IETF Logo Mail Archive

Re: Re[2]: Some proxy needs

Roberto Peon <grmocg@gmail.com> Tue, 10 April 2012 14:38 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2D5521F8683 for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 10 Apr 2012 07:38:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.39
X-Spam-Level:
X-Spam-Status: No, score=-10.39 tagged_above=-999 required=5 tests=[AWL=0.208, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nePiLEXUinYu for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Tue, 10 Apr 2012 07:38:40 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id 832CD21F8685 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Tue, 10 Apr 2012 07:38:37 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1SHcC3-0007P7-7g for ietf-http-wg-dist@listhub.w3.org; Tue, 10 Apr 2012 14:37:15 +0000
Received: from maggie.w3.org ([128.30.52.39]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <grmocg@gmail.com>) id 1SHcBp-0007OG-VT for ietf-http-wg@listhub.w3.org; Tue, 10 Apr 2012 14:37:02 +0000
Received: from mail-ob0-f171.google.com ([209.85.214.171]) by maggie.w3.org with esmtp (Exim 4.72) (envelope-from <grmocg@gmail.com>) id 1SHcBm-0004km-Dk for ietf-http-wg@w3.org; Tue, 10 Apr 2012 14:37:00 +0000
Received: by obbwd18 with SMTP id wd18so8795596obb.2 for <ietf-http-wg@w3.org>; Tue, 10 Apr 2012 07:36:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=XDuD5iEZRPeCagFojEtnQDuzmq0LRMuuQ0XAFRz1u8Y=; b=K2lEh/8z0wukJLLCP5WR0S1Gk35t3xjsiw8ZmTeCyv6zyoXOpRexp4FsfpnNAfEkVF 6pfnVhoRSjM3OVlqt9XHDaLCKc5yphaWNHL+cxeWm+jP9UPQZfGegnfHMVVw9Tk/RzPV oBWSWUpvZEgA0psogSFjeHvmIL1dYy5zkSPLXkz+FkKJyr67p0Vv4XUOpJjsGWgUrFxb 9p2wphEZuvusseM73iatQ0ZwX1TmpyEPzU50dmJVoGmki8PmNXRDhkMMqpBZ8Z0FCBQq udWJYrtF2PRt3rtdRoE4ijhLwYvs6qJrJ7u8hQiP1T0JL1M9q/4Us/3E3f+foh33c8vO x4Uw==
MIME-Version: 1.0
Received: by 10.182.119.101 with SMTP id kt5mr16442024obb.70.1334068592772; Tue, 10 Apr 2012 07:36:32 -0700 (PDT)
Received: by 10.182.109.102 with HTTP; Tue, 10 Apr 2012 07:36:32 -0700 (PDT)
Received: by 10.182.109.102 with HTTP; Tue, 10 Apr 2012 07:36:32 -0700 (PDT)
In-Reply-To: <CAOXZevDjYxjgOT+HjEOhVrgNzEevgw6kHu-v73f9t_g1tDr94A@mail.gmail.com>
References: <83903.1333917310@critter.freebsd.dk> <0edc27e8599b098be0f9a3bf18a1653f.squirrel@arekh.dyndns.org> <CAOXZevDfCT4Zk=5v=cHhtfsFWYc++en_Y0FL+MCBg1yAASdNyQ@mail.gmail.com> <a2831da7ae0f6b68d3e006009cd44a52.squirrel@arekh.dyndns.org> <CAOXZevCjUMvXa6cdZHpqddF74HAwps1AuU+6tPBo5279ksVQsg@mail.gmail.com> <9b15ace004eef739f35a92b2d88f55c7.squirrel@arekh.dyndns.org> <CAOXZevDjYxjgOT+HjEOhVrgNzEevgw6kHu-v73f9t_g1tDr94A@mail.gmail.com>
Date: Tue, 10 Apr 2012 07:36:32 -0700
Message-ID: <CAP+FsNfEBZvxJY-g-C9ejXgUxTWwhn37EF3Hm9JwnGOeF-=UVw@mail.gmail.com>
From: Roberto Peon <grmocg@gmail.com>
To: Per Buer <perbu@varnish-software.com>
Cc: Nicolas Mailhot <nicolas.mailhot@laposte.net>, HTTP Working Group <ietf-http-wg@w3.org>
Content-Type: multipart/alternative; boundary="f46d0444ee1f94048204bd540c03"
Received-SPF: pass client-ip=209.85.214.171; envelope-from=grmocg@gmail.com; helo=mail-ob0-f171.google.com
X-W3C-Hub-Spam-Status: No, score=-2.7
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001
X-W3C-Scan-Sig: maggie.w3.org 1SHcBm-0004km-Dk 4ddde1c26c6eb6a670b09b1df32a19c3
X-Original-To: ietf-http-wg@w3.org
Subject: Re: Re[2]: Some proxy needs
Archived-At: <http://www.w3.org/mid/CAP+FsNfEBZvxJY-g-C9ejXgUxTWwhn37EF3Hm9JwnGOeF-=UVw@mail.gmail.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/13426
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1SHcC3-0007P7-7g@frink.w3.org>
Resent-Date: Tue, 10 Apr 2012 14:37:15 +0000

