crossroads

crossroads.html (129102B)

---

 <a name="defs.yo"></a><html><head>
 <title>Crossroads 1.23</title>
 <link rel="stylesheet" type="text/css" href="http://www.e-tunity.com/css/yodl.css">
 <link rel="stylesheet" type="text/css" href="http://www.e-tunity.com/css/yodl.css">
 <link rev="made" href="mailto:info@e-tunity.com">
 </head>
 <body>
 <hr>
 <h1>Crossroads 1.23</h1>
 <h2>Karel Kubat</h2>
 
 <h2>e-tunity</h2><h2>2005, 2006, ff.</h2>
 
 <blockquote><em>Crossroads is a load balance and fail over utility for TCP
          based services. It is a daemon program running in user
          space, and features extensive configurability, polling of
          back ends using 'wakeup calls', detailed status reporting,
          'hooks' for special actions when backend calls fail, and much
          more. Crossroads is service-independent: it is usable for
          HTTP/HTTPS, SSH, SMTP, DNS, etc. In the case of HTTP
          balancing, Crossroads can modify HTTP headers, e.g. to
          provide 'session stickiness' for
          back-end processes that need sessions, but aren't
          session-aware of other back-ends.</em></blockquote>
 
 <h1>Table of Contents</h1>
 <dl>
 <dl>
 <dt><h3><a href="#l1">1: Introduction</a></h3></dt>
 <dl>
 <dt><a href="#l2">1.1: Obtaining Crossroads</a></dt>
 <dt><a href="#l3">1.2: Copyright and Disclaimer</a></dt>
 <dt><a href="#l4">1.3: Terminology</a></dt>
 <dt><a href="#l5">1.4: Porting issues for pre-1.21 installations</a></dt>
 <dt><a href="#l6">1.5: Porting issues for pre-0.26 installations</a></dt>
 <dt><a href="#l7">1.6: Porting issues for pre-1.08 installations</a></dt>
 </dl>
 <dt><h3><a href="#l8">2: Installation for the impatient</a></h3></dt>
 <dt><h3><a href="#l9">3: Using Crossroads</a></h3></dt>
 <dl>
 <dt><a href="#l10">3.1: General Commandline Syntax</a></dt>
 <dt><a href="#l11">3.2: Logging-related options</a></dt>
 <dt><a href="#l12">3.3: Reloading Configurations</a></dt>
 </dl>
 <dt><h3><a href="#l13">4: The configuration</a></h3></dt>
 <dl>
 <dt><a href="#l14">4.1: General language elements</a></dt>
 <dl>
 <dt><a href="#l15">4.1.1: Empty lines and comments</a></dt>
 <dt><a href="#l16">4.1.2: Keywords, numbers, identifiers, generic strings</a></dt>
 </dl>
 <dt><a href="#l17">4.2: Service definitions</a></dt>
 <dl>
 <dt><a href="#l18">4.2.1: type - Defining the service type</a></dt>
 <dt><a href="#l19">4.2.2: port - Specifying the listen port</a></dt>
 <dt><a href="#l20">4.2.3: bindto - Binding to a specific IP address</a></dt>
 <dt><a href="#l21">4.2.4: verbosity - Controlling debug output</a></dt>
 <dt><a href="#l22">4.2.5: dispatchmode - How are back ends selected</a></dt>
 <dt><a href="#l23">4.2.6: revivinginterval - Back end wakeup calls</a></dt>
 <dt><a href="#l24">4.2.7: maxconnections - Limiting concurrent clients at service level</a></dt>
 <dt><a href="#l25">4.2.8: backlog - The TCP Back Log size</a></dt>
 <dt><a href="#l26">4.2.9: shmkey - Shared Memory Access</a></dt>
 <dt><a href="#l27">4.2.10: allow* and deny* - Allowing or denying connections</a></dt>
 <dt><a href="#l28">4.2.11: useraccount - Limiting the effective ID of external processes</a></dt>
 </dl>
 <dt><a href="#l29">4.3: Backend definitions</a></dt>
 <dl>
 <dt><a href="#l30">4.3.1: server - Specifying the back end address</a></dt>
 <dt><a href="#l31">4.3.2: verbosity - Controlling verbosity at the back end level</a></dt>
 <dt><a href="#l32">4.3.3: weight - When a back end is more equal than others</a></dt>
 <dt><a href="#l33">4.3.4: decay - Levelling out activity of a back end</a></dt>
 <dt><a href="#l34">4.3.5: onstart, onend, onfail - Action Hooks</a></dt>
 <dt><a href="#l35">4.3.6: trafficlog and throughputlog - Debugging and Performance Aids</a></dt>
 <dt><a href="#l36">4.3.7: stickycookie - Back end selection with an HTTP cookie</a></dt>
 <dt><a href="#l37">4.3.8: HTTP Header Modification Directives</a></dt>
 </dl>
 </dl>
 <dt><h3><a href="#l38">5: Tips, Tricks and Remarks</a></h3></dt>
 <dl>
 <dt><a href="#l39">5.1: How back ends are selected in load balancing</a></dt>
 <dl>
 <dt><a href="#l40">5.1.1: Bysize, byduration or byconnections?</a></dt>
 <dt><a href="#l41">5.1.2: Averaging size and duration</a></dt>
 <dt><a href="#l42">5.1.3: Specifying decays</a></dt>
 <dt><a href="#l43">5.1.4: Adjusting the weights</a></dt>
 <dt><a href="#l44">5.1.5: Throttling the number of concurrent connections</a></dt>
 </dl>
 <dt><a href="#l45">5.2: Using an external program to dispatch</a></dt>
 <dl>
 <dt><a href="#l46">5.2.1: Configuring the external handler</a></dt>
 <dt><a href="#l47">5.2.2: Writing the external handler</a></dt>
 <dt><a href="#l48">5.2.3: Examples of external handlers</a></dt>
 </dl>
 <dt><a href="#l49">5.3: HTTP Session Stickiness</a></dt>
 <dl>
 <dt><a href="#l50">5.3.1: Don't use stickiness!</a></dt>
 <dt><a href="#l51">5.3.2: But if you must..</a></dt>
 </dl>
 <dt><a href="#l52">5.4: Passing the client's IP address</a></dt>
 <dl>
 <dt><a href="#l53">5.4.1: Sample Crossroads configuration</a></dt>
 <dt><a href="#l54">5.4.2: Sample Apache configuration</a></dt>
 </dl>
 <dt><a href="#l55">5.5: Debugging network traffic</a></dt>
 <dt><a href="#l56">5.6: Limiting Access to Crossroads by Client IP Address</a></dt>
 <dl>
 <dt><a href="#l57">5.6.1: General Examples</a></dt>
 <dt><a href="#l58">5.6.2: Using External Files</a></dt>
 <dt><a href="#l59">5.6.3: Mixing Directives</a></dt>
 </dl>
 <dt><a href="#l60">5.7: Configuration examples</a></dt>
 <dl>
 <dt><a href="#l61">5.7.1: A load balancer for three webserver back ends</a></dt>
 <dt><a href="#l62">5.7.2: An HTTP forwarder when travelling</a></dt>
 <dt><a href="#l63">5.7.3: SSH login with enforced idle logout</a></dt>
 </dl>
 </dl>
 <dt><h3><a href="#l64">6: Benchmarking</a></h3></dt>
 <dl>
 <dt><a href="#l65">6.1: Benchmark 1: Accessing a proxy via crossroads or directly</a></dt>
 <dl>
 <dt><a href="#l66">6.1.1: Results</a></dt>
 <dt><a href="#l67">6.1.2: Discussion</a></dt>
 </dl>
 <dt><a href="#l68">6.2: Benchmark 2: Crossroads versus Linux Virtual Server (LVS)</a></dt>
 <dl>
 <dt><a href="#l69">6.2.1: Environment</a></dt>
 <dt><a href="#l70">6.2.2: Tests and results</a></dt>
 </dl>
 </dl>
 <dt><h3><a href="#l71">7: Compiling and Installing</a></h3></dt>
 <dl>
 <dt><a href="#l72">7.1: Prerequisites</a></dt>
 <dt><a href="#l73">7.2: Compiling and installing</a></dt>
 <dt><a href="#l74">7.3: Configuring crossroads</a></dt>
 <dt><a href="#l75">7.4: A boot script</a></dt>
 <dl>
 <dt><a href="#l76">7.4.1: SysV Style Startup</a></dt>
 <dt><a href="#l77">7.4.2: BSD Style Startup</a></dt>
 </dl>
 
