As previously explained, I had as part of a customer’s mission to propose a solution to accelerate a web site. The challenge was to replace an aging Juniper appliance by a reverse proxy for high trafic website. This appliance was accelerating the traffic by caching data (max. 100Mb), and balancing the traffic between 4 front end servers. I also wanted to reorganize the whole DMZ infrastructure to improve the security. The existing architecture had all servers (front-ends, database and application servers) in the same LAN behind the firewall and the Junipers (see HLD image for As-Is solution below).
Don’t laugh, those websites receive more than 45.000.000 visits per month, with more than 4 pages seen at each visit (in normal traffic) and expect to receive more than 100.000.000 visits a month on special occasions. So, to improve this, I decided for a classical layered system (see HLD To-be solution below).
Once the design for this reverse proxy for high trafic website was accepted, the evaluation process for the acceleration platform began.
While working on the different platforms possible for this project, I thought that it would be better to be ready to give access to other protocols than http to Frontends servers zone.
My credo in consulting is to be solution minded, instead of product minded. This means that each time I have to propose a new solution, I’ll make a survey of existing solutions, test them, and verify how they can fulfil the mission assigned. I will always promote the solutions with the shortest learning curve (taking in account the knowledge and sensibility of the existing IT team), and in this case, if possible using open source products. (This is opposed to the product mind that will propose the product he knows the best, or where he’s got the better margin). One drawback to this, is that the time to design a proposed solution is longer (due to tests and probable learnings), but the solution is generally more accurate to the needs of the customer.
In this case, I had to find a good reverse caching proxy for HTTP and a load balancer for the other protocols (and if possible in open source products). I did start from a white page and began by looking for a product able to fulfill both roles. Believe it or not, I couldn’t find a distro dedicated to this role. So, I started evaluating different “reverse proxy” solutions:
- apache with mod_proxy and mod_proxy_balancer
- nginx as a reverse proxy
- Squid as a reverse proxy
- and Varnish
And after that evaluate the best solution to load balance traffic other than HTTP.
To be continued…
This article was entirely written with my iPad, and the drawings were “deigned” with QuickDiag app.
Categorised as: DevOps