salil GK
2018-05-25 16:27:08 UTC
Hello
I have a ATS ( 6.2.2 ) deployed in my server for Forward proxy. My
deployment is as follows
client -> ATS-1 -> ATS-2 -> "Origin server”
Here between ATS-1 and ATS-2 I have created ssh tunnels and
traffic will be passed through that tunnel, using parent.config.
ATS-1 is opening a MTLS socket to client and "Origin server" is https
I have some questions regarding the capability of ATS.
1. From ATS-2 there will be a dns A query and get the address resolved
before connecting to "Origin Server”
If dns server return 2 or three addresses, is there any way
ATS use the alternative address ( second or third ) in case it fails
to reach first address ? How dns resolution works in ATS, is the dns
functionality embedded in dns or it allow the system to resolve the
address ?
2. I have a cluster of ATS-2 ( two ATS-2 machines.) in my
parent.config I have specified these two ATS-2 machines and
round_robin parameters is set to true. From document, I guess the
round_robin will happen if request come from different IP addresses (
? ). All requests come from same IP address will take same parent
machine only. Is there any way I can have round robin in place even
for requests come from same IP address ?
3. Is there any chance that http connection to origin server from
ATS-2 can be made persistent.
4. Since this is multi hop deployment I need to handle error
condition in ATS-1 and ATS-2 gracefully. So based on the HTTP response
code, I would like to put some logic for handling this. For example,
if an error is returned from the origin server, or if there is any
network issue between ATS-2 and origin server, I need to handle it in
ATS-1 ( logging or try another ATS-2 etc ). How do I achieve this ?
Any help on this would be of great help for me.
Thanks
~S
I have a ATS ( 6.2.2 ) deployed in my server for Forward proxy. My
deployment is as follows
client -> ATS-1 -> ATS-2 -> "Origin server”
Here between ATS-1 and ATS-2 I have created ssh tunnels and
traffic will be passed through that tunnel, using parent.config.
ATS-1 is opening a MTLS socket to client and "Origin server" is https
I have some questions regarding the capability of ATS.
1. From ATS-2 there will be a dns A query and get the address resolved
before connecting to "Origin Server”
If dns server return 2 or three addresses, is there any way
ATS use the alternative address ( second or third ) in case it fails
to reach first address ? How dns resolution works in ATS, is the dns
functionality embedded in dns or it allow the system to resolve the
address ?
2. I have a cluster of ATS-2 ( two ATS-2 machines.) in my
parent.config I have specified these two ATS-2 machines and
round_robin parameters is set to true. From document, I guess the
round_robin will happen if request come from different IP addresses (
? ). All requests come from same IP address will take same parent
machine only. Is there any way I can have round robin in place even
for requests come from same IP address ?
3. Is there any chance that http connection to origin server from
ATS-2 can be made persistent.
4. Since this is multi hop deployment I need to handle error
condition in ATS-1 and ATS-2 gracefully. So based on the HTTP response
code, I would like to put some logic for handling this. For example,
if an error is returned from the origin server, or if there is any
network issue between ATS-2 and origin server, I need to handle it in
ATS-1 ( logging or try another ATS-2 etc ). How do I achieve this ?
Any help on this would be of great help for me.
Thanks
~S