 <p><hr><p>
 <p>
 <a name="l1"></a>
 <h2>1: Introduction</h2>
 <a name="intro"></a>Crossroads is a daemon that basically accepts TCP connections
 at preconfigured ports, and given a list of 'back ends'
 distributes each incoming connection to one of the back ends,
 so that a client request is
 served. Additionally, crossroads maintains an internal
 administration of the back end connectivity: if a back end isn't
 usable, then the client request is handled using another back
 end. Crossroads will then periodically check whether a previously not
 usable back end has come to life yet. Also, crossroads can select
 back ends by estimating the load, so that balancing is achieved.
 <p>
 Using this approach, crossroads serves as load balancer and fail over
 utility. Crossroads will very likely not be as reliable as
 hardware based balancers, since it always will require a server to
 run on. This server, in turn, may become a new Single Point of
 Failure (SPOS).  However, in situations where cost efficiency is an issue,
 crossroads may be a good choice. Furthermore, crossroads can be
 deployed in situations where a hardware based balancing already
 exists and augmenting service reliability is needed. Or, crossroads may be
 run off a diskless system, which again improves reliability of the
 underlying hardware.
 <p>
 This document describes how to use crossroads, how to configure it
 in order to increase the reliability of your systems, and how to
 compile the program from its sources. This document is
 also available in <a href="crossroads.pdf">PDF</a> format.
 <p>
 <a name="l2"></a>
 <h3>1.1: Obtaining Crossroads</h3>
 <p>
 As quick reference, here are some important URL's for Crossroads:
 <p>
 <ul>
         <li> <a href="http:/crossroads.e-tunity.com">http:/crossroads.e-tunity.com</a> is the site that serves
         Crossroads. You can browse this at leisure
         for documentation, sources, and so on.
 <p>
 <li> <a href="http://freshmeat.net/projects/crossr">http://freshmeat.net/projects/crossr</a> is the
         Freshmeat announcement page.
 <p>
 <li> <a href="svn://svn.e-tunity.com/crossroads">svn://svn.e-tunity.com/crossroads</a> is the SVN
         repository; anonymous reading (fetching) is allowed. In order
         to commit changes, <a href="mailto:karel@e-tunity.com">mail me</a> for
         credentials.</ul>
 <p>
 <a name="l3"></a>
 <h3>1.2: Copyright and Disclaimer</h3>
 <p>
 Crossroads is distributed as-is, without assumptions of fitness
 or usability. You are free to use crossroads to your
 liking. It's free, and as with everything that's free: there's
 also no warranty.
 <p>
 You are allowed to make modifications to the source code of
 crossroads, and you are allowed to (re)distribute crossroads, as
 long as you include this text, all sources, and if applicable: all
 your modifications, with each distribution.
 <p>
 While you are allowed to make any and all changes to the sources,
 I would appreciate hearing about them. If the changes concern new
 functionality or bugfixes, then I'll include them in a next
 release, stating full credits. If you want to seriously contribute (to
 which you are heartily encouraged), then mail me and I'll get you
 access to the Crossroads SVN repository, so that you can update and
 commit as you like.
 <p>
 <a name="l4"></a>
 <h3>1.3: Terminology</h3>
 <p>
 Throughout this document, the following terms are used: &nbsp;(Many
 more meanings of the terms will exist -- yes, I am aware of that. I'm
 using the terms here in a very strict sense.)
 <p>
 <dl>
         <p><dt><strong>A client</strong><dd> is a process that initiates a network connection
             to get contact with some service. 
         <p><dt><strong>A service</strong><dd> or <strong>server process</strong> or <strong>listener</strong>
             is a central application
             that accepts network connections from clients and sevices
             them.
         <p><dt><strong>Back ends</strong><dd> are locations where crossroads looks in
             order to service its clients. Crossroads sits 'in between'
             and does its tricks. Therefore, as far as the back ends
             are concerned, crossroads behaves like a client. As far as
             the true client is concerned, crossroads behaves like the
             service. The communication is however transparent: neither
             client nor back end are aware of the middle position of
             crossroads.
         <p><dt><strong>A connection</strong><dd> is a network conversation between client and service,
             where data are transferred to and fro. As
             far as crossroads is concerned, success means that a
             connection can be established without errors on
             the network level. Crossroads isn't aware of service
             pecularities. E.g., when a webserver answers <code>HTTP/1.0
             500 Server Error</code> then crossroads will see this as a
             succesful connection, though the user behind a browser may
             think otherwise.
         <p><dt><strong>Back end selection algorithms</strong><dd> are methods by which
             crossroads determines which back end it will talk to
             next. Crossroads has a number of built-in algorithms,
             which may be configured per service.
         <p><dt><strong>Back end states</strong><dd> are the statusses of each back end that
             is known to crossroads. A back end may be available,
             (temporarily) unavailble or truly down. When a back end is
             temporarily unavailable, then crossroads will periodically
             check whether the back end has come to life yet (that is,
             if configured so).
         <p><dt><strong>A spike</strong><dd> is a sudden increase in activity, leading to
             extra load on a given service. When crossroads is in
             effect and when the spike occurs in one connection,
             then obviously the spike will also appear at one
             of the back ends. However, crossroads will see the spike
             and will make sure that a subsequent request goes to an
             other back end. In contrast, when several connections
             arrive simultaneously and cause a spike, then crossroads
             will be able to distribute the connections over several
             back ends, thereby 'flattening out' the increase.
         <p><dt><strong>Load balancing</strong><dd> means that incoming client requests are
             distributed over more than just one back end (which wouldn't be the
             case if you wouldn't be running crossroads). Enabling load
             balancing is nothing more than duplicating services over
             more than one back end, and having something (in this
             case: crossroads) distribute the requests, so that per
             back end the load doesn't get too high.
         <p><dt><strong>An HTTP session</strong><dd> is a series of separate network connections
             that originate from one browser. E.g., to fill the display
             with text and images, the browser hits a website several times.
             An HTTP session may even span several
             screens. E.g., a website registration dialog may involve 3
             screens that when called from the same browser, 
             form a logical group of some sort.
         <p><dt><strong>Headers</strong><dd> or <strong>header lines</strong> are specific parts of an HTTP
             message. Crossroads has directives to add or modify
             headers that are part of the request that a browser sends
             to server, or those that are part of the server.
         <p><dt><strong>Session stickiness</strong><dd> means that when a browser starts an
             HTTP dialog, the balancer makes sure that it 'sticks' to
             the same back end (i.e., subsequent requests from the
             browser are forced to go to the same back end, instead of
             being balanced to other ones).
         <p><dt><strong>Back end usage</strong><dd> is measured by crossroads in order to be
             able to determine back end selection. Crossroads stores
             information about the number of active connections, the
             transferred bytes and 
             about the connection duration. These numbers can be used to
             estimate which back end is the least used -- and
             therefore, presumably, the best candidate for a new
             request.
         <p><dt><strong>Fail over</strong><dd> is almost always used when load balancing is in
             effect. The distributor of client requests (crossroads of
             course) can also monitor back ends, so that incase a back
             end is 'down', it is no longer accessed.
         <p><dt><strong>Service downtime</strong><dd> normally occurs when a service is
             switched off. Downtime is obviously avoided when fail over
             is in effect: a back end can be taken out of service in a
             controlled manner, without any client noticing it.
 </dl>
 <p>
 <a name="l5"></a>
 <h3>1.4: Porting issues for pre-1.21 installations</h3>
 <p>
 As of version 1.21, the event-hook directives <code>onsuccess</code> and
     <code>onfailure</code> no longer exists.
 <p>
 <ul>
         <li> Please replace <code>onsuccess</code> by <code>onstart</code>;
         <li> Please replace <code>onfailure</code> bu <code>onfail</code>;
         <li> Note that there is a new hook <code>onend</code>.</ul>
 <p>
 The commands that are run via <code>onstart</code>, <code>onend</code> or <code>onfail</code>
     are subject to format expansion; e.g., <code>%1w</code> is expanded to the
     weight of the first back end, etc.. See section <a href="crossroads.html#config">4</a> for details.
 <p>
 <a name="l6"></a>
 <h3>1.5: Porting issues for pre-0.26 installations</h3>
 <p>
 As of version 0.26 the syntax of the configuration file has
     changed. In particular:
 <p>
 <ul>
         <li> The keyword <code>maxconnections</code> is now used instead of
              <code>maxclients</code>;
         <li> The keyword <code>connectiontimeout</code> is now used instead of
              <code>sessiontimeout</code>.</ul>
 <p>
 Therefore when converting configuration files to the new syntax,
     the above keywords must be changed. (The reason for these changes
     is that 0.26 introduces <em>sticky HTTP sessions</em> that span
     multiple TCP connections, and the term
     <em>session</em> is used strictly in that sense -- and no longer for a
     TCP connection.)
 <p>
 <a name="l7"></a>
 <h3>1.6: Porting issues for pre-1.08 installations</h3>
 <p>
 As of version 1.08, the following directives no longer are
     supported:
 <p>
 <ul>
         <li> <code>insertstickycookie</code> was replaced by the more generic
         directive <code>addclientheader</code>. E.g., instead of <br>
             <code>insertstickycookie "XRID=100; Path=/";</code> <br>
         the syntax is now <br>
             <code>addclientheader "Set-Cookie: XRID=100; Path=/";</code>
 <p>
 <li> <code>insertrealip</code> was replaced by the more generic
         directive <code>setserverheader</code>. E.g., instead of <br>
             <code>insertrealip on;</code> <br>
         the syntax is now <br>
             <code>setserverheader "XR-Real-IP: %r";</code> <br>
         This incidentally also makes it possible to change the header
         name (here: <code>XR-Real-IP</code>).</ul>
 <p>
 <a name="l8"></a>
 <h2>2: Installation for the impatient</h2>
 <a name="impatient"></a>
 For the impatient, here's the very-quick-but-very-superficial recipy
 for getting crossroads up and running:
 <p>
 <ul>
 <p>
 <li> If you don't have SVN or don't want to use it:
 <p>
 <ul>
           <li> Obtain the crossroads source archive at
           <a href="http://crossroads.e-tunity.com">http://crossroads.e-tunity.com</a>.
 <p>
 <li> Change-dir to a 'sources' directory on your system and
           unpack the archive.
 <p>
 <li> Change-dir into the create directory <code>crossroads/</code>.</ul>
 <p>
 <li> If you have SVN and want to go for the newest snapshot:
 <p>
 <ul>
           <li> Get the latest sources and snapshots using SVN from <br>
  	  <code>svn://svn.e-tunity.com/crossroads</code>.
 <p>
 <li> You'll find the newest alpha version under
           <code>crossroads/trunk</code> and the stable versions under
           <code>crossroads/tags</code>,
           e.g. <code>crossroads/tags/release-1.00</code>.
 <p>
 <li> Choose which you want to use: the latest stable
           release, or the bleeding edge alpha? In the former case,
           change-dir to <code>crossroads/tags/release-</code><em>X.YY</em>, where
           <em>X.YY</em> is a release ID. In the latter case, change-dir to
           <code>crossroads/trunk</code>.</ul>
 <p>
 <li> Type <code>make install</code>. This installs the crossroads
         binary into <code>/usr/local/bin/</code>. If the compilation doesn't
         work on your system, check <code>etc/Makefile.def</code> for hints.
 <p>
 <li> Create a file <code>/etc/crossroads.conf</code>. In it state
         something like:
 <p>
 <pre>
 service www {
     port 80;
     revivinginterval 15;
     backend one {
         server 10.1.1.100:80;
     }
     backend two {
         server 10.1.1.101:80;
     }
 }
 </pre>
 
