As we talked about in the meeting yesterday we have a new sponsor (http://www.teliasonera.com/). There are a couple of others in the works (I don't want to officially announce until its finalized) but one thing is clear. Pretty soon we're going to have multiple proxy servers outside of PHX. The end goal here would be to use mod_geoip to re-direct people to their nearest location but we're going to take baby steps to get there. Here are the steps as I see them.
1) Finalize the caching stuff paulobanon has been working on. 2) VPN 3) Setup 1 remote proxy server and test 4) Get DNS setup properly to direct people to the proxy servers in a RR format 5) mod_geoip.
4) is still a little fuzzy in my mind. Right now we're using Bind for DNS and, AFAIK, the version we're using does not have support for geoip. So my thought is using mod_geoip to direct people to (for example) de1.fedoraproject.org or us2.fedoraproject.org. I'm still a little unclear on the best way to do this in our environment. Those keeping an eye on the commit logs will have noticed the odd commit for t.fedoraproject.org. So, for example:
ping -c1 t.fedoraproject.org
For me seems to do the right thing. I get basically a RR balanced IP between 3 addresses (fp.o, yahoo and google) I just picked two ip's that weren't ours to balance around. The thing, for me at least, is I get fp.o every time if I use FireFox. This is over many days on different computers. I've seen FF bring up the google ip once. So I ask those on the list to go to http://t.fedoraproject.org/ and just tell me what you get. Or, even better, explain to me what the heck is going on there, I have one theory about first requests to DNS vs named caching in FF and name caching elsewhere. But we've had different people get many different results (some get wget to RR, some with wget always get the same thing, same with curl, lynx, w3m, and HEAD) More investigation is needed.
2) is something I'm working on now. VPN will only be for external servers (not users). We've actually already had a few issues we've had to overcome in strange ways from external servers that could have been fixed by a VPN. (puppet and bacula backups immediately come to mind) We'll tightly control (iptables) what these boxes have access to on the vpn server (bastion). We'll keep the ttl on our load balanced products lower so that if something does go wrong with one of them, we can easily take it out of the mix.
The reason for 2) is so we don't have to maintain multiple different proxy server types. If we use VPN we can treat each server the same, just like the ones we have now which keeps it maintainable.
Questions / Comments / Suggestions?
-Mike
On Fri, 2007-09-07 at 17:03 -0500, Mike McGrath wrote:
So I ask those on the list to go to http://t.fedoraproject.org/ and just tell me what you get.
Google, at the moment.
Graeme
On 9/7/07, Graeme Fowler graeme@graemef.net wrote:
On Fri, 2007-09-07 at 17:03 -0500, Mike McGrath wrote:
So I ask those on the list to go to http://t.fedoraproject.org/ and just
tell
me what you get.
Google, at the moment.
Graeme
FP.O (Using Firefox)
Google English..
Graeme Fowler wrote:
On Fri, 2007-09-07 at 17:03 -0500, Mike McGrath wrote:
So I ask those on the list to go to http://t.fedoraproject.org/ and just tell me what you get.
Google, at the moment.
Graeme
Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
On Sep 7, 2007, at 6:03 PM, Mike McGrath wrote:
So I ask those on the list to go to http://t.fedoraproject.org/ and just tell me what you get.
I get Google in Firefox, Safari, Opera, and curl on Mac OS X. I tried them in that order, so I'm not sure which results are do to DNS caching.
-Eric Kerby
Google, on Firefox and Safari on MacOS X.
On 9/7/07 3:03 PM, "Mike McGrath" mmcgrath@redhat.com spake:
As we talked about in the meeting yesterday we have a new sponsor (http://www.teliasonera.com/). There are a couple of others in the works (I don't want to officially announce until its finalized) but one thing is clear. Pretty soon we're going to have multiple proxy servers outside of PHX. The end goal here would be to use mod_geoip to re-direct people to their nearest location but we're going to take baby steps to get there. Here are the steps as I see them.
- Finalize the caching stuff paulobanon has been working on.
- VPN
- Setup 1 remote proxy server and test
- Get DNS setup properly to direct people to the proxy servers in a RR
format 5) mod_geoip.
