Re: Please Need Help ...... :(
Hi Sorry not going to answer the question you asked but have worked on this type of solution many times. The problem is your redirects if a virus gets on the network it will clobber the server as it tries to get outside. All the client MS updates is over HTTP that will clobber it. You need to limit the number of simultaneous connections per client. That is only allow 5 connections to be redirected to the web app in say 30 seconds. Else no matter what horse power you put behind it will always be effected by DoS attacks. I don't think cisco routers are that clever. You can do this the cheap way and get the HTTP_REQUESTER IP stick em in a hashtable with a datestamp. But this is just a patch not a fix. Because it can still be used to clobber the server. I don't work for zeus and have only played with there VMWare stuff but you may wanna try zeus.co.uk and use that to load balance and do URL filtering. It can do fancy stuff with URLs and DNS. F5 is another one. Regards On Mon, 2008-03-24 at 19:00 +0530, karthikn wrote: Hi Thnx for the initial Reply The Life Cycle for the WIFI custom web application for AAA is as follows. 1) User Types www.xyz.com 2) CISCO ROUTER Intercepts this requests and reroutes to a WEB container as http://IP:PORT or http://IP Only for AAA to be processed. [ Note: CISCO Router API's can only redirect any http requests to specific IP / Port and not a web application hosted on the IP as http://IP:PORT/AAAprocess ] 3) AAA processing is done in the WEB container by the application hosted as ROOT ( Replaced original ROOT with custom web application ) by default. 4) Once the AAA is processed, we redirect the user to a new Window of the browser and allow the user to the pge requested for Originally (www.xyz.com). Problem Load on this single TOMCAT is building up the CPU for 100% ,as the subscribers are increasing. Solution We need to bring in the Load Balancer with Multiple TOMCAT /APACHE2.x server. Hence we need multiple TOMCAT with ROOT being able to configure to a APCHE 2X http server. Is this possible ? with regards Karthik - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Please Need Help ...... :(
On Mon, 2008-03-24 at 19:00 +0530, karthikn wrote: Problem Load on this single TOMCAT is building up the CPU for 100% ,as the subscribers are increasing. How many users are we talking about here?! That is a a LOT of users for the 5 or 6 requests before they are authenticated? How many authentications are you doing a second?! Solution We need to bring in the Load Balancer with Multiple TOMCAT /APACHE2.x server. Hence we need multiple TOMCAT with ROOT being able to configure to a APCHE 2X http server. Is this possible ? Yes this is all possible with multiple solutions, but how big is this setup? How many Access Points are being served by 1 server? Or is this a country wide setup. You must be authenticating a lot of users per second - With current hardware you should be able to do about 100 users per second relatively easily - That is 100 users LOGGING on every second - Thats one big access point. Andrew smime.p7s Description: S/MIME cryptographic signature
Re: Please Need Help ...... :(
Hi Thx for the reply We need to Configure TOMCAT 's ROOT to APCHE2.x for Load balancing. Problem Load on this single TOMCAT is building up the CPU for 100% ,as the subscribers are increasing. Solution We need to bring in the Load Balancer with Multiple TOMCAT /APACHE2.x server. Hence we need multiple TOMCAT with ROOT being able to configure to a APCHE 2X http server. Is this possible ? with regards Karthik Oscar Mechanic wrote: Hi Sorry not going to answer the question you asked but have worked on this type of solution many times. The problem is your redirects if a virus gets on the network it will clobber the server as it tries to get outside. All the client MS updates is over HTTP that will clobber it. You need to limit the number of simultaneous connections per client. That is only allow 5 connections to be redirected to the web app in say 30 seconds. Else no matter what horse power you put behind it will always be effected by DoS attacks. I don't think cisco routers are that clever. You can do this the cheap way and get the HTTP_REQUESTER IP stick em in a hashtable with a datestamp. But this is just a patch not a fix. Because it can still be used to clobber the server. I don't work for zeus and have only played with there VMWare stuff but you may wanna try zeus.co.uk and use that to load balance and do URL filtering. It can do fancy stuff with URLs and DNS. F5 is another one. Regards On Mon, 2008-03-24 at 19:00 +0530, karthikn wrote: Hi Thnx for the initial Reply The Life Cycle for the WIFI custom web application for AAA is as follows. 1) User Types www.xyz.com 2) CISCO ROUTER Intercepts this requests and reroutes to a WEB container as http://IP:PORT or http://IP Only for AAA to be processed. [ Note: CISCO Router API's can only redirect any http requests to specific IP / Port and not a web application hosted on the IP as http://IP:PORT/AAAprocess ] 3) AAA processing is done in the WEB container by the application hosted as ROOT ( Replaced original ROOT with custom web application ) by default. 4) Once the AAA is processed, we redirect the user to a new Window of the browser and allow the user to the pge requested for Originally (www.xyz.com). Problem Load on this single TOMCAT is building up the CPU for 100% ,as the subscribers are increasing. Solution We need to bring in the Load Balancer with Multiple TOMCAT /APACHE2.x server. Hence we need multiple TOMCAT with ROOT being able to configure to a APCHE 2X http server. Is this possible ? with regards Karthik - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Please Need Help ...... :(
On Mon, Mar 24, 2008 at 6:30 AM, karthikn [EMAIL PROTECTED] wrote: Solution We need to bring in the Load Balancer with Multiple TOMCAT /APACHE2.x server. Is this possible ? Yes -- http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html HTH, -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Please Need Help ...... :(
On 24/03/2008, at 3:09 PM, karthikn wrote: Hi Thx for the reply We need to Configure TOMCAT 's ROOT to APCHE2.x for Load balancing. mod_proxy_ajp Problem Load on this single TOMCAT is building up the CPU for 100% ,as the subscribers are increasing. Read other mail from me. Solution We need to bring in the Load Balancer with Multiple TOMCAT /APACHE2.x server. If you can't fix the software another way - I guess so. Hence we need multiple TOMCAT with ROOT being able to configure to a APCHE 2X http server. Is this possible ? Yes - mod_proxy_ajp - but I am pretty sure this is NOT what you want to do. Why do you keep insisting on using Apache HTTPD for this? Tomcats HTTP connector is more than capable - and faster than an mod_proxy/ tomcat combination - just use some form of load balancer in front of it. Andrew smime.p7s Description: S/MIME cryptographic signature
Re: Please Need Help ...... :(
On 24/03/2008, at 3:14 PM, karthikn wrote: How many users are we talking about here?! About 500+ users and increasing every month Total users online - ok - not a probelm How many authentications are you doing a second?! Since this is a WIFI / AAA application for Students locally on University campus Per/sec it may be 25 - 30 users on High traffic uses. 30 per second?!@ I could authenticate them by hand that quickly How many Access Points are being served by 1 server? Or is this a country wide setup. This is currently 1 UNIX HP 11 setup with 2 cpu's and this is for a Local University Campus How old is this HP? When you set up the second and third tomcat - will this be on the same machine, or a different machine? If it can't handle 30 req per second and still have time to calculate pi to 1 decimal places then there is something wrong... We would like to use APACHE2.x with multiple TOMCAT (ROOT hosted web application) as configuration Is this Possible This is a recorded message Yes this is possible Andrew smime.p7s Description: S/MIME cryptographic signature