 <p>
 That's off course assuming that you want to balance HTTP on
         port 80 to two back ends at 10.1.1.100 and 10.1.1.101.
 <p>
 <li> Type <code>crossroads start</code>.
 <p>
 <li> Surf to the machine where crossroads is running. You will
         see the pages served by the back ends 10.1.1.100 or
         10.1.1.101.
 <p>
 <li> To monitor the status of crossroads, type <code>crossroads
         status</code>.
 </ul>
 <p>
 <a name="l9"></a>
 <h2>3: Using Crossroads</h2>
 <a name="using"></a>Crossroads is started from the commandline, and highly depends on
 <code>/etc/crossroads.conf</code> (the default configuration file). It 
 supports a number of flags (e.g., to overrule the location of the
 configuration file). The actual usage information is always obtained
 by typing <code>crossroads</code> without any arguments. Crossroads then
 displays the allowed arguments.
 <p>
 <a name="l10"></a>
 <h3>3.1: General Commandline Syntax</h3>
 <p>
 This section shows the most basic usage. As said above, start
 <code>crossroads</code> without arguments to view the full listing of options.
 <p>
 <ul>
         <li> <code>crossroads start</code> and <code>crossroads stop</code> are typical
              actions that are run from system startup scripts. The
              meaning is self-explanatory.
         <li> <code>crossroads restart</code> is a combination of the former
              two. Beware that a restart may cause discontinuity in
              service; it is just a shorthand for typing the 'stop' and
              'start' actions after one another.
         <li> <code>crossroad status</code> reports on each running
              service. Per service, the state of each back end is
              reported.
         <li> <code>crossroads tell</code> <em>service backend state</em> is a
              command line way of telling crossroads that a given back
              end, of a given service, is in a given state. Normally
              crossroads maintains state information itself, but by
              using <code>crossroads tell</code>, a back end can be e.g. taken
              'off line' for servicing.
         <li> <code>crossroads configtest</code> tells you whether the
              configuration is syntactially correct.
         <li> <code>crossroads services</code> reports on the configured 
              services. In contrast to <code>crossroads status</code>, this
              option only shows what's configured -- not what's up and
              running. Therefore, <code>crossroads services</code> doesn't
              report on back end states.
         <li> <code>crossroads sampleconf</code> shows a sample configuration on
              screen. A good way of quicky viewing the configuration
              file syntax, or of getting a start for your own
              configuration <code>/etc/crossroads.conf</code>.
 </ul>	     
 <p>
 <a name="l11"></a>
 <h3>3.2: Logging-related options</h3>
 <p>
 Two 'flags' of Crossroads are specifically logging-related. This
 section elaborates on these flags.
 <p>
 First, there's flag <code>-a</code>. When present, the start and end of
 activity is logged using statements like
 <p>
 <center><em>YYYY-MM-DD HH/MM/SS starting http from 61.45.32.189 to 10.1.1.1</em></center>
 <p>
 Similarly, there are 'ending' statements. Using this flag and 
 scanning your logs for these statements may be helpful in quickly
 determining your system load.
 <p>
 Second, there's flag <code>-l</code>. This flag selects the 'facility' of
 logging and defaults to <code>LOG_DAEMON</code>. You can supply a number
 between 0 and 7 to flag <code>-l</code> to select <code>LOG_LOCAL0</code> to
 <code>LOG_LOCAL7</code>. This would separate the Crossroads-related logging
 from other streams. Here's a very short guide; please read your Unix
 manpages of <code>syslogd</code> for more information.
 <p>
 <ul>
     <li> First edit <code>/etc/syslog.conf</code> and add a line:
 <p>
 <pre>
 local7.*   /var/log/crossroads.log
 </pre>
 
