From owner-freebsd-stable@freebsd.org Wed Jan 16 15:10:36 2019 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D1464148B84C for ; Wed, 16 Jan 2019 15:10:36 +0000 (UTC) (envelope-from mark@exonetric.com) Received: from relay.exonetric.net (relay0.exonetric.net [178.250.72.161]) by mx1.freebsd.org (Postfix) with ESMTP id 1FF1B717A4 for ; Wed, 16 Jan 2019 15:10:35 +0000 (UTC) (envelope-from mark@exonetric.com) Received: from [10.217.47.43] (unknown [109.144.222.71]) by relay.exonetric.net (Postfix) with ESMTPSA id 0C7C22BD5D; Wed, 16 Jan 2019 15:10:29 +0000 (GMT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: Any suggestions for a layer 3 load ablancer for 12, as relayd doesnt work anymore From: Mark Blackman X-Mailer: iPad Mail (16C50) In-Reply-To: Date: Wed, 16 Jan 2019 15:10:26 +0000 Cc: freebsd-stable@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <2CAF8A7F-41F2-44BC-B029-C64E22F0FA7D@exonetric.com> References: <1547491459.1113392.1634330440.3BE6B9CF@webmail.messagingengine.com> <3CD6B22B-B35C-4B9C-BDBA-D2E928435F91@exonetric.com> To: Pete French X-Rspamd-Queue-Id: 1FF1B717A4 X-Spamd-Bar: ++++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [4.11 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; NEURAL_SPAM_SHORT(0.43)[0.430,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[exonetric.com]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(0.97)[0.966,0]; TO_MATCH_ENVRCPT_SOME(0.00)[]; MX_GOOD(-0.01)[exonetric.com.in.heluna.com,exonetric.com.in.heluna.com,exonetric.com.in.heluna.com]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(0.97)[0.974,0]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:12290, ipnet:178.250.72.0/21, country:GB]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.25)[ipnet: 178.250.72.0/21(1.06), asn: 12290(0.29), country: GB(-0.09)]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Jan 2019 15:10:37 -0000 > On 15 Jan 2019, at 14:43, Pete French wrote: >=20 >=20 >=20 > On 15/01/2019 10:24, Mark Blackman wrote: >>> On 14 Jan 2019, at 18:44, Dave Cottlehuber wrote: >>> haproxy does proper failover and allows custom health checks either via >>> URL or real world traffic of external scripts. Traefik has lots of >>> container oriented features. >>> Dave >> There=E2=80=99s also the very venerable (hence reliable) HTTP proxy/load b= alancer, Apache Traffic Manager, https://trafficserver.apache.org >=20 > Thanks for the suggestions - unfortunately both of those (unless I > misread them) terminate the TCP connection and make a new one to > the backends. I was after something where I can see the original IP > address on the socket. Though I could put a procy in front and add > the headers I suppse, but thats a biut more work as it involves changing > the code. >=20 > Interested in the apache traffic manager - I hadnt come across that > one before, tahnks, These days, most =E2=80=9Cproper=E2=80=9D application designs have a layer i= n front of the application that handles all of the traffic management consid= erations and deliberately takes away direct connectivity from the client to t= he application, inserting the original client IP address into the request he= aders as just more metadata associated with the request. Things like Zuul, H= AProxy, Apache, Nginx, Traffic Manager, Traefik and all the others are meant= to handle the nitty gritty of the connection between the client and your ap= plication, passing on only trusted,normalised requests to the underlying app= lication.=20=