On 21/08/09 7:55 PM, Aristedes Maniatis wrote:
Ah, thanks Chris. Is this something planned for the near future (6-9
months)? We aren't in a hurry, and any alternative solution is going to
cost us >$5,000 for some appliance (in HA redundant mode). I'd rather
fund a good cause (like you guys) with those dollars, but it seems like
several pieces would be needed:
1. HA failover (pfSense already has that)
2. load balancing (pfSense already has that as round robin but not
balancing response times)
3. layer 7 (HTTP/HTTPS) awareness of cookies to maintain application
stickiness
4. SSL offloading (I suspect that 3 requires this since the cookie is
inside the HTTPS payload)
5. HTTP dead host detection (as opposed to a simple ping)
Does that sound about right? Do you have a clear idea of how much work
is involved in all this?
I've since discovered that our application server doesn't need sessions to be bound
to a particular httpd front-end. So 3 & 4 are not actually required (although
SSL offloading would be convenient simply to reduce the number of IP addresses we
have to configure on each web server).
That leaves 5. How flexible is pfSense's dead host detection? Instead of a ping
check can we substitute an arbitrary http check (at a minimum to check for a
200 response, but ideally we want to perform a regex check to find specific
content on a page)? Or alternatively since we already have nagios performing
these checks can we use that to notify pfsense to perform a failover?
Cheers
Ari Maniatis
-------------------------->
ish
http://www.ish.com.au
Level 1, 30 Wilson Street Newtown 2042 Australia
phone +61 2 9550 5001 fax +61 2 9550 4001
GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A
---------------------------------------------------------------------
To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com
For additional commands, e-mail: discussion-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
