Découvrez la nouvelle collection Printemps-Été : lit, bain, table et accessoires déco !
Alexandre Turpault Collection Printemps - été 2015 Pour être sûr(e) de recevoir toutes nos invitations, ajoutez l'adresse suivante : newslet...@alexandre-turpault.com Si ce message ne s'affiche pas correctement, rendez-vous à cette adresse : http://links.mailingplus.net/newsl_view.php?data=b32-9pt1glrplafhsr7i3g38skgrl3 Pour recevoir nos prochains messages dans un autre format, rendez-vous à cette adresse : http://links.mailingplus.net/mail_profile.php?data=b32-9pt1glrplafhsr7i3g38skgrl3 [1] [2] Imprimé floral, motif géométrique, couleurs lumineuses… Un vent de fraîcheur souffle sur les nouvelles collections ! Je découvre [3] [4] [5] [6] [7] [8] [9] Mon compte Notre savoir faire Si vous souhaitez vous désinscrire, rendez-vous à cette adresse : http://links.mailingplus.net/mail_unsubscribe.php?data=b32-9pt1glrplafhsr7i3g38skgrl3 [10] [11] [12] [13] [14] Liens du document: — [1] http://links.mailingplus.net/goto/b32-9pt1glrplafht93ioaljr7knm6iqdfcsn42hle2 [2] http://links.mailingplus.net/goto/b32-9pt1glrplafhsv4uj7sauvc6deiqdfcsn42hle2 [3] http://links.mailingplus.net/goto/b32-9pt1glrplafhsljqfv1ia6lj1uiqdfcsn42hle2 [4] http://links.mailingplus.net/goto/b32-9pt1glrplafhso3b4140u61tmaiqdfcsn42hle2 [5] http://links.mailingplus.net/goto/b32-9pt1glrplafhsjiq5pvkj7p91miqdfcsn42hle2 [6] http://links.mailingplus.net/goto/b32-9pt1glrplafhtu4mbdn21gcqrqiqdfcsn42hle2 [7] http://links.mailingplus.net/goto/b32-9pt1glrplafhth0i5407r40p2eiqdfcsn42hle2 [8] http://links.mailingplus.net/goto/b32-9pt1glrplafhsn7n0m49lr0tviiqdfcsn42hle2 [9] http://links.mailingplus.net/goto/b32-9pt1glrplafhsfmv63o8k73cluiqdfcsn42hle2 [10] http://links.mailingplus.net/goto/b32-9pt1glrplafhs4vu4bj1g8hqaiiqdfcsn42hle2 [11] http://links.mailingplus.net/goto/b32-9pt1glrplafhsj2fv4reh43kaqiqdfcsn42hle2 [12] http://links.mailingplus.net/goto/b32-9pt1glrplafht9r9hq8tkk2f7iiqdfcsn42hle2 [13] http://links.mailingplus.net/goto/b32-9pt1glrplafhtiovfep05acl5miqdfcsn42hle2 [14] http://links.mailingplus.net/goto/b32-9pt1glrplafht1vqu29p8695huiqdfcsn42hle2
http-check string and rerturn code != 200 behaviour
Hi, I'm using an http-check expect string to test the presence of a certain string in the body response. Like this option httpchk GET /mycheck HTTP/1.1\r\nHost:\ myhost.xx\r\nConnection:\ close http-check expect ! string healthStatus:Unhealthy When the backend is not accessible, our nginx returns a default page, with a 5XX return code. In this case (return code != 200), it should be considered as an error, and the associated serveur should be removed from the server. It's not the case : HAProxy only check the string, and says it's OK. Question : How to check the string AND check the return code ? I want my server to be removed if string is absent OR if return code is != 200 ! Thank you, Sébastien Rohaut
Re: log cipher used for TLS connection
Thanks for the tip. wt On Fri, Feb 13, 2015 at 10:47 AM, Nenad Merdanovic ni...@nimzo.info wrote: Hello Warren, Did you try logging the: http://cbonte.github.io/haproxy-dconv/configuration-1. 5.html#7.3.4-ssl_fc_cipher Add %[ssl_fc_cipher] to the log format. On 2/13/2015 12:19 PM, Warren Turkal wrote: Is it possible to log the cipher used for a TLS connection? wt -- Warren Turkal Regards, Nenad -- Warren Turkal
Load Problem with v1.5.5+
Hello, Our installation and configuration of HAProxy v1.5.3 on Debian GNU/Linux Wheezy (v7.8, fully patched to date, and running on bare metal with no virtualization) has been stable. I have an active/passive server deployment using keepalived, and they have been running without issue on this version since 7/31/14. HAProxy interfaces with a backend Windows Server 2008 R2/IIS v7.5 web farm. The physical servers are Dell PowerEdge R310 with (1) Intel Xeon X3430 (4 cores) @2.4GHz and 32GB of RAM (@800 MHz). Each server has bond0 configured, which is comprised of eth0 and eth1, and each physical interface connects to a