From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 55DD61381F3 for ; Fri, 30 Aug 2013 15:54:17 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 4E1D5E0E68; Fri, 30 Aug 2013 15:54:12 +0000 (UTC) Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 4DA6AE0E52 for ; Fri, 30 Aug 2013 15:54:11 +0000 (UTC) Received: from compute3.internal (compute3.nyi.mail.srv.osa [10.202.2.43]) by gateway1.nyi.mail.srv.osa (Postfix) with ESMTP id D3FC62078D for ; Fri, 30 Aug 2013 11:54:10 -0400 (EDT) Received: from frontend2 ([10.202.2.161]) by compute3.internal (MEProxy); Fri, 30 Aug 2013 11:54:10 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=fastmail.co.uk; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; s=mesmtp; bh=HbbA6wzq67v+hVyiO/x8SKQHNw4=; b=UrhllGPgGezcKvNgRjci6BwW8AAJ MTIqmUm29+O/9YlRn9jtGq50w4iJqVVIlUf5Irc9UCZK0kMcy+23qSYanTnnY7XK 1lsiiKJgabivl+sybf1wf8qrvk5nUqITEdN1KNvEFc9WMj4OIuXSuxw61HUJr/1f XB+5CrQorDqPgyI= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=message-id:date:from:mime-version:to :subject:references:in-reply-to:content-type :content-transfer-encoding; s=smtpout; bh=HbbA6wzq67v+hVyiO/x8SK QHNw4=; b=DUDzLmSDutAmck3p/PMWbDTosaBPQzywPoGDHgfVhVsQfZYSUi7sWN ItzL73rEVXZrqylHOSpXkNs2HEmzKAv0HYwu3Bn/2ApjSIEf1RMXtAaR6922SISv zFrvXPsfwgraO4VVmc5tUa+uQ9qkfGixZySXJ/A6UU6q2UVQO6K4s= X-Sasl-enc: 7+Tpk9EE6AlIGGyeoSQs49Y4kBWAY/oUTxlKxPkAmrHp 1377878050 Received: from [10.7.117.114] (unknown [90.152.1.242]) by mail.messagingengine.com (Postfix) with ESMTPA id 78D806800C8 for ; Fri, 30 Aug 2013 11:54:10 -0400 (EDT) Message-ID: <5220C01E.5040508@fastmail.co.uk> Date: Fri, 30 Aug 2013 16:54:06 +0100 From: Kerin Millar User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20130806 Thunderbird/17.0.8 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] HA-Proxy or iptables? References: In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: ec2403af-9996-4b70-8347-abc834448006 X-Archives-Hash: 571d0ddf2b5bad0253c0749898532a19 On 29/08/2013 08:54, Pandu Poluan wrote: > Hello list! > > Here's my scenario: > > Currently there is a server performing 2 functions; one runs on, let's > say, port 2000, and another one runs on port 3000. > > Due to some necessary changes, especially the need to (1) provide more > resource for a function, and (2) delegate management of the functions > to different teams, we are going to split the server into two. > > The problem is: Many users -- spread among 80+ branches throughout the > country -- access the server using IP Address instead of DNS name. > > So, my plan was to leave port 2000's application on the original > server, implement port 3000's application on a new server, and have > all access to port 3000 of the original server to be redirected to > same port on the new server. > > I can implement this using iptables SNAT & DNAT ... or I can use HA-Proxy. > > Can anyone provide some benefit / drawback analysis on either solution? I don't have any practical experience of using HA-Proxy. However, if you are sizing up Netfilter as a solution then I would suggest that you also consider Linux Virtual Server (LVS). It provides a lightweight NAT implementation and scales well. It is natively administered with the ipvsadm tool but I would recommend using ldirectord or such: http://horms.net/projects/ldirectord/ --Kerin