 <p>
 That instructs <code>syslogd</code> to send <code>LOG_LOCAL7</code> requests to the
     logfile <code>/var/log/crossroads.log</code>.
 <p>
 <li> Next, restart <code>syslogd</code>. On most Unices that's done by
     issuing <code>killall -1 syslogd</code>. (As a side-note, I tried this once
     on an Bull/AIX system, and the box just shut down. The <code>killall</code>
     command killed every process...)
 <p>
 <li> Now start <code>crossroads</code> with the flag <code>-l7</code>.
 <p>
 <li> Finally, monitor <code>/var/log/crossroads.log</code> for Crossroads'
     messages.</ul>
 <p>
 <a name="l12"></a>
 <h3>3.3: Reloading Configurations</h3>
 <p>
 Crossroads doesn't support the reloading of a configuration while
 running (such as other programs, e.g. Apache do). There are various
 technical reasons for this.
 <p>
 However, external lists of allowed or denied IP addresses can be
 reloaded by sending a signal -1 (<code>SIGHUP</code>) to Crossroads. See
 section <a href="crossroads.html#servicedef">4.2</a> for the details.
 <p>
 <a name="l13"></a>
 <h2>4: The configuration</h2>
 <a name="config"></a>The configuration that crossroads uses is normally stored in the file
 <code>/etc/crossroads.conf</code>. This location can be overruled using the
 command line flag <code>-c</code>.
 <p>
 This section explains the syntax of the configuration file, and what
 all settings do.
 <p>
 <a name="l14"></a>
 <h3>4.1: General language elements</h3>
 <p>
 This section describes the general elements of the crossroads
 configuration language.
 <p>
 <a name="l15"></a>
 <strong>4.1.1: Empty lines and comments</strong>
 <p>
 Empty lines are of course allowed in the
 configuration. Crossroads recognizes three formats of comment:
 <p>
 <ul>
         <li> C-style, between <code>/*</code> and <code>*/</code>,
         <li> C++-style, starting with <code>//</code> and ending with the end
         of the text line;
         <li> Shell-style, starting with <code>#</code> and ending with the end
         of the text line.</ul>
 <p>
 Simply choose your favorite editor and use the comment that 'looks
 best'.&nbsp;(I favor C or C++ comment. My favorite editor <em>emacs</em>
 can be put in <code>cmode</code> and nicely highlight what's comment and what's
 not. And as a bonus it will auto-indent the configuration!)
 <p>
 <a name="l16"></a>
 <strong>4.1.2: Keywords, numbers, identifiers, generic strings</strong>
 <p>
 In a configuration file, statements are identified by <em>keywords</em>,
 such as <code>service</code>, <code>verbosity</code>. These are reserved words.
 <p>
 Many keywords require an <em>identifier</em> as the argument. E.g, a
 service has a unique name, which must start with a letter or
 underscore, followed by zero or more letters, underscores, or
 digits. Therefore, in the statement <code>service myservice</code>, the keyword is
 <code>service</code> and the identifier is <code>myservice</code>.
 <p>
 Other keywords require a numeric argument. Crossroads knows only
 non-negative integer numbers, as in <code>port 8000</code>. Here, <code>port</code> is
 the keyword and <code>8000</code> is the number.
 <p>
 Yet other keywords require 'generic strings', such as hostname
 specifications or system commands. Such generic strings contain any
 characters (including white space) up to the terminating statement
 character <code>;</code>. If a string must contain a semicolon, then it must
 be enclosed in single or double quotes:
 <p>
 <ul>
         <li> <code>This is a string;</code> is a string that starts at <code>T</code>
         and ends with <code>g</code>
         <li> <code>"This is a string";</code> is the same, the double quotes
         are not necessary
         <li> <code>"This is ; a string";</code> has double quotes to protect
         the inner ;</ul>
 <p>
 Finally, an argument can be a 'boolean' value. Crossroads knows
 <code>true</code>, <code>false</code>, <code>yes</code>, <code>no</code>, <code>on</code>, <code>off</code>. The keywords
 <code>true</code>, <code>yes</code> and <code>on</code> all mean the same and can be used
 interchangeably; as can the keywords <code>false</code>, <code>no</code> and <code>off</code>.
 <p>
 <a name="l17"></a>
 <h3>4.2: Service definitions</h3> <a name="servicedef"></a>
 <p>
 Service definitions are blocks in the configuration file that
 state what is for each service. A service definition starts with
 <code>service</code>, followed by a unique identifier, and by statements in
 <code>{</code> and <code>}</code>. For example:
 <p>
 <pre>
 // Definition of service 'www':
 service www {
     ...
     ... // statements that define the
     ... // service named 'www'
     ...
 }
 </pre>
 
