How to design pound -> varnish -> jboss for ha + loadbalancing

httpsjbossload balancingvarnish

I'm planning a new infrastructure for our web application. We have two JBossAS5 servers, running in a cluster. Session state will be replicated via JBoss Cache.

In front of that, there should be some cache, to speed up delivery of static elements. However, most of the traffic to our app will be via HTTPS.

So far, I had been thinking of two Varnish caches in front of the JBossASs, each being configured for loadbalancing to the two JBossASs via round-robin. Since Varnish doesn't handle HTTPS, then there would need to be two pound proxies in front of the Varnishs, dealing with the HTTPS. The two pounds would be made high-available with Heartbeat/LinuxHA.

The traffic to www.example.com would then be going through our firewall, from there to the virtual IP of the pounds, from there to the Varnishs, and from there to the JBossASs.

Question 1: Does this make sense? Or is it overly complicated, and the same goal can be reached with simpler methods?

Question 2: If my layout is fine, how do I configure the pound -> Varnish step? Should I a) make the Varnish service high-available through Heartbeat/LinuxHA as well and direct traffic from pound to the virtual IP of the Varnishs, or should I rather b) Configure two independent Varnishs and use load-balancing in pound to address the different Varnishs?

Getting hardware loadbalancing is not an option, unfortunately, because of costs. This is no corporate, but a NGO system, and we're always short on money … The whole thing is not mission-critical, but I'd like it to be as reliable as possible, because our IT is not always available on short notice (we don't have any full-time IT person employed …).

Thanks a lot for your insight!

Andreas.

Best Answer

I think your approach makes sense. If you do not have the need for advanced caching of dynamic objects, then I would suggest using nginx as its capable of caching, https and loadbalancing. I do love Varnish, and I think most sites can gain a lot by using it, but based on your information it would make more sense to use nginx (+ heartbeat, or carp).

Nginx can cache dynamic objects, but I don't think it's possible to write rules based on uris (or part of them), cookies, connecting ip etc etc. Nginx can cache to disk and memcached, so it would be possible for your pair of nginx to have the same cache, more or less.
Can balance load, I think based on a session, ip hash and a lot more.
Does https very well.

Good luck! :)

Related Solutions

How to deploy a scalable, reliable haproxy cluster on Amazon EC2

OK, I've never built an AWS load balancing solution with traffic on the levels of SmugMug myself, but just thinking of theory and AWS's services, a couple of ideas come to mind.

The original question is missing a few things that tend to impact the load balancing design:

Sticky sessions or not? It is very preferable to not use sticky session, and just let all load balancers (LB's) use round robin (RR) or random backend selection. RR or random backend selections are simple, scalable, and provide even load distribution in all circumstances.
SSL or not? Whether SSL is in use or not, and over which percentage of requests, generally has a impact on the load balancing design. It is often preferable to terminate SSL as early as possible, to simplify certificate handling and keep the SSL CPU load away from web application servers.

I'm answering from the perspective of how to keep the load balancing layer itself highly available. Keeping the application servers HA is just done with the health checks built into your L7 load balancers.

OK, a couple of ideas that should work:

1) "The AWS way":

First layer, at the very front, use ELB in L4 (TCP/IP) mode.
Second layer, use EC2 instances with your L7 load balancer of choice (nginx, HAProxy, Apache etc).

Benefits/idea: The L7 load balancers can be fairly simple EC2 AMI's, all cloned from the same AMI and using the same configuration. Thus Amazon's tools can handle all HA needs: ELB monitors the L7 load balancers. If a L7 LB dies or becomes unresponsive, ELB & Cloudwatch together spawn a new instance automatically and bring it into the ELB pool.

2) "The DNS round robin with monitoring way:"

Use basic DNS round robin to get a coarse-grained load distribution out over a couple of IP addresses. Let's just say you publish 3 IP addresses for your site.
Each of these 3 IP's is an AWS Elastic IP Address (EIA), bound to a EC2 instance, with a L7 load balancer of your choice.
If a EC2 L7 LB dies, a compliant user agent (browser) should just use one of the other IPs instead.
Set up an external monitoring server. Monitor each of the 3 EIPs. If one becomes unresponsive, use AWS's command line tools and some scripting to move the EIP over to another EC2 instance.

Benefits/idea: Compliant user agents should automatically switch over to another IP address if one becomes unresponsive. Thus, in the case of a failure, only 1/3 of your users should be impacted, and most of these shouldn't notice anything since their UA silently fails over to another IP. And your external monitoring box will notice that an EIP is unresponsive, and rectify the situation within a couple of minutes.

3) DNS RR to pairs of HA servers:

Basically this is Don's own suggestion of simple heartbeat between a pair of servers, but simplified for multiple IP addresses.

Using DNS RR, publish a number of IP addresses for the service. Following the example above, let's just say you publish 3 IPs.
Each of these IP's goes to a pair of EC2 servers, so 6 EC2 instances in total.
Each of these pairs uses Heartbeat or another HA solution together with AWS tools to keep 1 IP address live, in a active/passive configuration.
Each EC2 instance has your L7 load balancer of choice installed.

Benefits/idea: In AWS' completely virtualized environment it's actually not that easy to reason about L4 services and failover modes. By simplifying to one pair of identical servers keeping just 1 IP address alive, it gets simpler to reason about and test.

Conclusion: Again, I haven't actually tried any of this in production. Just from my gut feeling, option one with ELB in L4 mode, and self-managed EC2 instances as L7 LBs seems most aligned with the spirit of the AWS platform, and where Amazon is most likely to invest and expand later on. This would probably be my first choice.

How to utilize Varnish for A/B Testing and Feature Rollout

A/B Testing - How do you test two "versions" of each page and compare? I mean, how does varnish know which page to serve up? If and how do you save seperate versions on each page?

You have several choices:

Simply expose them at different URLs.
Bypass the cache for the specific URL. You could do this by returning pass in vcl_recv. Something like this:
```
sub vcl_recv {
    if (req.url ~ "^/path/to/document") {
        return (pass);
    }
}
```
Explicitly purge the cache when you expose a new version.

Feature rollout - how would you set up a simple feature rollout mechanism? Let's say i want to open a new feature/page to just 10% of the traffic.. and then later increase that to 20%?

I'm not sure there's a "simple" way to do this. Since you can put arbitrary C code in your .vcl files you could probably add some logic to pick a random number and then select the appropriate backend path based on the result.

How do you handle code deployments? Do you purge your entire varnish cache every deployment? (We have deployments on a daily basis). Or do you just let it slowly expire (using TTL)?

For major changes we just purge the cache, and for smaller changes we just let things expire.

Best Answer

Related Solutions

How to deploy a scalable, reliable haproxy cluster on Amazon EC2

How to utilize Varnish for A/B Testing and Feature Rollout

Related Topic