switch stack (Cisco Catalyst 3750) using 802.3ad. The on-board network cards are Broadcom Corporation NetXtreme II BCM5716 Gigabit Ethernet (rev 20). Cisco 3750 switch interface configuration and statistic reporting (i.e. input/output errors, CRCs, etc.) is clean. The backend servers are physically connected to the same Cisco 3750 switch stack. Active/passive high availability for HAProxy using keepalived works as expected. HAProxy Statistics under normal weekly workloads reflect the following: Queue/Cur - 0, Max - some #, Limit -- Session rate/Cur - 1 to 200 per server Session rate/Max - 300 to 500 Session rate/Limit - blank Sessions/Cur - 1 to 30 per server; could spike to 50 Sessions/Max - 50 Sessions/Limit - 50 Denied Req/Resp - 0 Errors/Req - Errors/Conn - 0 Errors/Resp - usually 1+, but not incrementing fast (i.e., in six hours' time today there are 41 total) Warnings/Ret/Redis - 0 In January 2015, I tried to catch up on HAProxy maintenance releases by upgrading only our active server from v1.5.3 to v1.5.10 (before 1.5.11 was announced) late on a Tuesday night. Immediately post upgrade, the active server seemingly behaved per testing. Unfortunately, v1.5.10 surfaced a new problem early the next morning around 9:00 a.m. which forced me to fail over to our passive server (still running v1.5.3) in order to restore service to our customers, which was followed by downgrading our active server to v1.5.3 in order to stabilize the system and restore the high availability pair. *The problem exhibited the following behaviors on the active server: * * HAProxy Statistics (HPS) showed many, but not all, web farm servers with Queue/Cur in the low thousands, and they would remain there with minor queue count fluctuations both incrementing and decrementing by 100 every stats page refresh. For these same servers, the Sessions/Cur was stuck at 50, which is the configured Max Limit, which explains the queuing and why some customers weren't able to use our service. * HPS would intermittently flash yellow horizontal lines, also noting a very high 2000ms L7 response time, typically on the servers with the high queue count. * Stopping and starting the HAProxy service would shuffle around the numbers in HPS as to which server had the high queues, but not all servers would have high queues (only two or three would have them). Waiting for five or ten minutes wouldn't self heal the queues through session processing. * HPS would rarely flash a red horizontal line, and that server's sessions would seem to zero out its Queue/Cur. * CPU utilization (30%) and memory consumption ( 5GB) on the active node during the event are within standard trends. None of the backend web farm servers, per active cacti graphing, displayed any CPU, memory, or disk anomalies during this time. At the time, I decided to table any further upgrade attempts until I could research the issue further. On the night of 2/13/15, I thought I would try again with v1.5.11 even though I struggled to find anything relevant to my former experience in the /HAProxy ChangeLog/ or problems with my configuration. All weekend and early this morning, v1.5.11 behaved up until more customers came online and started using our services. Looking at our cacti graph, from 8:50 a.m. EST to 9:00 a.m. EST, our total ingress and egress traffic combined jumped from 80Mbps to 170Mbps. It was during this time that the problem described above surfaced again, causing a service failure for large amount of our customers. * @ 9:05 a.m. stopping and starting HAProxy v1.5.11 didn't resolve the problem. Waited six minutes for processing which didn't catch up. * @ 9:12 a.m. I downgraded HAProxy from v1.5.11 to v1.5.3 and everything normalized in less than a minute. * @ 9:16 a.m. I upgraded HAProxy from v1.5.3 to v1.5.5 and the problem surfaced again and didn't heal in five minutes' time. * @ 9:22 a.m. I downgraded HAProxy from v1.5.5 to v1.5.4 and everything normalized in less than a minute. It has been stable all day so far. Each time I would build HAProxy I would * wget http://haproxy.1wt.eu/download/1.5/src/haproxy-1.x.x.tar.gz * tar -xf haproxy-1.x.x.tar.gz * cd haproxy-1.x.x * service haproxy stop * make TARGET=linux2628 CPU=generic USE_PCRE=1 USE_OPENSSL=1