 <p>
 The configuration file can contain many service blocks, as long as the
 identifying names differ. The following list shows possible
 statements. Each statement must end with a semicolon, except for the
 <code>backend</code> statement, which has is own block (more on this later).
 <p>
 <a name="conf/type"></a><a name="l18"></a>
 <strong>4.2.1: type - Defining the service type</strong> <a name="conftype - Defining the service type"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> The <code>type</code> statement defines how crossroads handles the stated
      service. There are currently two types: <code>any</code> and
      <code>http</code>. The type <code>any</code> means that crossroads doesn't
      interpret the contents of a TCP stream, but only distributes streams
      over back ends. The type <code>http</code> means that crossroads has to
      analyze what's in the messages, does magical HTTP header tricks, and
      so on -- all to ensure that multiple connections are treated as one
      session, or that the back end is notified of the client's IP
      address.
 <p>
 Unless you really need such special features, use the type <code>any</code> (the
      default), even for HTTP protocols.
         <p><dt><strong>Syntax:</strong><dd> <code>type</code> <em>specifier</em>, where <em>specifier</em> is <code>any</code> or
      <code>http</code>
         <p><dt><strong>Default:</strong><dd> <code>any</code>
     </dl>
 <p>
 <a name="conf/port"></a><a name="l19"></a>
 <strong>4.2.2: port - Specifying the listen port</strong> <a name="confport - Specifying the listen port"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> The <code>port</code> statement defines to which TCP port a service
      'listens'. E.g. <code>port 8000</code> says that this service will accept
      connections on port 8000.
         <p><dt><strong>Syntax:</strong><dd> <code>port</code> <em>number</em>
         <p><dt><strong>Default:</strong><dd> There is no default. This is a required setting.
     </dl>
 <p>
 <a name="conf/bindto"></a><a name="l20"></a>
 <strong>4.2.3: bindto - Binding to a specific IP address</strong> <a name="confbindto - Binding to a specific IP address"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> The <code>bindto</code> statement is used in situations where crossroads
      should only listen to the stated port at a given IP address. E.g.,
      <code>bindto 127.0.0.1</code> causes crossroads to 'bind' the service only to
      the local IP address. Network connections from other hosts won't be
      serviced. By default, crossroads binds a service to all presently
      active IP addresses at the invoking host.
         <p><dt><strong>Syntax:</strong><dd> <code>bindto</code> <em>address</em>, where <em>address</em> is a numeric IP
      address, such as 127.0.0.1, or the keyword <code>any</code>.
         <p><dt><strong>Default:</strong><dd> <code>any</code>
     </dl>
 <p>
 <a name="conf/verbose"></a><a name="l21"></a>
 <strong>4.2.4: verbosity - Controlling debug output</strong> <a name="confverbosity - Controlling debug output"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> Verbosity statements  come in two forms: <code>verbosity on</code> or
      <code>verbosity off</code>. When 'on', log messages to <code>/var/log/messages</code>
      are generated that show what's going on.&nbsp;(Actually, the
      messages go to <code>syslog(3)</code>, using facility <code>LOG_DAEMON</code> and
      priority <code>LOG_INFO</code>. In most (Linux) cases this will mean: output to
      <code>/var/log/messages</code>. On Mac OSX the messages go to
      <code>/var/log/system.log</code>.) The keyword <code>verbose</code> is an alias for
      <code>verbosity</code>.
         <p><dt><strong>Syntax:</strong><dd> <code>verbosity</code> <em>setting</em> or <code>verbose</code> <em>setting</em>, where
      <em>setting</em> is <code>true</code>, <code>yes</code> or <code>on</code> to turn 
      verbosity on; or <code>false</code>, <code>no</code>, <code>off</code> to turn it off.
         <p><dt><strong>Default:</strong><dd> <code>off</code>
     </dl>
 <p>
 <a name="conf/dispatchmode"></a><a name="l22"></a>
 <strong>4.2.5: dispatchmode - How are back ends selected</strong> <a name="confdispatchmode - How are back ends selected"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> The dispatch mode controls how crossroads selects a back end from
      a list of active back ends. The below text shows the bare
      syntax. See section <a href="crossroads.html#howselected">5.1</a> for a textual explanation.
 <p>
 The settings can be:
 <p>
 <ul>
         <li> <code>dispatchmode roundrobin</code>: Simply the 'next in line' is
         chosen. E.g, when 3 back ends are active, then the usage
         series is 1, 2, 3, 1, 2, 3, and so on.
 <p>
 Roundrobin dispatching is the default method, when no
         <code>dispatchmode</code> statement occurs.
 <p>
 <li> <code>dispatchmode random</code>: Random selection. Probably only
         for stress testing, though when used with weights (see below)
         it is a good distributor of new connections too.
 <p>
 <li> <code>dispatchmode bysize [ over</code> <em>connections</em> <code>]</code>:
         The next back end is the one
         that has transferred the least number of bytes. This
         selection mechanism assumes that the more bytes, the heavier
         the load.
 <p>
 The modifier <code>over</code> <em>connections</em> is optional. (The square
         brackets shown above are not part of the statement but
         indicate optionality.)  When given,
         the load is computed as an average of the last stated number of
         connections. When this modifier is absent, then the load is
         computed over all connections since startup.
 <p>
 <li> <code>dispatchmode byduration [ over</code> <em>connections</em> <code>]</code>:
         The next back end is the one
         that served connections for the shortest time. This mechanism
         assumes that the longer the connection, the heavier the load.
 <p>
 <li> <code>dispatchmode byconnections</code>: The next back end is the one
         with the least active connections. This mechanism assumes that
         each connection to a back end represents load. It is usable
         for e.g. database connections.
 <p>
 <li> <code>dispatchmode byorder</code>: The first back end is selected
         every time, unless it's unavailable. In that case the second
         is taken, and so on.
 <p>
 <li> <code>dispatchmode externalhandler</code> <em>program arguments</em>:
         This is a special mode, where an external program is delegated
         the responsibility to say which back end should be used
         next. In this case, Crossroads will call the external program,
         and this will of course be slower than one of the 'built-in'
         dispatch modes. However, this is the ultimate escape when
         custom-made dispatch modes are needed.
 <p>
 The dispatch mode that uses an <code>externalhandler</code> is
         discussed separately in section <a href="crossroads.html#externalhandler">5.2</a>.</ul>
 <p>
 The selection algorithm is only used when clients are serviced that
      aren't part of a sticky HTTP session. This is the case during:
 <p>
 <ul>
         <li> all client requests of a service type <code>any</code>;
         <li> new sessions of a service type <code>http</code>.</ul>
 <p>
 When type <code>http</code> is in effect and a session is underway, then the
      previously used back end is always selected -- regardless of
      dispatching mode.
 <p>
 Your 'right' dispatch mode will depend on the type of service. Given
      the fact that crossroads doesn't know (and doesn't care) how to
      estimate load from a network traffic stream, you have to choose an
      appropriate dispatch mode to optimize load balancing. In most cases,
      <code>roundrobin</code> or <code>byconnections</code> will do the job just fine.
         <p><dt><strong>Syntax:</strong><dd> <code>dispatchmode</code> <em>mode</em> (see above for the modes), optionally
      followed by <code>over</code> <em>number</em>, or when the <em>mode</em> is
      <code>externalhandler</code>, followed by <em>program</em>.
         <p><dt><strong>Default:</strong><dd> <code>roundrobin</code>
     </dl>
 <p>
 <a name="conf/revivinginterval"></a><a name="l23"></a>
 <strong>4.2.6: revivinginterval - Back end wakeup calls</strong> <a name="confrevivinginterval - Back end wakeup calls"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> A reviving interval definition is needed when crossroads
      determines that a back end is temporarily unavailable. This will
      happen when: 
 <p>
 <ul>
         <li> The back end cannot be reached (network connection
              fails);
         <li> The network connection to the back end suddenly dies.</ul>
 <p>
