Apache 1.3 patch for ProxyPreserveHost
Thursday, 17. 09. 2009 – Category: vague
Patch against Apache 1.3.411 to backport the ProxyPreserveHost feature. I can’t remember where I found it now, but I’ve tweaked it through a few Apache revisions.
Useful for migrating sites from one host to another before or during DNS propagation.
That said, I’m using Varnish and HAProxy an increasing amount for such plumbing.
- Yep, still running 1.3 around the place [↩]
irssi client certificate patch
Thursday, 17. 09. 2009 – Category: sw
Casual Firewall / VPN benchmarking
Wednesday, 12. 08. 2009 – Category: vague
Two datacentres, each with a pair of 2.5GHz Xeon firewalls running OpenBSD. Benching with iperf yielded the following:
- Between firewall pair, LAN
[ 3] 0.0-10.0 sec 1.00 GBytes 860 Mbits/sec
[ 3] 0.0-10.0 sec 1.00 GBytes 860 Mbits/sec
[ 3] 0.0-10.0 sec 1017 MBytes 853 Mbits/sec -
Firewall to firewall between DCs, outside VPN, no PF
[ 3] 0.0-10.0 sec 1.02 GBytes 873 Mbits/sec
[ 3] 0.0-10.0 sec 992 MBytes 832 Mbits/sec
[ 3] 0.0-10.0 sec 986 MBytes 827 Mbits/sec -
Firewall to remote internal host, outside VPN, through PF NAT (rdr)
[ 3] 0.0-10.0 sec 260 MBytes 218 Mbits/sec
[ 3] 0.0-10.0 sec 202 MBytes 170 Mbits/sec
[ 3] 0.0-12.3 sec 333 MBytes 228 Mbits/sec - Internal host to internal host, over IPsec VPN (ESP), through PF
[ 3] 0.0-10.1 sec 43.9 MBytes 36.4 Mbits/sec
[ 3] 0.0-10.1 sec 26.2 MBytes 21.8 Mbits/sec
[ 3] 0.0-11.3 sec 28.0 MBytes 20.8 Mbits/sec - Internal host to internal host, over OpenVPN, through PF
[ 3] 0.0-10.0 sec 161 MBytes 134 Mbits/sec
[ 3] 0.0-10.0 sec 144 MBytes 121 Mbits/sec
[ 3] 0.0-10.0 sec 145 MBytes 121 Mbits/sec
Care was taken to use optimal ciphers, appropriate MTU / MSS and the TCP stack was tuned throughout.
- IPsec really hurts without hardware acceleration
- There’s a surprisingly large hit for just NAT
- Neither VPN technologies can benefit from the multiple cores available to them
- OpenVPN’s speed is appealing, but it lacks the smooth route to high availability of CARP + pfsync + sasync of IPsec on OpenBSD
Recent articles
- URL handlers on OS X
(Friday, 20. 04. 2012 – No Comments) - httperf on Linux
(Monday, 16. 04. 2012 – No Comments) - Moving disks from Xen to KVM
(Sunday, 8. 04. 2012 – No Comments) - Directory sizes and filesystems
(Monday, 19. 03. 2012 – No Comments)
Archives
- April 2012
- March 2012
- September 2011
- June 2011
- February 2011
- January 2011
- October 2010
- September 2010
- February 2010
- September 2009
- August 2009
- January 2009
- September 2008
- August 2008
- July 2008
- May 2008
- April 2008
- February 2008
- January 2008
- November 2007
- October 2007
- September 2007
- August 2007
- December 2006
- November 2006
- August 2006
- June 2006
- May 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
Meta