Re: http-check string and rerturn code != 200 behaviour
On Mon, Feb 16, 2015 at 9:29 PM, Sébastien ROHAUT sebastien.rohaut@gmail.com wrote: Hi, I'm using an http-check expect string to test the presence of a certain string in the body response. Like this option httpchk GET /mycheck HTTP/1.1\r\nHost:\ myhost.xx\r\nConnection:\ close http-check expect ! string healthStatus:Unhealthy When the backend is not accessible, our nginx returns a default page, with a 5XX return code. In this case (return code != 200), it should be considered as an error, and the associated serveur should be removed from the server. It's not the case : HAProxy only check the string, and says it's OK. Question : How to check the string AND check the return code ? I want my server to be removed if string is absent OR if return code is != 200 ! Thank you, Sébastien Rohaut Hi Sébastien, You can write such séquence using tcp-check, sending your HTTP request with tcp-check send and matching with two consecutive tcp-check expect rules: tcp-check expect string HTTP/1.1\ 200\ OK tcp-check expect ! string healthStatus:Unhealthy Baptiste
Re: Load Problem with v1.5.5+
On 16/02/2015 09:45 μμ, Michael Holmes wrote: [...snip..] * @ 9:05 a.m. stopping and starting HAProxy v1.5.11 didn't resolve the problem. Waited six minutes for processing which didn't catch up. * @ 9:12 a.m. I downgraded HAProxy from v1.5.11 to v1.5.3 and everything normalized in less than a minute. * @ 9:16 a.m. I upgraded HAProxy from v1.5.3 to v1.5.5 and the problem surfaced again and didn't heal in five minutes' time. * @ 9:22 a.m. I downgraded HAProxy from v1.5.5 to v1.5.4 and everything normalized in less than a minute. It has been stable all day so far. Each time I would build HAProxy I would * wget http://haproxy.1wt.eu/download/1.5/src/haproxy-1.x.x.tar.gz * tar -xf haproxy-1.x.x.tar.gz * cd haproxy-1.x.x * service haproxy stop * make TARGET=linux2628 CPU=generic USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 * make install * service haproxy start I've reviewed the ChangeLog found here: http://www.haproxy.org/download/1.5/src/CHANGELOG, but I haven't been able to pinpoint any specific change in v1.5.5 which might be affecting my deployment based on my configuration. Is it possible for your to replay or generate traffic on test system ans use git bisect on 1.5.5 release? Cheers, Pavlos signature.asc Description: OpenPGP digital signature
RE: SAP Ariba installed base accounts
Hi, Good day! I'm following up to check if you had a chance to review my previous email to you. Do let me know when we can get into a call . we will provide you further details for your review. I look forward to a positive reply from you. Regards, Sawyer White Marketing - Business Intelligence From: Sawyer White [mailto:sawyer.wh...@techinfoaccount.com] Sent: Thursday, February 12, 2015 5:53 AM To: 'haproxy@formilux.org' Subject: SAP Ariba installed base accounts Hi, Would you be interested in purchasing SAP Ariba users list? We do have a targeted leads of SciQuest, Coupa, Ivalua, Basware, Oracle iprocurement, Oracle Procure, etc. We can also assist you to reach SAP Ariba current Vendors, Partners, Resellers etc. Keep me posted if you are currently looking for any specific technology users list so that I will get back to you with relevant information. Alternatively, it would be great if you could forward this mail to the right person (Marketing Department). I appreciate your time and value of your business. I look forward to knowing your thoughts. Regards, Sawyer White Marketing - Business Intelligence List acquisition | Tracked Email campaign | Email/Data Appending | Search Engine Optimization | Custom Built List | Tele Marketing | Multi Channel Marketing | Web-site Designing. We respect your privacy. If you want to stop receiving emails from us, please send a reply with the email subject line as Leave Out