 An example of the definition is <code>revivinginterval 10</code>. When this
      reviving interval is given, crossroads will check each 10 seconds
      whether unavailable back ends have woken up yet. A back end is
      considered awake when a network connection to that back end can
      succesfully be established.
         <p><dt><strong>Syntax:</strong><dd> <code>revivinginterval</code> <em>number</em>, where the number is the interval
      in seconds.
         <p><dt><strong>Default:</strong><dd> 0 (no wakeup calls)
     </dl>
 <p>
 <a name="conf/maxconnections"></a><a name="l24"></a>
 <strong>4.2.7: maxconnections - Limiting concurrent clients at service level</strong> <a name="confmaxconnections - Limiting concurrent clients at service level"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> The maximum number of connections is specified using
      <code>maxconnections</code>. There is one argument; the number of concurrent
      established connections that may be active within one service.
 <p>
 'Throttling' the number of connections is a way of preventing Denial of
      Service (DOS) attacks. Without a limit, numerous network connections
      may spawn so many server instances, that the service ultimately breaks
      down and becomes unavailable.
         <p><dt><strong>Syntax:</strong><dd> <code>maxconnections</code> <em>number</em>, where the number specifies the
      maximum of concurrent connections to the service.
         <p><dt><strong>Default:</strong><dd> 0, meaning that all connections will be accepted.
     </dl>
 <p>
 <a name="conf/backlog"></a><a name="l25"></a>
 <strong>4.2.8: backlog - The TCP Back Log size</strong> <a name="confbacklog - The TCP Back Log size"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> The TCP back log size is a number that controls how many
      'waiting' network connections may be queued, before a client simply
      cannot connect. The syntax is e.g. <code>backlog 5</code> to cause crossroads
      to have 5 waiting connections for 1 active connection.
      The backlog queue shouldn't be too
      high, or clients will experience timeouts before they can actually
      connect. The queue shouldn't be too small either, because clients
      would be simply rejected. Your mileage may vary.
         <p><dt><strong>Syntax:</strong><dd> <code>backlog</code> <em>number</em>
         <p><dt><strong>Default:</strong><dd> 0, which takes the operating system's default
      value for socket back log size.
     </dl>
 <p>
 <a name="conf/shmkey"></a><a name="l26"></a>
 <strong>4.2.9: shmkey - Shared Memory Access</strong> <a name="confshmkey - Shared Memory Access"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> Different Crossroads
      invocations must 'know' of each others activity. E.g, <code>crossroad
      status</code> must be able to get to the actual state information of all
      running services. This is internally implemented through shared
      memory, which is reserved using a key.
 <p>
 Normally crossroads will supply a shared memory key, based on the
      service port and bitwise or-ed with a magic number. In situations
      where this conflicts with existing keys (of other programs, having
      their own keys), you may supply a chosen value.
 <p>
 The actual key value doesn't matter much, as long as it's unique
      and as long as each invocation of crossroads uses it.
         <p><dt><strong>Syntax:</strong><dd> <code>shmkey</code> <em>number</em>
         <p><dt><strong>Default:</strong><dd> 0, which means that crossroads will 'guess' its
      own key, based on TCP port and a magic number.
     </dl>
 <p>
 <a name="conf/allow"></a><a name="l27"></a>
 <strong>4.2.10: allow* and deny* - Allowing or denying connections</strong> <a name="confallow* and deny* - Allowing or denying connections"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> Crossroads can allow or deny
      connections based on the IP address of a client. There are four
      directives that are relevant: <code>allowfrom</code>, <code>allowfile</code>,
      <code>denyfrom</code> and <code>denyfile</code>. When using <code>allowfrom</code> and
      <code>denyfrom</code> then the IP addresses to allow or deny connections are
      stated in <code>/etc/crossroads.conf</code>.
 <p>
 When <code>allow*</code> directives are used, then all connections are denied
      unless they match the stated allowed IP's. When <code>deny*</code> directives
      are used, then all connections are allowed unless they match the
      stated disallowed IP's. When denying and allowing is both used,
      then the Crossroads checks the deny list first.
 <p>
 The statements <code>allowfrom</code> and <code>denyfrom</code> are followed by a
      list of filter specifications. The statements <code>allowfile</code> and
      <code>denyfile</code> are followed by a filename; Crossroads will read
      filter specifications from those external files. In both cases,
      Crossroads obtains filter specifications and places them in its
      lists of allowed or denied IP addresses. The difference between
      specifying filters in <code>/etc/crossroads.conf</code> or in external
      files, is that Crossroads will reload the external files when it
      receives signal 1 (<code>SIGHUP</code>), as in <code>killall -1 crossroads</code>.
 <p>
 The filter specifications must obey the following syntax: it
      consists of up to 
      four numbers ranging from 0 to 255 and separated by a decimal
      sign. Optionally a slash follows, with a bitmask which is also a
      decimal number.
 <p>
 This is probably best explained by a few examples:
 <p>
 <ul>
         <li> <code>allowfrom 10/8;</code> will allow connections from
         <code>10.*.*.*</code> (a full Class A network). The mask <code>/8</code> means
         that the first 8 bits of the number (ie., only the <code>10</code>) are
         significant. On the last 3 positions of the IP address, all
         numbers are allowed. Given this directive, client connections
         from e.g. 10.1.1.1 and 10.2.3.4 will be allowed.
 <p>
 <li> <code>allowfrom 10.3/16;</code> will allow all IP addresses that
         start with <code>10.3</code>.
 <p>
 <li> <code>allowfrom 10.3.1/16;</code> is the same as above. The third
         byte of the IP address is superfluous because the netmask
         specifies that only the first 16 bits (2 numbers) are taken
         into account.
 <p>
 <li> <code>allowfrom 10.3.1.15;</code> allows traffic from only the
         specified IP address. There is no bitmask; all four numbers
         are relevant.
 <p>
 <li> <code>allowfrom 10.3.1.15 10.2/16;</code> allows traffic from one
         IP address <code>10.3.1.15</code> or from a complete Class B network
         <code>10.2.*.*</code> 
 <p>
 <li> <code>allowfile /tmp/myfile.txt;</code> in combination with a file
         <code>/tmp/myfile.txt</code>, with the contents <code>10.3.1.15 10.2/16</code>,
         is the same as above.</ul>
         <p><dt><strong>Syntax:</strong><dd> <ul>
 	<li> <code>allowfrom</code> <em>filter-specificication(s)</em>
 	<li> <code>denyfrom</code>  <em>filter-specificication(s)</em>
 	<li> <code>allowfile</code>  <em>filename</em>
 	<li> <code>denyfile</code>  <em>filename</em></ul>
         <p><dt><strong>Default:</strong><dd> In absence of these statements, all client IP's are accepted.
     </dl>
 <p>
 <a name="conf/useraccount"></a><a name="l28"></a>
 <strong>4.2.11: useraccount - Limiting the effective ID of external processes</strong> <a name="confuseraccount - Limiting the effective ID of external processes"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> Using the directive <code>useraccount</code>, the effective user and group
      ID can be restricted. This comes into effect when Crossroads runs
      external commands, such as:
      <ul>
 	<li> Hooks for <code>onstart</code>, <code>onend</code> or <code>onfail</code>;
 	<li> External dispatchers, when <code>dispatchmode
 	     externalhandler</code> is in effect.</ul>
      Once a user name for external commands is specified, Crossroads
      assumes the associated user ID and group ID before running those
      commands.
         <p><dt><strong>Syntax:</strong><dd> <code>useraccount</code> <em>username</em>
         <p><dt><strong>Default:</strong><dd> None; when unspecified, external commands are run with the 
      ID that was in effect when Crossroads was started.
     </dl>
 <p>
 <a name="l29"></a>
 <h3>4.3: Backend definitions</h3>
 <p>
 Inside the service definitions as are described in the previous
 section, <em>backend definitions</em> must also occur. Backend definitions
 are started by the keyword <code>backend</code>, followed by an identifier
 (the back end name) , and statements inside <code>{</code> and <code>}</code>:
 <p>
 <pre>
 service myservice {
     ...
     ... // statements that define the
     ... // service named 'myservice'
     ...
 
