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: mod_proxy
AssignedTo: bugs@httpd.apache.org
ReportedBy: lavr@ncbi.nlm.nih.gov
Using domain name-only comparison (versus combined name/IP) in
proxy_http.c results in blind reuse of kept-alive backend connection
in a situation when name->IP mapping has changed, and
the old mapping (IP) is not any longer valid.
Imagine the following scenario: Apache server is configured with ProxyPass'es,
and each proxypass is using a high-availability name. Thus, name->ip mapping
is not necessarily constant over several passes of
ap_proxy_http_create_connection()
calls. The code may have reused the kept-alive backend connection only if both
name and IP match.
DNS specifically mentiones that using "name -> multiple IP mappings" can
be employed in a high availability clusters, and can be extremely volatile,
depending on the load of the cluster elements (hosts).
The code of proxy_http.c suggests that there were some ideas about this
issue but they stay unimplemented:
/* We have determined who to connect to. Now make the connection, supporting
* a KeepAlive connection.
*/
/* get all the possible IP addresses for the destname and loop through them
* until we get a successful connection
In a scenario, when a kept-alive connection is reused with a backend that has
left the DNS name group, results in either a dead-end route (the older IP may
not be responsive due to its load), or create a significant load skew as it is
diverting more and more load on hosts "latched" as kept-alive backends,
without even trying to employ other hosts that may be well-available around.
This situation is, I agree, very specific, but should be, nevertheless,
addressed with an utmost care. Here at NCBI we use high-availability model
and are unable to fully use proxy module keep-alive capability due to
the issue described.
Thanks for considering this!
Anton Lavrentiev
for the group of C++ toolkit developers at NCBI (cpp-core)
P.S. The piece of code to blame for the problem in at lines 262-269:
of modules/proxy/proxy_http.c:
if (backend->connection) {
client_socket = ap_get_module_config(backend->connection->conn_config,
&core_module);
if ((backend->connection->id == c->id) &&
(backend->port == p_conn->port) &&
(backend->hostname) &&
(!apr_strnatcasecmp(backend->hostname, p_conn->name)))
{ /// <---- THIS IS NOT SUFFICIENT TO DECIDE WHETHER THE ADDRESS
MATCHES!!!
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, r->server,
"proxy: keepalive address match (keep original
socket)");
--
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org