Re: Load Problem with v1.5.5+
Hi all, Le 16/02/2015 23:48, Pavlos Parissis a écrit : On 16/02/2015 09:45 μμ, Michael Holmes wrote: [...snip..] * @ 9:05 a.m. stopping and starting HAProxy v1.5.11 didn't resolve the problem. Waited six minutes for processing which didn't catch up. * @ 9:12 a.m. I downgraded HAProxy from v1.5.11 to v1.5.3 and everything normalized in less than a minute. * @ 9:16 a.m. I upgraded HAProxy from v1.5.3 to v1.5.5 and the problem surfaced again and didn't heal in five minutes' time. * @ 9:22 a.m. I downgraded HAProxy from v1.5.5 to v1.5.4 and everything normalized in less than a minute. It has been stable all day so far. Each time I would build HAProxy I would * wget http://haproxy.1wt.eu/download/1.5/src/haproxy-1.x.x.tar.gz * tar -xf haproxy-1.x.x.tar.gz * cd haproxy-1.x.x * service haproxy stop * make TARGET=linux2628 CPU=generic USE_PCRE=1 USE_OPENSSL=1 USE_ZLIB=1 * make install * service haproxy start I've reviewed the ChangeLog found here: http://www.haproxy.org/download/1.5/src/CHANGELOG, but I haven't been able to pinpoint any specific change in v1.5.5 which might be affecting my deployment based on my configuration. Is it possible for your to replay or generate traffic on test system ans use git bisect on 1.5.5 release? I think this is due to a bug prior to 1.5.5 : http://www.haproxy.org/git?p=haproxy-1.5.git;a=commit;h=2e47a3ab11188239abadb6bba7bd901d764aa4fb Your configuration matches the condition, meaning that with haproxy 1.5.4 and before, option http-server-close is ignore from your backends, and not ignored anymore in 1.5.5+. The direct effect is that the server connection is closed after each connection, and that every requests require a new SSL handshake (which can be a performance killer). We can verify this quickly : - using haproxy 1.5.5 and later, remove option http-server-close. It will default to option http-keep-alive, and see if it's better. - using haproxy 1.5.4 and before, move option http-server-close to the defaults section, I think it should reproduce the same issues. -- Cyril Bonté
[SPAM] 10 euros de réduction sur votre commande
Si ce message ne s'affiche pas correctement, visualisez la version en ligne. [http://link.transisoft.fr/eccm2/D191903634-fc2ebcc107da7f292a614535c2d3eb0d-1042-48-692.html] [http://link.transisoft.fr/eccm2/L191903634-1042-35294-T.html amp;epi=R2J] [http://link.transisoft.fr/eccm2/L191903634-1042-35294-T.html amp;epi=R2J] [http://link.transisoft.fr/eccm2/L191903634-1042-35294-T.html amp;epi=R2J] [http://link.transisoft.fr/eccm2/L191903634-1042-35294-T.html amp;epi=R2J]haproxy@formilux.org [http://link.transisoft.fr/eccm2/L191903634-1042-35294-T.html amp;epi=R2J] [http://link.transisoft.fr/eccm2/L191903634-1042-35294-T.html amp;epi=R2J] [http://link.transisoft.fr/eccm2/L191903634-1042-35294-T.html amp;epi=R2J] Se deacute;sinscrire [http://link.transisoft.fr/eccm2/U191903634-fc2ebcc107da7f292a614535c2d3eb0d-48-1042.html]
Re: Active/Active
Lukas Tribus wrote on 02/16/2015 01:55 PM: [CUT] You use ECMP for load-balancing between different servers in a single PoP/DC and anycast to route the request to the nearest PoP/DC. As I understand wikipedia - it is discouraged to use ECMP for loadbalancing.. Load balancing by per-packet multipath routing is generally deprecated due to the impact of rapidly changing latency, packet reordering.. but it's wikipedia.. so who knows, but I can definetely see those things being an issue. It does seem some have played with setting up OSPF routing and using ECMP to loadbalance traffic across two endpoints. It's definetely a risky way to go, unless you are very up2snuff on OSPF, TCP and networking in general.. :) always nice to learn about ECMP though.. I've only seen anycast.. that's super cool. -- Regards, Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200 Those who do not understand Unix are condemned to reinvent it, poorly. --Henry Spencer
