Star Hackademy

Hacking and configuring, IT's a long and secret story…

Reverse proxying for web acceleration —

As previously explained, I had as part of a customer’s mission to propose a solution to accelerate a web site. The challenge was to replace an aging Juniper appliance. This appliance was accelerating the traffic by caching data (max. 100Mb), and balancing the traffic between 4 front end servers. I also wanted to reorganize the whole DMZ infrastructure to improve the security. The existing architecture had all servers (front-ends, database and application servers) in the same LAN behind the firewall and the Junipers.

20130120-230359.jpg

Don’t laugh, those websites receive more than 45.000.000 visits per month, with more than 4 pages seen at each visit (in normal traffic) and expect to receive more than 100.000.000 visits a month on special occasions. So, to improve this, I decided for a classical layered system.

20130120-231515.jpg
Once the design was accepted, the evaluation process for the acceleration platform began.
While working on the different platforms possible for this project, I thought that it would be better to be ready to give access to other protocols than http to Frontends servers zone.

My credo in consulting is to be solution minded, instead of product minded. This means that each time I have to propose a new solution, I’ll make a survey of existing solutions, test them, and verify how they can fulfil the mission assigned. I will always promote the solutions with the shortest learning curve (taking in account the knowledge and sensibility of the existing IT team), and in this case, if possible using open source products. (This is opposed to the product mind that will propose the product he knows the best, or where he’s got the better margin). One drawback to this, is that the time to design a proposed solution is longer (due to tests and probable learnings), but the solution is generally more accurate to the needs of the customer.

In this case, I had to find a good reverse caching proxy for HTTP and a load balancer for the other protocols (and if possible in open source products). I did start from a white page and began by looking for a product able to fulfil both roles. Believe it or not, I couldn’t find a distro dedicated to this role. So, I started evaluating different “reverse proxy” solutions:

  • apache with mod_proxy and mod_proxy_balancer
  • nginx as a reverse proxy
  • Pound
  • Squid as a reverse proxy
  • and Varnish

And after that evaluate the best solution to load balance traffic other than HTTP.

To be continued…

This article was entirely written with my iPad, and the drawings were “deigned” with QuickDiag app.


Categorised as: Uncategorized


One Comment

  1. Toto says:

    ZZZzzzzZZZzzzz!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.