On Apr 10, 2012 6:01 AM, "Per Buer" <perbu@varnish-software.com> wrote:
>
> Hi Nicolas, list,
>
> On Tue, Apr 10, 2012 at 12:36 PM, Nicolas Mailhot
> <nicolas.mailhot@laposte.net> wrote:
> >
> > Le Mar 10 avril 2012 11:23, Per Buer a écrit :
> >> Nicholas, list,
> >>
> >> On Tue, Apr 10, 2012 at 8:56 AM, Nicolas Mailhot
> >> <nicolas.mailhot@laposte.net> wrote:
> >>>
> >>>
> >>> > So, if the proxy farm fails to hash incoming requests on source IP
or
> >>> > target URL then this might happen.
> >>>
> >>> That breaks load balancing as soon as your network is big enough, with
> >>> different parts that get active at different points of the day.
> >>
> >> Sorry if I seem to miss the point, but why would it break? Are you
worried
> >> that one point in the farm would get too hot?
> >
> > I'm worried first that the activity distribution changes over time (so a
> > static table does not work), and second that any network-wide state
(such as
> > an hashtable) is a contention point and potential spof.
>
> The load balancers derrive the correct  proxy from the URL through a
> hash algorithm.
> The only state would lie on the number of active proxies. Altering the
> number of proxies
> requires a bit of thinking and you might  want to rehash at some point
> which will of
> course be painful. Sorry if I might state the obvious here but this is
> really quite
> stateless and there is no SPOF here and no contention point. We've
> used this on quite
> large scale with reverse proxies and it works like a charm.

This isn't stateless, and claims that it is are in error. The state is
external to the connection (as you have identified earlier). The fact that
it is external doesn't make it any less important.

You are right that there isn't a SPOF... there are N points of failure
instead, any of which can cause problems.
>
> > Making an individual
> > gateway smarter is simple (scaling the farms is just the matter of
adding new
> > boxes). Making balancing smart and robust when some gateways or even
some
> > physical processing sites can go down at any time is hard.

The above statement is important!
-=R

> >
> > That's why direct browser-to-proxy communication will always be
preferred and
> > more reliable than depending on a magical holistic hashtable balancer.
> > Round-robin is dumb but robust and stateless.
> >
> >>> And anyway even if your solution was possible, you still get unhappy
users
> >>> that serial refresh because they're not seeing initial progress in
their web
> >>> clients
> >>
> >> If the loadbalancer was balancing on target URLs the request would end
up at
> >> the same proxy. The proxy should be smart enough to coalesce the
request
> >> into the ongoing one and this one could feed the user a couple of
bytes so
> >> at the client understands that there is some progress on the download
as
> >> some proxies have done for years.
> >
> > Can't do when inspecting for malware.  (..)
>
> Sure. This has been done for years. It was an absolute necessity when
dealing
> with earlier versions of IE. Feeding it the first 10 bytes of
> something was considered
> safe enough and would keep the browser from timing out. So giving it
> one byte every
> 30 seconds or so would buy us 5 minutes.
>
> I think this is perfectly doable withing the current framework and
without the
> need to add further complexities to the protocol.
>
> --
> Per Buer
>

v2.23.0 | Report a Bug | By Email