Re: Active/Active
❦ 16 février 2015 14:31 +0100, Lukas Tribus luky...@hotmail.com : As I understand wikipedia - it is discouraged to use ECMP for loadbalancing.. Load balancing by per-packet multipath routing is generally deprecated due to the impact of rapidly changing latency, packet reordering.. Nobody does per-packet multipathing anymore, in fact, when you use ECMP for load-balancing traffic against different servers, per packet load-balancing will break everything. Instead, network gear load-balances based on source/destination ip hash or the 5-tuple (src/dst ip, ip protocoll, src/dst layer 4 port). However, you may break PMTU discovery. https://tools.ietf.org/html/draft-jaeggli-v6ops-pmtud-ecmp-problem-00 -- Few things are harder to put up with than the annoyance of a good example. -- Mark Twain, Pudd'nhead Wilson's Calendar
RE: Active/Active
Isn't that used more as a multiple datacenter active/active setup thing? being in the routing part.. and not LAN side of things. that's the only places I've seen that used.. it's very cool though :) As I understand anycast and ECMP (and I only know guys who use it and know what they are doing ;) - it needs to be two different routes (ie. routers) that are active/active.. ie. multiple location.. but I guess one could do it in the same datacenter as well.. You use ECMP for load-balancing between different servers in a single PoP/DC and anycast to route the request to the nearest PoP/DC. Lukas
Re: Active/Active
❦ 16 février 2015 14:07 +0100, Klavs Klavsen k...@vsen.dk : You use ECMP for load-balancing between different servers in a single PoP/DC and anycast to route the request to the nearest PoP/DC. As I understand wikipedia - it is discouraged to use ECMP for loadbalancing.. Load balancing by per-packet multipath routing is generally deprecated due to the impact of rapidly changing latency, packet reordering.. Most routers are unable to do per-packet load balancing (load balancing is usually done in the slow path). -- Say what you mean, simply and directly. - The Elements of Programming Style (Kernighan Plauger)
RE: Active/Active
As I understand wikipedia - it is discouraged to use ECMP for loadbalancing.. Load balancing by per-packet multipath routing is generally deprecated due to the impact of rapidly changing latency, packet reordering.. Nobody does per-packet multipathing anymore, in fact, when you use ECMP for load-balancing traffic against different servers, per packet load-balancing will break everything. Instead, network gear load-balances based on source/destination ip hash or the 5-tuple (src/dst ip, ip protocoll, src/dst layer 4 port). Lukas
Re: Adding HSTS or custom headers on redirect
Same problem here. Even worse because we want to redirect prefix instead of a static location. So we cannot use the fake backend hack.
Re: Active/Active
Hi, On Mon, Feb 16, Mathieu Sergent wrote: Now i use two HAProxy active/passive with keepalived, which make the load balancing on web servers. I would know if it's possible to use two HAProxy in active/active mode ? I know keepalived can't managed it, because it uses the protocol VRRP. I made researches and it seems to be impossible. You could use(try) multiple ip-addresses with keepalived/haproxy: http://comments.gmane.org/gmane.comp.web.haproxy/15908 and dns round robin between these ip-addresses. (And if you need sticky sessions make sure that both servers use configuration that allows clients to switch between servers). -Jarno -- Jarno Huuskonen
Re: Active/Active
Openbsd carp El 16-02-2015 7:16, Mathieu Sergent mathieu.sergent...@gmail.com escribió: Hi, Now i use two HAProxy active/passive with keepalived, which make the load balancing on web servers. I would know if it's possible to use two HAProxy in active/active mode ? I know keepalived can't managed it, because it uses the protocol VRRP. I made researches and it seems to be impossible. Regards, Mathieu.
