Pound – A Reverse Proxy Load Balancer

Here is a simple way on how you can set up a muti-node Apache Web server cluster that provides load balancing. In front of the apache cluster I have created a load balancer that splits up the incoming HTTP/HTTPS requests between the multiple Apache nodes. The advantage of using a load balancer is that it takes care of the load on the web server nodes and tries to direct requests to the node with less load and it also takes care of the sessions.

For our setup we configure a program called Pound and behind this pound server, we have two apache webserver nodes.

Pound is a reverse-proxy server. This means that it passes requests from client browsers to one or more back-end servers. Also, Pound acts as a load balancer as it distributes the requests from the client browsers among serveral back-end servers, while keeping session information. Pound is aso an SSL wrapper that can decrypt HTTPS requests from client browsers and pass them as plain HTTP to the back-end servers. Pound can verify requests for correctness and accept only well formed ones. Pound can detect when the backend server fails or is recovered and take actions accordingly. So, it’s also a failover server. We can set priority for preferred back end server in case a particular server has a better hardware to accomodate the heavy load. If priority is not set, it takes the default priority as 5 and the priority ranges from 1 to 9; 9 being the highest priority. Remember that Pound is NOT a Web Server or Web Accelerator. So, no websites are cached.

You can download Pound for REDHAT from the below URL:
http://www.invoca.ch/pub/packages/pound/RPMS/ils-5/SRPMS/

Once installed, you can open the configuration file and update as required:

vi /etc/pound.cfg

User "pound"
Group "pound"
Control "/var/lib/pound/pound.cfg"

ListenHTTP
	Address 192.168.2.50
	Port 80
	Service
	   BackEnd
		Address 192.168.2.10
		Port 80
	   End
	   BackEnd
		Address 192.168.2.20
		Port 80
		Priority 6
	   End
	   Session
  	   	Type IP
		TTL 300
  	   End
	End
End


:wq!

#service pound start
#chkconfig pound on

This tells Pound to listen on the real IP address 192.168.2.50 @ port 80 and proxy all requests to the back-end servers listed. Failover is taken care of automatically and so there’s nothing to configure to accomplish this important feature. The second server has a priority of 6, which means that more requests will be routed to server with IP address 192.168.2.20

Also, Pound is a session-aware server, meaning it keeps track of sessions between a client browser and a back-end server. So, once a session is established, all subsequent requests from the same browser will be directed to the same back-end server. In the above configuration, you can see “Session” configured by client IP address. In this scheme Pound directs all requests from the same client IP address to the same back-end server within a five-minute interval. Though Pound is session-aware, accuracy is NOT guaranteed as HTTP is defined as a stateless protocol. There are five other ways to configure sessions using Pound, but none can guarantee accuracy. The above method of configuring session via IP address is the easiest one, though we have other methods like Basic Authentication, URL parameter, cookie value, HTTP parameter and header value.

Note:

SSL certificates can also be configured if you add the following to your pound.cfg configuration file.

ListenHTTPS
	Address xxx.xxx.x.xx
	Port 443
	Cert "/etc/pki/tls/certs/pound.pem"
End

That’s it.

Advertisements