Hi,
I am using Pound for 4 years to balance my tomcat instances and
zope instances without any problem.
Three months ago I needed to enable the iptables(statefull
mode) firewall in my hosts.
After that, pound started to randomly consider my backends as
dead in a frequent rate (10 times a day - more or less).
Obviously It was causing my clients to loose session as the
backend was suddenly declared dead and there was no session replication between
my
Application servers (tomcat case, not zope case).
I have realized that there are other pound operators with the
same problem.
The problem is : pound were not being able to do the tcp check
in the backend as was expected.
And the reason was the iptables firewall(statefull mode).
Between the balancer element and the backends I use no firewall
any more. And the problem is gone. Completely.
I prefer to define a perimeter and put the firewall around the
cluster and not inside the cluster in a per-host configuration.
A test will be done with the iptables firewall again (per-host
configuration) in the STATELESS mode.
It is very different from the statefull mode.
I will report soon the results of this test.
Regards,
Roberto.
