Ubuntu Pound Reverse Proxy Load Balancing Based off active server load?

Question

I have Pound installed on a loadbalancer. It seems to work okay, except that it randomly assigns the backend server to forward the request to. I've put 1 backend machine under so much load that it went into using swap, and I can't even ssh into it to test this scenareo. I would like the loadbalancer to realize that the machine is overloaded, and send it to a different backend machine. However it doesn't. I've read the man page and it seems like the directive "DynScale 1" is what would monitor this, but it still redirects to the overloaded server. I've also put in "HAport 22" to the backend figuring since I can't ssh in, neither could the loadbalancer and it would consider the backend server dead until it gets rid of the load and responds, but that didn't help either.

If anyone could help with this, I'd appreciate it. My current config is below.

 ###################################################################### ## global options: User "www-data" Group "www-data" #RootJail "/chroot/pound" ## Logging: (goes to syslog by default) ## 0 no logging ## 1 normal ## 2 extended ## 3 Apache-style (common log format) LogLevel 3 ## check backend every X secs: Alive 5 DynScale 1 Client 1200 TimeOut 1500 # poundctl control socket Control "/var/run/pound/poundctl.socket" ###################################################################### ## listen, redirect and ... to: ## redirect all requests on port 80 to SSL ListenHTTP Address 192.168.1.XX Port 80 Service Redirect "https://xxx.com/" End End ListenHTTPS Address 192.168.1.XX Port 443 Cert "/files/www.xxx.com.pem" Service BackEnd Address 192.168.1.1 Port 80 HAport 22 End BackEnd Address 192.168.1.2 Port 80 HAport 22 End End End 

Answer 1

According to your timeout setting Pound waits 25 minutes for a response from the back-end. Set it to something lower during your tests, say the default of 15 secs.

Answer 2

I have heard very mixed opinions about the efficacy DynScale. We have chosen not to use it. What we do instead is set a Priority val for each BackEnd section. From the man page:

Priority val

The priority of this back-end (between 1 and 9, 5 is default). Higher priority back-ends will be used more often than lower priority ones, so you should define higher priorities for more capable servers.

Your new ListenHTTPS section should look something like this:

ListenHTTPS Address 192.168.1.XX Port 443 Cert "/files/www.xxx.com.pem" Service BackEnd Address 192.168.1.1 Port 80 Priority 7 End BackEnd Address 192.168.1.2 Port 80 Priority 3 End End End 

Try different values for the Priority on each BackEnd until you're happy with how it's distributing the load.

You should turn off DynScale while playing with Priority, otherwise Pound will attempt to adjust the values for you based on real usage.

Also, you should probably set Alive to something higher, like 30 seconds. If your servers are buried under more load than they can handle, you don't want Pound kicking it every 5 seconds to see if it's back up again.

Lastly, I agree with @Andrew. Your Timeout value should be much lower. Go with something modest, like 300 (5 minutes).

Answer 3

If you're sending load traffic to one of the backend machines 'directly' (that is, without going through Pound), it will not be able to detect the load.

Pound will simply try port 80 of the backend (which will actually respond to the initial TCP handshake, SYN/ACK etc, but not much more than that) and will wait until the timeout you specified.

Try sending your load traffic through Pound, and experiment with the backend priorities and DynScale. Pound uses the number of open, ongoing connections to the backends to compute the load balancing.

Also, check the "poundctl" command to view some stats on the services/backends.