Architectural Changes
Ryan Ordway
ryan.ordway at oregonstate.edu
Fri Sep 7 23:36:43 UTC 2007
Google, on Firefox and Safari on MacOS X.
On 9/7/07 3:03 PM, "Mike McGrath" <mmcgrath at redhat.com> spake:
> As we talked about in the meeting yesterday we have a new sponsor
> (http://www.teliasonera.com/). There are a couple of others in the
> works (I don't want to officially announce until its finalized) but one
> thing is clear. Pretty soon we're going to have multiple proxy servers
> outside of PHX. The end goal here would be to use mod_geoip to
> re-direct people to their nearest location but we're going to take baby
> steps to get there. Here are the steps as I see them.
>
> 1) Finalize the caching stuff paulobanon has been working on.
> 2) VPN
> 3) Setup 1 remote proxy server and test
> 4) Get DNS setup properly to direct people to the proxy servers in a RR
> format
> 5) mod_geoip.
>
>
> 4) is still a little fuzzy in my mind. Right now we're using Bind for
> DNS and, AFAIK, the version we're using does not have support for
> geoip. So my thought is using mod_geoip to direct people to (for
> example) de1.fedoraproject.org or us2.fedoraproject.org. I'm still a
> little unclear on the best way to do this in our environment. Those
> keeping an eye on the commit logs will have noticed the odd commit for
> t.fedoraproject.org. So, for example:
>
> ping -c1 t.fedoraproject.org
>
> For me seems to do the right thing. I get basically a RR balanced IP
> between 3 addresses (fp.o, yahoo and google) I just picked two ip's
> that weren't ours to balance around. The thing, for me at least, is I
> get fp.o every time if I use FireFox. This is over many days on
> different computers. I've seen FF bring up the google ip once. So I
> ask those on the list to go to http://t.fedoraproject.org/ and just tell
> me what you get. Or, even better, explain to me what the heck is going
> on there, I have one theory about first requests to DNS vs named caching
> in FF and name caching elsewhere. But we've had different people get
> many different results (some get wget to RR, some with wget always get
> the same thing, same with curl, lynx, w3m, and HEAD) More investigation
> is needed.
>
> 2) is something I'm working on now. VPN will only be for external
> servers (not users). We've actually already had a few issues we've had
> to overcome in strange ways from external servers that could have been
> fixed by a VPN. (puppet and bacula backups immediately come to mind)
> We'll tightly control (iptables) what these boxes have access to on the
> vpn server (bastion). We'll keep the ttl on our load balanced products
> lower so that if something does go wrong with one of them, we can easily
> take it out of the mix.
>
> The reason for 2) is so we don't have to maintain multiple different
> proxy server types. If we use VPN we can treat each server the same,
> just like the ones we have now which keeps it maintainable.
>
> Questions / Comments / Suggestions?
>
> -Mike
>
> _______________________________________________
> Fedora-infrastructure-list mailing list
> Fedora-infrastructure-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
--
Ryan Ordway E-mail: rordway at oregonstate.edu
Unix Systems Administrator rordway at library.oregonstate.edu
OSU Libraries, Corvallis, OR 97370 Office: Valley Library #4657
More information about the Fedora-infrastructure-list
mailing list