User Commands PEN(1) NAME pen SYNOPSIS pen [-b sec] [-S N] [-c N] [-e host:port] [-t sec] [-x N] [-j dir] [-u user] [-F cfgfile] [-l logfile] [-p file ] [-w file] [-C port] [-T sec] [-HWXadfhnrs] [-E certfile] [-K keyfile] [-G cacertfile] [-A cacertdir] [-Z] [-R] [-L proto- col] [host:]port h1[:p1[:maxc1]] [h2[:p2[:maxc2]]] ... EXAMPLE pen 80 www1:8000:10 www2:80:10 www3 Here three servers cooperate in a web server farm. Host www1 runs its web server on port 8000 and accepts a maximum of 10 simultaneous connections. Host www2 runs on port 80 and accepts 10 connections. Finally, www3 runs its web server on port 80 and allows an unlimited number of simultaneous con- nections. DESCRIPTION _P_e_n is a load balancer for tcp based protocols such as http or smtp. It allows several servers to appear as one to the outside and automatically detects servers that are down and distributes clients among the available servers. This gives high availability and scalable performance. The load balancing algorithm keeps track of clients and will try to send them back to the server they visited the last time. The client table has a number of slots (default 2048, settable through command-line arguments). When the table is full, the least recently used one will be thrown out to make room for the new one. This is superior to a simple round-robin algorithm, which sends a client that connects repeatedly to different servers. Doing so breaks applications that maintain state between connections in the server, including most modern web applications. When pen detects that a server is unavailable, it scans for another starting with the server after the most recently used one. That way we get load balancing and "fair" failover for free. Correctly configured, pen can ensure that a server farm is always available, even when individual servers are brought down for maintenance or reconfiguration. The final single point of failure, pen itself, can be eliminated by running SunOS 5.11 Last change: 25 Mar 2008 1 User Commands PEN(1) pen on several servers, using vrrp to decide which is active. Sending pen a USR1 signal will make it print some useful statistics on stderr, even if debugging is disabled. If pen is running in the background (i.e. without the -f option), syslog is used rather than stderr. If the -w option is used, the statistics is saved in HTML format in the given file. Sending pen a HUP signal will make it close and reopen the logfile, if logging is enabled, and reload the configuration file. Rotate the log like this (assuming pen.log is the name of the logfile): mv pen.log pen.log.1 kill -HUP `cat ` where is the file containing pen's process id, as written by the -p option. Sending pen a TERM signal will make it exit cleanly, closing the log file and all open sockets. OPTIONS -C _p_o_r_t Specifies a control port where the load balancer listens for commands. -F _c_f_g_f_i_l_e Names a configuration file with commands in penctl for- mat (see penctl.1). The file is read after processing all command line arguments, and also after receiving a HUP signal. -H Adds X-Forwarded-For header to http requests. -P Use poll() for event notification. -Q Use kqueue() for event notification (BSD). -W Use weight for server selection. -X Adds an exit command to the control interface. -a Used in conjunction with -dd to get communication dumps in ascii rather than hexadecimal format. -b _s_e_c Servers that do not respond are blacklisted, i.e. excluded from the server selection algorithm, for the SunOS 5.11 Last change: 25 Mar 2008 2 User Commands PEN(1) specified number of seconds (default 30). -T _s_e_c Clients are tracked for the specified number of seconds so they can be sent to the same server as the last time (default 0 = never expire clients). -S _N Max number of servers (default 16). -c _N Max number of clients (default 2048). -d Debugging (repeat -d for more). The output goes to stderr if we are running in the foreground (see -f) and to syslog (facility user, priority debug) otherwise. -e _h_o_s_t:_p_o_r_t host:port specifies the emergency server to contact if all regular servers become unavailable. -f Stay in foreground. -h Use a hash on the client IP address for the initial server selection. This makes it more predictable where clients will be connected. -j _d_i_r Run in a chroot environment. -l _f_i_l_e Turn on logging. -n Nonblocking. -p _f_i_l_e Write the pid of the running daemon to _f_i_l_e. -r Go straight into round-robin server selection without looking up which server a client used the last time. -s Stubborn server selection: if the initial choice is unavailable, the client connection is closed without trying another server. -t _s_e_c Connect timeout in seconds (default 5). -u _u_s_e_r Run as a different user. -x _N Max number of simultaneous connections (default 256). -w _f_i_l_e SunOS 5.11 Last change: 25 Mar 2008 3 User Commands PEN(1) File for status reports in HTML format. -E _c_e_r_t_f_i_l_e Use the given certificate in PEM format. -K _k_e_y_f_i_l_e Use the given key in PEM format (may be contained in cert). -G _c_a_c_e_r_t_f_i_l_e File containing the CA's certificate. -A _c_a_c_e_r_t_d_i_r Directory containing CA certificates in hashed format. -Z Use SSL compatibility mode. -R Require valid peer certificate. -L _p_r_o_t_o_c_o_l ssl23 (default), ssl2, ssl3 or tls1. host:port The local address and port pen listens to. By default pen listens to all local addresses. h1:p1:soft:hard The address, port and maximum number of simultaneous connections for a remote server. By default, the port is the same as the local port, and the soft limit on the number of connections is unlimited. The hard limit is used for clients which have accessed the server before. LIMITATIONS Pen runs in a single process, and opens two sockets for each connection. Depending on kernel configuration, pen can run out of file descriptors. The SSL support is only available if pen was built with the --with-ssl option. The SSL code is currently experimental (release 0.13.0). SEE ALSO penctl(1), mergelogs(1) AUTHOR Copyright (C) 2001-2004 Ulric Eriksson, . SunOS 5.11 Last change: 25 Mar 2008 4 User Commands PEN(1) ACKNOWLEDGEMENTS In part inspired by balance by Thomas Obermair. ATTRIBUTES See attributes(5) for descriptions of the following attri- butes: _______________________________________ | ATTRIBUTE TYPE | ATTRIBUTE VALUE| |_________________________________________|____________________________________|_ | Availability | SUNWpen | |_________________________________________|____________________________________|_ | Interface Stability| Uncommitted | |_____________________|__________________| NOTES The Pen project is located at http://siag.nu/pen. Source for Pen is available on http://opensolaris.org. SunOS 5.11 Last change: 25 Mar 2008 5