per-entity - Re: [Per-Entity] Revisions to our final report
Subject: Per-Entity Metadata Working Group
List archive
- From: Thomas Lenggenhager <>
- To: Scott Koranda <>
- Cc: Per-Entity Metadata Working Group <>
- Subject: Re: [Per-Entity] Revisions to our final report
- Date: Tue, 25 Oct 2016 10:46:26 +0200
- Ironport-phdr: 9a23:FgcPABZq6eLE5e9OAcPcmPX/LSx+4OfEezUN459isYplN5qZpcy9bnLW6fgltlLVR4KTs6sC0LWG9f27EjVdqb+681k8M7V0HycfjssXmwFySOWkMmbcaMDQUiohAc5ZX0Vk9XzoeWJcGcL5ekGA6ibqtW1aMlzFOAF0PuX4HJLJx4Tyjrjqus6bXwIdvzG6fa86DxKspAPdv4FCmohlMK83xhLhrX5BeuAQzmRtcwG9hRH5s/uw+5tq6Gx0tvQu+MNGUaz1cr5wGbhVCjspPmY17cLmrzHYUgqT7XtaWWVAwUkAOBTM8ByvBsS5iSD9rOconXDCZcA=
- Organization: SWITCH
Hi Scott,
Thanks for your detailed answer.
We use IP Anycast since many years with our two geographically distant WAYF instances. It does not share the load evenly but the failover works great. Only once we had an issue due to some misconfiguration within the IP Anycast 'mechanism' when a failed instance was not properly removed.
Since a few years we use the IP Anycast also for our IdPs (the one for SWITCH as well all the hosted/managed ones we operate). We use an active-standby setup with a manual hand-over process.
So we will reuse IP Anycast for our per-entity metadata service we will liekly setup next year.
Thomas
On 21.10.16 14:07, Scott Koranda wrote:
Hi Thomas,
I guess CDNs in combination with IP Anycast could be a suitable approach.
The single IP Anycast address should avoid the issues with for Java and
libcurl Scott brought up.
Scott Cantor asked Brent Putman to look in detail at the Java
situation. You can see his detailed reply at
http://marc.info/?l=shibboleth-dev&m=147639642710536&w=2
In short it appears that Java "does the right thing".
We also have "hints" that libcurl "does the right thing". See
for example this code in GitHub:
https://github.com/curl/curl/blob/master/lib/connect.c#L1156
More research and testing with libcurl would be helpful if
anyone has time.
Having written all that...
A quick Google search provided the following three CDNs that offer IP
Anycast:
https://blog.cloudflare.com/a-brief-anycast-primer/
https://www.maxcdn.com/blog/anycast-ip-routing-used-maxcdn/
https://www.keycdn.com/support/anycast/
What do you think about this approach?
I think anycast CDNs should also be considered.
LIGO has some limited experience with anycasting. We didn't
investigate CDNs using anycasting but we did set up a test/dev
tier of IdPs with anycasting to test an approach to "global
HA".
It looked like it would work well for us but then the people
with the knowledge left the project so the approach has been
put on hold for the time being.
Thanks,
Scott K for LIGO
--
SWITCH
------
Thomas Lenggenhager
P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 1505 direct +41 44 268 1541
https://www.switch.ch
- [Per-Entity] Revisions to our final report, David Walker, 10/14/2016
- Re: [Per-Entity] Revisions to our final report, Thomas Lenggenhager, 10/18/2016
- RE: [Per-Entity] Revisions to our final report, Cantor, Scott, 10/18/2016
- Re: [Per-Entity] Revisions to our final report, Scott Koranda, 10/21/2016
- Re: [Per-Entity] Revisions to our final report, Thomas Lenggenhager, 10/25/2016
- Re: [Per-Entity] Revisions to our final report, Thomas Lenggenhager, 10/18/2016
Archive powered by MHonArc 2.6.19.