Apache 1.3 patch for ProxyPreserveHost
Thursday, 09. 17. 2009 – Category: vague
Patch against Apache 1.3.41 ((Yep, still running 1.3 around the place)) to backport the ProxyPreserveHost feature. I can’t remember where I found it now, but I’ve tweaked it through a few Apache revisions.
Useful for migrating sites from one host to another before or during DNS propagation.
That said, I’m using Varnish and HAProxy an increasing amount for such plumbing.
irssi client certificate patch
Thursday, 09. 17. 2009 – Category: sw
Casual Firewall / VPN benchmarking
Wednesday, 08. 12. 2009 – Category: vague
Two datacentres, each with a pair of 2.5GHz Xeon firewalls running OpenBSD. Benching with iperf yielded the following:
- Between firewall pair, LAN
[ 3] 0.0-10.0 sec 1.00 GBytes 860 Mbits/sec [ 3] 0.0-10.0 sec 1.00 GBytes 860 Mbits/sec [ 3] 0.0-10.0 sec 1017 MBytes 853 Mbits/sec
-
Firewall to firewall between DCs, outside VPN, no PF
[ 3] 0.0-10.0 sec 1.02 GBytes 873 Mbits/sec [ 3] 0.0-10.0 sec 992 MBytes 832 Mbits/sec [ 3] 0.0-10.0 sec 986 MBytes 827 Mbits/sec
-
Firewall to remote internal host, outside VPN, through PF NAT (rdr)
[ 3] 0.0-10.0 sec 260 MBytes 218 Mbits/sec [ 3] 0.0-10.0 sec 202 MBytes 170 Mbits/sec [ 3] 0.0-12.3 sec 333 MBytes 228 Mbits/sec
- Internal host to internal host, over IPsec VPN (ESP), through PF
[ 3] 0.0-10.1 sec 43.9 MBytes 36.4 Mbits/sec [ 3] 0.0-10.1 sec 26.2 MBytes 21.8 Mbits/sec [ 3] 0.0-11.3 sec 28.0 MBytes 20.8 Mbits/sec
- Internal host to internal host, over OpenVPN, through PF
[ 3] 0.0-10.0 sec 161 MBytes 134 Mbits/sec [ 3] 0.0-10.0 sec 144 MBytes 121 Mbits/sec [ 3] 0.0-10.0 sec 145 MBytes 121 Mbits/sec
Care was taken to use optimal ciphers, appropriate MTU / MSS and the TCP stack was tuned throughout.
- IPsec really hurts without hardware acceleration
- There’s a surprisingly large hit for just NAT
- Neither VPN technologies can benefit from the multiple cores available to them
- OpenVPN’s speed is appealing, but it lacks the smooth route to high availability of CARP + pfsync + sasync of IPsec on OpenBSD
Recent articles
- Docker, SELinux, Consul, Registrator
(Wednesday, 04. 29. 2015 – No Comments) - ZFS performance on FreeBSD
(Tuesday, 09. 16. 2014 – No Comments) - Controlling Exim SMTP behaviour from Dovecot password data
(Wednesday, 09. 3. 2014 – No Comments) - Heartbleed OpenSSL vulnerability
(Tuesday, 04. 8. 2014 – No Comments)
Archives
- April 2015
- September 2014
- April 2014
- September 2013
- August 2013
- March 2013
- April 2012
- March 2012
- September 2011
- June 2011
- February 2011
- January 2011
- October 2010
- September 2010
- February 2010
- September 2009
- August 2009
- January 2009
- September 2008
- August 2008
- July 2008
- May 2008
- April 2008
- February 2008
- January 2008
- November 2007
- October 2007
- September 2007
- August 2007
- December 2006
- November 2006
- August 2006
- June 2006
- May 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005