     backend mybackend {
         ...
         ... // statements that define the
         ... // backend named 'mybackend'
         ...
     }
 }
 </pre>
 
 <p>
 Each service definition must have at least one backend
 definition. There may be more (and probably will, if you want
 balancing and fail over) as long as the backend names differ.
 The statements in the backend definition blocks are described in the
 following sections.
 <p>
 Some directives (<code>stickycookie</code> etc.) only have effect when
 Crossroads treats the network traffic as a stream of HTTP messages;
 i.e., when the service is declared with <code>type http</code>. Incase of
 <code>type any</code>, the HTTP-specific directives have no effect.
 <p>
 <a name="conf/server.yo"></a><a name="l30"></a>
 <strong>4.3.1: server - Specifying the back end address</strong> <a name="confserver - Specifying the back end address"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> Each back end must be identified by the network name
      (server name) where it is located. For example: <code>server
      10.1.1.23</code>, or <code>server web.mydomain.org</code>. A TCP port specifier
      can follow the server name, as in <code>server web.mydomain.org:80</code>.
         <p><dt><strong>Syntax:</strong><dd> <ul>
 	<li> <code>server</code> <em>servername</em>, where <em>servername</em> is a
  	network name or IP address;
 	<li> <code>server</code> <em>servername:port</em></ul>
         <p><dt><strong>Default:</strong><dd> There is no default. This is a required setting.
     </dl>
 <p>
 <a name="conf/verbose-backend.yo"></a><a name="l31"></a>
 <strong>4.3.2: verbosity - Controlling verbosity at the back end level</strong> <a name="confverbosity - Controlling verbosity at the back end level"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> Similar to <code>service</code> specifications, a
      <code>backend</code> can have its own verbosity (<code>on</code> or <code>off</code>). When
      <code>on</code>, traffic to and fro this back end is reported.
         <p><dt><strong>Syntax:</strong><dd> <ul>
         <li> <code>verbosity</code> <em>setting</em>, or
 	<li> <code>verbose</code> <em>setting</em>, where <em>setting</em> is <code>true</code>,
 	<code>yes</code> or <code>on</code>, or <code>false</code>, <code>no</code>, <code>off</code> to turn it
 	off.</ul>
         <p><dt><strong>Default:</strong><dd> <code>off</code>
     </dl>
 <p>
 <a name="conf/weight"></a><a name="l32"></a>
 <strong>4.3.3: weight - When a back end is more equal than others</strong> <a name="confweight - When a back end is more equal than others"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> To influence how backends are selected, a backend can specify its
     'weight' in the process. The higher the weight, the less likely a
     back end will be chosen. The default is 1.
 <p>
 The weighing mechanism only applies to the dispatch modes
      <code>random</code>, <code>byconnections</code>, <code>bysize</code> and <code>byduration</code>. 
      The weight is in fact a penalty factor. E.g., if backend A has
      <code>weight 2</code> and backend B has <code>weight 1</code>, then backend B will
      be selected all the time, until its usage parameter is twice as
      large as the parameter of A. Think of it as a 'sluggishness'
      statement.
         <p><dt><strong>Syntax:</strong><dd> <code>weight</code> <em>number</em>; the higher the number, the more 'sluggish'
      a back end is
         <p><dt><strong>Default:</strong><dd> 1; all back ends have equal weight.
     </dl>
 <p>
 <a name="conf/decay"></a><a name="l33"></a>
 <strong>4.3.4: decay - Levelling out activity of a back end</strong> <a name="confdecay - Levelling out activity of a back end"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> To make sure that a 'spike' of activity doesn't
      influence the perceived load of a back end forever, you may
      specify a certain decay. E.g, the statement <code>decay 10</code> makes
      sure that the load that crossroads computes for this back end (be
      it in seconds or in bytes) is decreased by 10% each time that
      <strong>an other</strong> back end is hit. Decays are not applied to the count
      of concurrent connections.
 <p>
 This means that when a given back end is hit, then its usage data
      of the transferred bytes and the connection duration are updated
      using the actual number of bytes and actual duration. However,
      when a different back end is hit, then the usage data are
      decreased by the specified decay. 
         <p><dt><strong>Syntax:</strong><dd> <code>decay</code> <em>number</em>, where <em>number</em> is a percentage that
      decreases the back end usage data when other back ends are
      hit.
         <p><dt><strong>Default:</strong><dd> 0, meaning that no decay is applied to usage statistics.
     </dl>
 <p>
 <a name="conf/onhooks"></a><a name="l34"></a>
 <strong>4.3.5: onstart, onend, onfail - Action Hooks</strong> <a name="confonstart, onend, onfail - Action Hooks"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> The three directives <code>onstart</code>, <code>onend</code> and <code>onfail</code> can be
      specified to start system commands (external programs) when a
      connection to a back end starts, fails or ends:
      <ul>
 	<li> <code>onstart</code> commands will be run when Crossroads
 	successfully connects to a back end, and starts servicing;
 	<li> <code>onend</code> commands will be run when a (previously
 	established) connection stops;
 	<li> <code>onfail</code> commands will be run when Crossroads tries to
 	contact a back end to serve a client, but the back end can't
 	be reached.</ul>
 <p>
 The format is always <code>on</code><em>type</em> <em>command</em>. The <em>command</em>
      is an external program, optionally followed by arguments. The
      command is expanded according to the following table:
 <p>
 <ul>
         <li> <code>%a</code> is the availability of the current back end, when
         a current back end is established;
         <li> <code>%1a</code> is the availability of the first back end (0 when
         unavailable, 1 if available); <code>%2a</code> is the availability of
         the second back end, and so on;
         <li> <code>%b</code> is the name of the current back end, when one is
         established; 
         <li> <code>%1b</code> is the name of the first back end, <code>%2b</code> of the
         second back end, and so on;
         <li> <code>%e</code> is the count of seconds since start of epoch
         (January 1st 1970 GMT);
         <li> <code>%r</code> is the IP address of the client that requests a
         connection and for whom the external dispatcher should compute
         a back end;
         <li> <code>%s</code> is the name of the current service that the client
         connected to;
         <li> <code>%t</code> is the current local time in ASCII format, in
         <em>YYYY-MM-DD/hhh:mm:ss</em>; 
         <li> <code>%T</code> is the current GMT time in ASCIII format;
         <li> <code>%v</code> is the Crossroads version;
         <li> Any other chararacter following a <code>%</code> sign is taken
         literally; e.g. <code>%z</code> is just a z.</ul>
 <p>
 <p><dt><strong>Syntax:</strong><dd> <ul>
         <li> <code>onstart</code> <em>commandline</em>
 	<li> <code>onend</code> <em>commandline</em>
 	<li> <code>onfail</code> <em>commandline</em>
 	<li> <code>onsuccess</code> <em>commandline</em></ul>
         <p><dt><strong>Default:</strong><dd> There is no default. Normally no external programs are run upon
      connection, success or failure of a back end.
     </dl>
 <p>
 <a name="conf/trafficlog"></a><a name="l35"></a>
 <strong>4.3.6: trafficlog and throughputlog - Debugging and Performance Aids</strong> <a name="conftrafficlog and throughputlog - Debugging and Performance Aids"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> Two directives are available
      to log network traffic to files. They are <code>trafficlog</code> and
      <code>throughputlog</code>.
 <p>
 The <code>trafficlog</code> statement causes all traffic to be logged in
      hexadecimal format. Each line is prefixed by <code>B</code> or <code>C</code>,
      depending on whether the information was received from the back
      end or from the client.
 <p>
 The <code>throughputlog</code> statement writes shorthand transmissions to
      its log, accompanied by timings.
         <p><dt><strong>Syntax:</strong><dd> <ul>
 	<li> <code>trafficlog</code> <em>filename</em>
         <li> <code>throughputlog</code> <em>filename</em></ul>
         <p><dt><strong>Default:</strong><dd> none
     </dl>
 <p>
 <a name="conf/stickycookie"></a><a name="l36"></a>
 <strong>4.3.7: stickycookie - Back end selection with an HTTP cookie</strong> <a name="confstickycookie - Back end selection with an HTTP cookie"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> The directive <code>stickycookie</code> <em>value</em>
      causes Crossroads to unpack clients' requests, to check for
      <em>value</em> in the cookies. When found, the message is routed to the
      back end having the appropriate <code>stickycookie</code> directive.
 <p>
 E.g., consider the following configuration:
 <p>
 <pre>
 service ... {
     ...
     backend one {
         ...
         stickycookie "BalancerID=first";
     }
     backend two {
         ...
         stickycookie "BalancerID=second";
     }
 }
 </pre>
 
 <p>
 When clients' messages contain cookies named <code>BalancerID</code> with
      the value <code>first</code>, then such messages are routed to backend
      <code>one</code>. When the value is <code>second</code> then they are routed to the
      backend <code>two</code>.
 <p>
 There are basically to provide such cookies to a browser. First, a
      back end can insert such a cookie into the HTTP response. E.g.,
      the webserver of back end <code>one</code> might insert a cookie named
      <code>BalancerID</code>, having value <code>first</code>.
      Second, Crossroads can insert such cookies using a carefully
      crafted directive <code>addclientheader</code>.
         <p><dt><strong>Syntax:</strong><dd> <code>stickycookie</code> <em>cookievalue</em>
         <p><dt><strong>Default:</strong><dd> There is no default.
     </dl>
 <p>
 <a name="conf/addclientheader"></a><a name="l37"></a>
 <strong>4.3.8: HTTP Header Modification Directives</strong> <a name="confHTTP Header Modification Directives"></a>
     <dl>
         <p><dt><strong>Description:</strong><dd> Crossroads understands the following
      header modification directives: <code>addclientheader</code>,
      <code>appendclientheader</code>, <code>setclientheader</code>, <code>addserverheader</code>,
      <code>appendserverheader</code>, <code>setserverheader</code>.
 <p>
 The directive names always consist of
      <em>Action</em><em>Destination</em><code>header</code>, where:
 <p>
 <ul>
         <li> The action is <code>add</code>, <code>append</code> or <code>insert</code>.
 <p>
 <ul>
             <li> Action <code>add</code> adds a header, even when headers with
             the same name already are present in an HTTP
             message. Adding headers is useful for e.g. <code>Set-Cookie</code>
             headers; a message may contain several of such headers.
 <p>
 <li> Action <code>append</code> adds a header if it isn't present
             yet in an HTTP message. If such a header is already
             present, then the value is appended to the pre-existing
             header. This is useful for e.g. <code>Via</code> headers. Imagine
             an HTTP message with a header <code>Via: someproxy</code>. Then the
             directive <code>appendclientheader "Via: crossroads"</code> will
             rewrite the header to <code>Via: someproxy; crossroads</code>.
 <p>
 <li> Action <code>set</code> overwrites headers with the same
             name; or adds a new header if no pre-existing is found.
             This is useful for e.g. <code>Host</code> headers.</ul>
 <p>
 <li> The destination is one of <code>client</code> or <code>server</code>. When
         the destination is <code>server</code>, then Crossroads will apply such
         directives to HTTP messages that originate from the browser
         and are being forwarded to back ends. When the destination is
         <code>client</code>, then Crossroads will apply such directives to
         backend responses that are shuttled to the browser.</ul>
 <p>
 The format of the directives is e.g. <code>addclientheader
      "X-Processed-By: Crossroads"</code>. The directives expect one
      argument; a string, consisting of a header name, a colon, and a
      header value. As usual, the directive must end with a semicolon.
 <p>
 The header value may contain one of the following formatting
      directives:
 <p>
 <ul>
         <li> <code>%a</code> is the availability of the current back end, when
         a current back end is established;
         <li> <code>%1a</code> is the availability of the first back end (0 when
         unavailable, 1 if available); <code>%2a</code> is the availability of
         the second back end, and so on;
         <li> <code>%b</code> is the name of the current back end, when one is
         established; 
         <li> <code>%1b</code> is the name of the first back end, <code>%2b</code> of the
         second back end, and so on;
         <li> <code>%e</code> is the count of seconds since start of epoch
         (January 1st 1970 GMT);
         <li> <code>%r</code> is the IP address of the client that requests a
         connection and for whom the external dispatcher should compute
         a back end;
         <li> <code>%s</code> is the name of the current service that the client
         connected to;
         <li> <code>%t</code> is the current local time in ASCII format, in
         <em>YYYY-MM-DD/hhh:mm:ss</em>; 
         <li> <code>%T</code> is the current GMT time in ASCIII format;
         <li> <code>%v</code> is the Crossroads version;
         <li> Any other chararacter following a <code>%</code> sign is taken
         literally; e.g. <code>%z</code> is just a z.</ul>
 <p>
 The following examples show common uses of header modifications.
 <p>
 <dl>
         <p><dt><strong>Enforcing session stickiness:</strong><dd> By combining
         <code>stickycookie</code> and <code>addclientheader</code>, HTTP session
         stickiness is enforced. Consider the following configuration:
 <p>
 <pre>
 service ... {
     ...
     backend one {
         ...
         addclientheader "Set-Cookie: BalancerID=first; path=/";
         stickycookie "BalancerID=first";
     }
     backend two {
         ...
         addclientheader "Set-Cookie: BalancerID=second; path=/";
         stickycookie "BalancerID=second";
     }
 }
 </pre>
 
