Question on redundant nginx reverse proxy setup

Hi,

I’m planning to set up this environment:

±------------+ ±------------+
| ISP1 | | ISP2 |
±------------+ ±------------+
| |
±------------+ ±------------+
| FW1/proxy | | FW2/proxy |
±------------+ ±------------+
| | | |
| ±-------------±----------+ |
| | |
| switch |
| | |
±—±-----------±-------------+
| |
switch |
| |
| ±--------------+
| |
±--------±–+ ±--------±–+
| www1 | | www2 |
±------------+ ±------------+

(raw ASCII art at http://simoncpu.pastebin.com/raw.php?i=0StGLjCk)

Question: Does nginx gurantee, using the NginxHttpUpstreamModule, that
it will direct incoming connections to the right www server? Would
the two identical nginx servers create identical IP hashes?

Thanks,

[ simon.cpu ]

Hello!

On Wed, Oct 20, 2010 at 07:08:27PM +0800, Simon Cornelius P Umacob
wrote:

±------------+ ±------------+
| |
±--------±–+ ±--------±–+
| www1 | | www2 |
±------------+ ±------------+

(raw ASCII art at http://simoncpu.pastebin.com/raw.php?i=0StGLjCk)

Question: Does nginx gurantee, using the NginxHttpUpstreamModule, that
it will direct incoming connections to the right www server? Would
the two identical nginx servers create identical IP hashes?

Do you mean “with ip_hash directive”? Ip hash is calculated
from client’s ip address only (first 3 octets of it), so in most
cases answer is “yes”.

You should be prepared to handle any user request on any backend
server though (possibly less effectively), due to the fact that
there are users which change their ips frequently (e.g. mobile
users or users behind large proxy pools).

For this particular setup there are also multihomed hosts to
consider which may select different ip addreses while connecting
to different frontends. But it’s unlikely to be big problem
compared to already mentioned cases unless your clients are very
specific.

Maxim D.

On Wed, Oct 20, 2010 at 7:47 PM, Maxim D. [email protected]
wrote:

Hello!

Do you mean “with ip_hash directive”? Ip hash is calculated
from client’s ip address only (first 3 octets of it), so in most
cases answer is “yes”.

Thanks for the info! I guess nginx with ip_hash is the right choice
for our setup.

You should be prepared to handle any user request on any backend
server though (possibly less effectively), due to the fact that
there are users which change their ips frequently (e.g. mobile
users or users behind large proxy pools).

For this particular setup there are also multihomed hosts to
consider which may select different ip addreses while connecting
to different frontends. But it’s unlikely to be big problem
compared to already mentioned cases unless your clients are very
specific.

I think this problem is inherent to any user who has multiple IPs, so
this limitation is OK. :slight_smile:

Thanks!

[ simon.cpu ]