- is still a little fuzzy in my mind. Right now we're using Bind for
DNS and, AFAIK, the version we're using does not have support for geoip. So my thought is using mod_geoip to direct people to (for example) de1.fedoraproject.org or us2.fedoraproject.org. I'm still a little unclear on the best way to do this in our environment. Those keeping an eye on the commit logs will have noticed the odd commit for t.fedoraproject.org. So, for example:
ping -c1 t.fedoraproject.org
For me seems to do the right thing. I get basically a RR balanced IP between 3 addresses (fp.o, yahoo and google) I just picked two ip's that weren't ours to balance around. The thing, for me at least, is I get fp.o every time if I use FireFox. This is over many days on different computers. I've seen FF bring up the google ip once. So I ask those on the list to go to http://t.fedoraproject.org/ and just tell me what you get. Or, even better, explain to me what the heck is going on there, I have one theory about first requests to DNS vs named caching in FF and name caching elsewhere. But we've had different people get many different results (some get wget to RR, some with wget always get the same thing, same with curl, lynx, w3m, and HEAD) More investigation is needed.
- is something I'm working on now. VPN will only be for external
servers (not users). We've actually already had a few issues we've had to overcome in strange ways from external servers that could have been fixed by a VPN. (puppet and bacula backups immediately come to mind) We'll tightly control (iptables) what these boxes have access to on the vpn server (bastion). We'll keep the ttl on our load balanced products lower so that if something does go wrong with one of them, we can easily take it out of the mix.
The reason for 2) is so we don't have to maintain multiple different proxy server types. If we use VPN we can treat each server the same, just like the ones we have now which keeps it maintainable.
Questions / Comments / Suggestions?
-Mike
Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
I get http://fedoraproject.org/ with Firefox.
Regards, Debarshi
FF - Yahoo IE7 - Yahoo
On 9/8/07, Debarshi 'Rishi' Ray debarshi.ray@gmail.com wrote:
I get http://fedoraproject.org/ with Firefox.
Regards, Debarshi -- GPG key ID: 63D4A5A7 Key server: pgp.mit.edu
Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Mike McGrath wrote:
As we talked about in the meeting yesterday we have a new sponsor (http://www.teliasonera.com/). There are a couple of others in the works (I don't want to officially announce until its finalized) but one thing is clear. Pretty soon we're going to have multiple proxy servers outside of PHX. The end goal here would be to use mod_geoip to re-direct people to their nearest location but we're going to take baby steps to get there. Here are the steps as I see them.
- Finalize the caching stuff paulobanon has been working on.
- VPN
- Setup 1 remote proxy server and test
- Get DNS setup properly to direct people to the proxy servers in a
RR format 5) mod_geoip.
- is still a little fuzzy in my mind. Right now we're using Bind for
DNS and, AFAIK, the version we're using does not have support for geoip. So my thought is using mod_geoip to direct people to (for example) de1.fedoraproject.org or us2.fedoraproject.org. I'm still a little unclear on the best way to do this in our environment. Those keeping an eye on the commit logs will have noticed the odd commit for t.fedoraproject.org. So, for example:
ping -c1 t.fedoraproject.org
For me seems to do the right thing. I get basically a RR balanced IP between 3 addresses (fp.o, yahoo and google) I just picked two ip's that weren't ours to balance around. The thing, for me at least, is I get fp.o every time if I use FireFox. This is over many days on different computers. I've seen FF bring up the google ip once. So I ask those on the list to go to http://t.fedoraproject.org/ and just tell me what you get. Or, even better, explain to me what the heck is going on there, I have one theory about first requests to DNS vs named caching in FF and name caching elsewhere. But we've had different people get many different results (some get wget to RR, some with wget always get the same thing, same with curl, lynx, w3m, and HEAD) More investigation is needed.
- is something I'm working on now. VPN will only be for external
servers (not users). We've actually already had a few issues we've had to overcome in strange ways from external servers that could have been fixed by a VPN. (puppet and bacula backups immediately come to mind) We'll tightly control (iptables) what these boxes have access to on the vpn server (bastion). We'll keep the ttl on our load balanced products lower so that if something does go wrong with one of them, we can easily take it out of the mix.
The reason for 2) is so we don't have to maintain multiple different proxy server types. If we use VPN we can treat each server the same, just like the ones we have now which keeps it maintainable.
Questions / Comments / Suggestions?
-Mike
Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
I get fp.o with Firefox.
Tim
Mike McGrath さんは書きました:
So I ask those on the list to go to http://t.fedoraproject.org/ and just tell me what you get.
Firefox on my F7 box and rawhide box sent me to fp.o.
Jens
infrastructure@lists.fedoraproject.org
-
Anand Capur -
Debarshi Ray -
Eric Kerby -
Graeme Fowler -
Jens-Ulrik Petersen -
Mike McGrath -
Paulo Santos -
Ryan Ordway -
Scott Thistle -
Tim Lauridsen