[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: carp and dead daemon
On Thu, Jul 31, 2008 at 3:57 PM, Emmanuel Dreyfus <manu%netbsd.org@localhost>
> matthew sporleder <msporleder%gmail.com@localhost> wrote:
>> Have you considered using something like pen (pkgsrc /net/pen) for
>> your services instead?
> If the service is SMTP, then having the real sender IP (and not pen load
> balancer's one) is important for spam filtering,
This is a common problem with load balancers and proxies (I've used
many in front-of web apps where we had to insert custom X-Forward
headers and other hacks -- I'm not sure if pen can do this), but I
thought most spam filters used smtp headers? I don't run any of my
own email servers, though.
> And how does that cope with SSL?
I don't think it tries to read into the protocols at all. HTTPS is
enabled with host1:443 host2:443, so it should just pass it along.
I should also point out that you're really just trading one
application for another since pen could fail and CARP wouldn't notice.
I would love to see port-level monitoring/kernel-module load
balancing built into NetBSD. :)
Main Index |
Thread Index |