Robust Authentication Proxying

[Ivan Kalik]

>> I think that you are going about it the wrong way. You wont proxy to
>> pretend that home server has not gone down. How about this - instead
>> of a
>> group of stand-alone load-balanced home servers create a (true) high
>> availability cluster. If your home server is always available this
>> issue
>> doesn't come up. And your customer always gets a response.
>
> Well, if I get the proxy handling to function the way I am
> envisioning, I effectively create a high-availability cluster with the
> proxy as my availability manager. :)

As you have seen it's not straightforward.

> But why not setup a high-availability cluster as a home server?
> First, I already have an existing pool of dumb home servers that I
> would like to continue using.

Not an issue. They would just work in a cluster.

>  Second, those home servers are
> incredibly cheap and easily replaceable.  A high-availability cluster
> probably would not be.

Ahem. It can be just as cheap, since you probably already have it.

http://www.linux-ha.org/

>  Third, if my home servers start having issues
> with the load, the easiest thing to do to just add more dumb home
> servers and update the proxies to spread that load out across the new
> ones in addition to the old ones.  Easy scaling.

Again, not an issue. You just join additional server(s) to the cluster.
It's even easier since you don't have to make any changes on the proxywhen
adding new servers to the cluster.

> I do not want the proxy to pretend that the home server has not gone
> down (in fact, it very much needs to accept that any individual home
> server may be down).  I want it to hide the fact that a single home
> server is not responding and not have that result in the entire pool
> appearing to have gone down (if only for a single request).

That is exactly what high availability solution is about. No matter how
many component servers fail it will work as long as there is one still
responding.

Ivan Kalik
Kalik Informatika ISP