tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: carp and dead daemon

On Thu, Jul 31, 2008 at 3:57 PM, Emmanuel Dreyfus <> 
> matthew sporleder <> wrote:
>> Have you considered using something like pen (pkgsrc /net/pen) for
>> your services instead?
> If the service is SMTP, then having the real sender IP (and not pen load
> balancer's one) is important for spam filtering,

This is a common problem with load balancers and proxies (I've used
many in front-of web apps where we had to insert custom X-Forward
headers and other hacks -- I'm not sure if pen can do this), but I
thought most spam filters used smtp headers?  I don't run any of my
own email servers, though.

> And how does that cope with SSL?

I don't think it tries to read into the protocols at all.  HTTPS is
enabled with host1:443 host2:443, so it should just pass it along.

I should also point out that you're really just trading one
application for another since pen could fail and CARP wouldn't notice.
 I would love to see port-level monitoring/kernel-module load
balancing built into NetBSD.  :)

Home | Main Index | Thread Index | Old Index