Re: Active/Active
Thanks for your reply. I really want to have two active/active, keepalived can't deal with it. Furthermore, i try to not use a load balancing with dns. Regards, Mathieu 2015-02-16 11:31 GMT+01:00 Jarno Huuskonen jarno.huusko...@uef.fi: Hi, On Mon, Feb 16, Mathieu Sergent wrote: Now i use two HAProxy active/passive with keepalived, which make the load balancing on web servers. I would know if it's possible to use two HAProxy in active/active mode ? I know keepalived can't managed it, because it uses the protocol VRRP. I made researches and it seems to be impossible. You could use(try) multiple ip-addresses with keepalived/haproxy: http://comments.gmane.org/gmane.comp.web.haproxy/15908 and dns round robin between these ip-addresses. (And if you need sticky sessions make sure that both servers use configuration that allows clients to switch between servers). -Jarno -- Jarno Huuskonen
Re: Active/Active
In each proposition, there is a single master (DNS, LVS...), which load-balance on two HAProxy. Me, I try to choose a solution with two master, which will be my two HAProxy. Maybe it's impossible and i dream ^^, but this is what I need. Regards, Mathieu 2015-02-16 12:00 GMT+01:00 Baptiste bed...@gmail.com: On Mon, Feb 16, 2015 at 11:58 AM, Mathieu Sergent mathieu.sergent...@gmail.com wrote: Thanks for your reply. I really want to have two active/active, keepalived can't deal with it. Furthermore, i try to not use a load balancing with dns. Regards, Mathieu With keepalived, you can have 2 nodes, both active/passive in 2 distincts VRRP instances. That said, you would have to load-balance each master node using DNS... If you want to avoid DNS, then use LVS to load-balance your L7 load-balancers. Baptiste
Active/Active
Hi, Now i use two HAProxy active/passive with keepalived, which make the load balancing on web servers. I would know if it's possible to use two HAProxy in active/active mode ? I know keepalived can't managed it, because it uses the protocol VRRP. I made researches and it seems to be impossible. Regards, Mathieu.
Re: Active/Active
Mathieu Sergent wrote on 02/16/2015 12:12 PM: In each proposition, there is a single master (DNS, LVS...), which load-balance on two HAProxy. Me, I try to choose a solution with two master, which will be my two HAProxy. Maybe it's impossible and i dream ^^, but this is what I need. well.. it all starts with a MAC address needing to be resolved from an IP. So if all your requests goes to one IP.. there will be one MAC responding to that ip - and hence one machine. Switches etc. cache which MAC belongs to which port etc. - so trying to fake MAC's and let 2 servers respond to the same MAC will give you issues :) You could probably do something like setting up a mirror port (or a hub) in between two servers - and then each will get all traffic.. and then they must agree for EACH request- who shall respond to it, and also notice if a response (the other one should have handled) is not handled.. and react.. it's simpler (and hence more performant) to let one machine respond to the ip (controlled by keepalived) - and then just ensure that someone responds to that ip (VRRP does this). - and then let the active part - delay traffic to both. But that will send all traffic past the active box first.. normally it's the responses that's large and hence that's normally ok. LVS can do Direct Routing, where it leaves the destination IP alone, so it simply forwards the package to another MAC address - and you can then setup your other haproxy box, to also react to that ip. (I normally setup the ip on loopback interface - but take care that it does not disturb keepalived :) so in reality someone has to be master.. and in normal active/active cluster setups - there is indeed a master - and the cluster then reelects a new master, whenever the master is inresponsive. -- Regards, Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200 Those who do not understand Unix are condemned to reinvent it, poorly. --Henry Spencer
RE: Active/Active
In each proposition, there is a single master (DNS, LVS...), which load-balance on two HAProxy. Me, I try to choose a solution with two master, which will be my two HAProxy. Maybe it's impossible and i dream ^^, but this is what I need. CDN's work with anycast and ECMP, that will solve those issue (and introduce new problems), but you need to understand them very very well until you can think to deploy it Lukas
Re: Active/Active
Lukas Tribus wrote on 02/16/2015 12:33 PM: In each proposition, there is a single master (DNS, LVS...), which load-balance on two HAProxy. Me, I try to choose a solution with two master, which will be my two HAProxy. Maybe it's impossible and i dream ^^, but this is what I need. CDN's work with anycast and ECMP, that will solve those issue (and introduce new problems), but you need to understand them very very well until you can think to deploy it Isn't that used more as a multiple datacenter active/active setup thing? being in the routing part.. and not LAN side of things. that's the only places I've seen that used.. it's very cool though :) As I understand anycast and ECMP (and I only know guys who use it and know what they are doing ;) - it needs to be two different routes (ie. routers) that are active/active.. ie. multiple location.. but I guess one could do it in the same datacenter as well.. -- Regards, Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200 Those who do not understand Unix are condemned to reinvent it, poorly. --Henry Spencer