[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [SAGE] Limiting outbound connections with a reverse proxy?

To: "Marco Marongiu" <brontolinux@xxxxxxxxx>
Subject: Re: [SAGE] Limiting outbound connections with a reverse proxy?
From: "Danny Howard" <dannyman@xxxxxxxxxx>
Date: Wed, 2 Jan 2008 11:59:51 -0800
Cc: "Brad Knowles" <brad@xxxxxxxxxxxxxxxxx>, "SAGE mailing list" <sage-members@xxxxxxxx>
In-reply-to: <477BE0B7.9040500@xxxxxxxxx>
References: <477B6A11.1030700@xxxxxxxxx> <p06240800c3a17070a90f@xxxxxxxxxxxxx> <477BE0B7.9040500@xxxxxxxxx>
Sender: owner-sage-members@xxxxxxxxxx

On 1/2/08, Marco Marongiu <brontolinux@xxxxxxxxx> wrote:
[ . . . ]
> We are talking of a web service (SOAP) sitting on a Solaris host, and a
> consumer running on Linux.
>
> Therefore, iptables could be an option on the source machine, but on the
> target it wouldn´t. Nor ipfw would be on both.
[ . . . ]
> Actually it´s not performance what we are looking for at the moment:
> it´s to feed the web service with nothing more that it can handle, that
> is: 10 connections per second at maximum.
>
> Therefore, the proxy (or whatever it will be) needs to accept N
> connections per second, and dispatch them at a maximum rate of 10
> conn/sec, enqueing the exceeding ones until they can be dispatched,
> possibly using a FIFO policy.
[ . . . ]
> What we want to limit are the
> outbound connections from the proxy to the service, and enqueue the
> exceeding ones. Returning a `connection refused´ error would disrupt the
> service.

Marco,

It doesn't sound like any of the conventional tools are going to work
for you; this really is a dev / vendor issue and you really want to
push back on them.

That said, what you are describing is basically a web application
server gateway doohickey.  I'd maybe look into Apache using mod_proxy
and see if there's some module that can buffer HTTP requests, and then
feed them to the proxy back-end.

I'm not sure of Pound's capabilities: I heard of one shop that put
Pound in front of lighthttpd in order to manage the incoming requests.
 If it looks like Pound can only do it going outbound, I'd suggest
thinking "reverse proxy" and simply think backwards to see if that
gets you there.

You may also be able to quickly hack up a connection-queueing proxy
yourself in Python using what seems to be a wide variety of web
programming frameworks.  I don't know enough to advise you in that
direction, except that if you did end up "writing a custom proxy" then
your employers definitely need to give you a bonus, and or the nicer
office.  Good luck!!

Cheers,
-danny

-- 
http://dannyman.toldme.com

References:
- [SAGE] Limiting outbound connections with a reverse proxy?
  - From: Marco Marongiu
- Re: [SAGE] Limiting outbound connections with a reverse proxy?
  - From: Marco Marongiu

Prev by Date: RE: [SAGE] Change control and patching for Linux
Next by Date: Re: [SAGE] choosing the proper max SMTP message size
Previous by thread: Re: [SAGE] Limiting outbound connections with a reverse proxy?
Next by thread: Re: [SAGE] Limiting outbound connections with a reverse proxy?
Index(es):
- Date
- Thread