Man Linux: Main Page and Category List

NAME

       pen - Load balancer for "simple" tcp based protocols

SYNOPSIS

       pen [-b sec] [-S N] [-c N] [-e host:port] [-t sec] [-x N] [-j dir] [-u
       user] [-F cfgfile] [-l logfile] [-p file ] [-w file] [-C port] [-T sec]
       [-HWXadfhnrs] [-o option] [-E certfile] [-K keyfile] [-G cacertfile]
       [-A cacertdir] [-Z] [-R] [-L protocol] [host:]port
       h1[:p1[:maxc1[:hard1[:weight1[:prio1]]]]]
       [h2[:p2[:maxc2[:hard2[:weight2[:prio2]]]]]] ...

EXAMPLE

       pen 80 www1:8000:10 www2:80:10 www3

       Here three servers cooperate in a web server farm. Host www1  runs  its
       web  server  on  port  8000  and  accepts  a maximum of 10 simultaneous
       connections.  Host www2 runs on port 80  and  accepts  10  connections.
       Finally,  www3  runs  its web server on port 80 and allows an unlimited
       number of simultaneous connections.

DESCRIPTION

       Pen is a load balancer for tcp based protocols such as http or smtp. It
       allows   several   servers   to  appear  as  one  to  the  outside  and
       automatically detects servers that are  down  and  distributes  clients
       among  the available servers. This gives high availability and scalable
       performance.

       The load balancing algorithm keeps track of clients  and  will  try  to
       send  them  back  to  the server they visited the last time. The client
       table has a number of slots (default 2048,  settable  through  command-
       line  arguments).  When  the table is full, the least recently used one
       will be thrown out to make room for the new one.

       This is superior to a  simple  round-robin  algorithm,  which  sends  a
       client  that  connects repeatedly to different servers. Doing so breaks
       applications that maintain state between  connections  in  the  server,
       including most modern web applications.

       When  pen  detects  that  a server is unavailable, it scans for another
       starting with the server after the most recently used one. That way  we
       get load balancing and "fair" failover for free.

       Correctly  configured,  pen  can  ensure  that  a server farm is always
       available,  even  when  individual  servers  are   brought   down   for
       maintenance  or reconfiguration. The final single point of failure, pen
       itself, can be eliminated by running pen on several servers, using vrrp
       to decide which is active.

       Sending  pen a USR1 signal will make it print some useful statistics on
       stderr, even if debugging  is  disabled.  If  pen  is  running  in  the
       background  (i.e.   without  the -f option), syslog is used rather than
       stderr. If the -w option is used,  the  statistics  is  saved  in  HTML
       format in the given file.

       Sending  pen a HUP signal will make it close and reopen the logfile, if
       logging is enabled, and reload the configuration file.

       Rotate the log like this (assuming pen.log is the name of the logfile):

       mv pen.log pen.log.1 kill -HUP ‘cat <pidfile>‘

       where  <pidfile> is the file containing pen’s process id, as written by
       the -p option.

       Sending pen a TERM signal will make it exit cleanly,  closing  the  log
       file and all open sockets.

OPTIONS

       -C port
              Specifies  a  control  port  where the load balancer listens for
              commands.

       -F cfgfile
              Names a configuration file with commands in penctl  format  (see
              penctl.1).  The  file  is read after processing all command line
              arguments, and also after receiving a HUP signal.

       -H     Adds X-Forwarded-For header to http requests.

       -P     Use poll() for event notification.

       -Q     Use kqueue() for event notification (BSD).

       -W     Use weight for server selection.

       -X     Adds an exit command to the control interface.

       -a     Used in conjunction with -dd to get communication dumps in ascii
              rather than hexadecimal format.

       -b sec Servers  that do not respond are blacklisted, i.e. excluded from
              the server selection algorithm,  for  the  specified  number  of
              seconds (default 30).

       -T sec Clients  are tracked for the specified number of seconds so they
              can be sent to the same server as the last  time  (default  0  =
              never expire clients).

       -S N   Max number of servers (default 16).

       -c N   Max number of clients (default 2048).

       -d     Debugging  (repeat -d for more). The output goes to stderr if we
              are running in the foreground (see -f) and to  syslog  (facility
              user, priority debug) otherwise.

       -e host:port
              host:port  specifies  the  emergency  server  to  contact if all
              regular servers become unavailable.

       -f     Stay in foreground.

       -h     Use a hash on the client  IP  address  for  the  initial  server
              selection.  This makes it more predictable where clients will be
              connected.

       -j dir Run in a chroot environment.

       -l file
              Turn on logging.

       -n     Nonblocking.

       -p file
              Write the pid of the running daemon to file.

       -r     Go straight into round-robin server selection without looking up
              which server a client used the last time.

       -s     Stubborn server selection: if the initial choice is unavailable,
              the client connection is closed without trying another server.

       -t sec Connect timeout in seconds (default 5).

       -u user
              Run as a different user.

       -x N   Max number of simultaneous connections (default 256).

       -w file
              File for status reports in HTML format.

       -o option
              Use option in penctl format.

       -E certfile
              Use the given certificate in PEM format.

       -K keyfile
              Use the given key in PEM format (may be contained in cert).

       -G cacertfile
              File containing the CA’s certificate.

       -A cacertdir
              Directory containing CA certificates in hashed format.

       -Z     Use SSL compatibility mode.

       -R     Require valid peer certificate.

       -L protocol
              ssl23 (default), ssl2, ssl3 or tls1.

       host:port
              The local address and  port  pen  listens  to.  By  default  pen
              listens to all local addresses.

       h1:p1:soft:hard:weight:prio
              The address, port and maximum number of simultaneous connections
              for a remote server. By default, the port is  the  same  as  the
              local  port,  and the soft limit on the number of connections is
              unlimited. The  hard  limit  is  used  for  clients  which  have
              accessed  the  server  before.  The weight and prio are used for
              the weight- and priority-based server selection algorithms.

LIMITATIONS

       Pen  runs  in  a  single  process,  and  opens  two  sockets  for  each
       connection.  Depending on kernel configuration, pen can run out of file
       descriptors.

       The SSL support is only available if pen was built with the  --with-ssl
       option. The SSL code is currently experimental (release 0.13.0).

SEE ALSO

       penctl(1), dwatch(1), mergelogs(1), webresolve(1)

AUTHOR

       Copyright (C) 2001-2008 Ulric Eriksson, <ulric@siag.nu>.

ACKNOWLEDGEMENTS

       In part inspired by balance by Thomas Obermair.

                                     LOCAL