From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Rq6PT-0006dh-V6 for garchives@archives.gentoo.org; Wed, 25 Jan 2012 17:13:24 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 80374E0509; Wed, 25 Jan 2012 17:13:10 +0000 (UTC) Received: from crowfix.com (li35-165.members.linode.com [72.14.176.165]) by pigeon.gentoo.org (Postfix) with ESMTP id 98A33E0574 for ; Wed, 25 Jan 2012 17:11:53 +0000 (UTC) Received: (qmail 4915 invoked from network); 25 Jan 2012 17:09:08 -0000 Received: from unknown (HELO df.crowfix.com) (10.130.13.2) by 10.130.13.1 with SMTP; 25 Jan 2012 17:09:08 -0000 Received: (qmail 13774 invoked by uid 1000); 25 Jan 2012 17:11:36 -0000 Date: Wed, 25 Jan 2012 09:11:36 -0800 From: felix@crowfix.com To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Proxy questions Message-ID: <20120125171136.GZ5190@crowfix.com> References: <20120124170843.GW5190@crowfix.com> <201201241814.43970.michaelkintzios@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201201241814.43970.michaelkintzios@gmail.com> User-Agent: Mutt/1.5.21 (2010-09-15) X-Archives-Salt: 93b1cffa-1133-4a3c-a7c2-19dcdf7f8ce9 X-Archives-Hash: 7cf8c6f071c3d6b960a8f7b6d8dae86c On Tue, Jan 24, 2012 at 06:14:22PM +0000, Mick wrote: > On Tuesday 24 Jan 2012 17:08:43 felix@crowfix.com wrote: > > I know, in general, what proxies do -- caching, filtering, and > > bypassing firewalls. I have even written a couple of very special > > purpose proxies. Now I need one for work, and don't realy want to > > write another custom special purpose when it seems there must be a > > canned one which can do the job. > > > > We have some vendors who transact business over special ports with > > custom protocols. We pay for these connections, and we only have two > > of them, good enough for QA, but when a developer needs to test code, > > they have to drag their machine over to QA and schedule time with one > > of these connections. What we need is a proxy which can take any > > number of connections on our side and funnel everything into one or > > two vendor connections. I don't know enough of the proxy jargon to > > know how to describe it. I imagine some kind of NAT. No filtering or > > caching; firewall penetration will be taken care of elsewhere. > > > > Any suggestions, or proxy education hints? > > I'm not entirely clear of your use case scenarios and the constraints you are > trying to address with a proxy (e.g. why the developer does not connect > directly to the vendors port(s) to access their service? ) but I'll guess that Because if the devs connect directly to the vendor, they will take over the limited connections we are allowed. Thus they need throttling and/or some kind of NAT. > you probably need a reverse proxy/load balancer arrangement - something like > pound, portfusion, or even nginx? BTW, did I mention apache mod_proxy? I am > not sure what authentication arrangements you need to access your vendors > ports, if you have VPNs or other secure tunnels between your site and the > vendors', but let's say I'd read up on reverse proxies as a start. > > This should make the transaction transparent for your devs, they won't > necessarily know which vendor they end up with after they hit your URL, but I > am not sure if it will satisfactorily address the issue of scheduling time for > a connection with your vendors at times of high demand. Once ports or vendor > service limitations are reached the connections will eventually become > saturated. I don't think saturation is a problem with the kind of dev work we do; our production systems handle hundreds of thousands of transactions an hour over a single connection. The real problem is that if devs grab that connection, production would stall immediately, so we have a separate connection for QA which devs will have to share without hogging; thus some proxy to funnel all requests into the single channel. Altho there is some possibility of the QA channel turning into two, that still needs to be shared amongst a dozen devs and QA. I'll look into all those buzzwords :-) -- ... _._. ._ ._. . _._. ._. ___ .__ ._. . .__. ._ .. ._. Felix Finch: scarecrow repairman & rocket surgeon / felix@crowfix.com GPG = E987 4493 C860 246C 3B1E 6477 7838 76E9 182E 8151 ITAR license #4933 I've found a solution to Fermat's Last Theorem but I see I've run out of room o