 <p>
 The first request of an HTTP session is balanced to either
         backend <code>one</code> or <code>two</code>. The server response is enriched
         using <code>addclientheader</code> with an appropriate cookie. A
         subsequent request from the same browser now has that cookie
         in place; and is therefore sent to the same back end where the
         its predecessors went.
 <p>
 <p><dt><strong>Hiding the server software version:</strong><dd> Many servers
         (e.g. Apache) advertize their version, as in <code>Server: Apache
         1.27</code>. This potentially provides information to attackers. The
         following configuration hides such information:
 <p>
 <pre>
 service ... {
     ...
     backend one {
         ...
         setclientheader "Server: WWW-Server";
     }
 }
 </pre>
 
 <p>
 <p><dt><strong>Informing the server of the clients' IP address:</strong><dd> Since
         Crossroads sits 'in the middle' between a client and a back
         end, the back end perceives Crossroads as its client. The
         following sends the true clients' IP address to the server, in
         a header <code>X-Real-IP</code>:
 <p>
 <pre>
 service ... {
     ...
     backend one {
         ...
         setserverheader "X-Real-IP: %r";
     }
 }
 </pre>
 
 <p>
 <p><dt><strong>Keep-Alive Downgrading:</strong><dd> The directives
         <code>setclientheader</code> and <code>setserverheader</code> also play a key
         role in downgrading Keep-Alive connections to
         'single-shot'. E.g., the following configuration makes sure
         that no Keep-Alive connections occur.
 <p>
 <pre>
 service ... {
     ...
     backend one {
         ...
         setserverheader "Connection: close";
         setclientheader "Connection: close";
     }
 }
 </pre>
 </dl>
         <p><dt><strong>Syntax:</strong><dd> <ul>
 	<li> <code>addclientheader</code> <em>Headername: headervalue</em> to add a
 	header in the traffic towards the client, even when another
 	header <em>Headername</em> exists;
 	<li> <code>appendclientheader</code> <em>Headername: headervalue</em> to
 	append <em>headervalue</em> to an existing header <em>Headername</em>
 	in the traffic towards the client,
 	or to add the whole header alltogether;
 	<li> <code>setclientheader</code> <em>Headername: headervalue</em> to
 	overwrite an existing header in the traffic towards the
 	client, or to add such a header;
 	<li> <code>addserverheader</code> <em>Headername: headervalue</em> to add a
 	header in the traffic towards the server, even when another
 	header <em>Headername</em> exists;
 	<li> <code>appendserverheader</code> <em>Headername: headervalue</em> to
 	append <em>headervalue</em> to an existing header <em>Headername</em>
 	in the traffic towards the server,
 	or to add the whole header alltogether;
 	<li> <code>setserverheader</code> <em>Headername: headervalue</em> to
 	overwrite an existing header in the traffic towards the
 	server, or to add such a header.</ul>
         <p><dt><strong>Default:</strong><dd> There is no default.
     </dl>
 <p>
 <a name="l38"></a>
 <h2>5: Tips, Tricks and Remarks</h2>
 <a name="tips"></a>The following sections elaborate on the directives as described in
 section <a href="crossroads.html#config">4</a> to illustrate how crossroads works and to help you
 achieve the "optimal" balancing configuration.
 <p>
 <a name="l39"></a>
 <h3>5.1: How back ends are selected in load balancing</h3><a name="howselected"></a>
 <p>
 In order to tune your load balancing, you'll need to understand how
 crossroads computes usage, how weighing works, and so on. In this
 section we'll focus on the dispatching modes <code>bysize</code>, <code>byduration</code>
 and <code>byconnections</code> only. The other dispatching types are
 self-explanatory. 
 <p>
 <a name="l40"></a>
 <strong>5.1.1: Bysize, byduration or byconnections?</strong>
 <p>
 As stated before, crossroads doesn't know 'what a service does' and
 how to judge whether a given back end is very busy or not. You
 must therefore give the right hints:
 <p>
 <ul>
         <li> In general, a service which is CPU bound, will be more
         busy when it takes longer to process a request. The dispatch
         mode <code>byduration</code> is appropriate here.
 <p>
 <li> In contrast, a service which is filesystem bound, will be
         more busy when more data are transferred. The dispatch mode
         <code>bysize</code> is apppropriate.
 <p>
 <li> The dispatch mode <code>byduration</code> can also be used when
         network latency is an issue. E.g., if your balancer has back
         ends that are geograpically distributed, then <code>byduration</code>
         would be a good way to select best available back ends.
 <p>
 <li> Furthermore it is noteworthy that <code>dispatchmode
         byduration</code> is not usable for interactive processes such as
         SSH logins. Idle time of a
         login adds to the duration, while causing (almost) no
         load. Mode <code>byduration</code> should only be used for automated
         processes that don't wait for user interaction (e.g., SOAP
         calls and other HTTP requests).
 <p>
 <li> As a last remark, the dispatching mode <code>byconnections</code> can
         be used if you don't have other clues for load
         estimations.
 <p>
 E.g., consider a database connection. What's
         heavier on the back end, time-consuming connections, or connections
         where loads of bytes are transferred? Well, that depends. A
         tough <code>select</code> query that joins multiple tables can be very
         heavy on the back end, though the response set can be quite
         small - and hence the number of
         transferred bytes. That would suggest
         dispatching by duration. However, <code>byduration</code>
         balancing doesn't respresent the true world, when interactive
         connections can occur where users have an idle TCP connection to
         the database:
         this consumes time, but no bytes (see the SSH login example
         above). In this case, the dispatch mode <code>byconnections</code> may be
         your best bet.
 <p>
 </ul> 
 <p>
 <a name="l41"></a>
 <strong>5.1.2: Averaging size and duration</strong>
 <p>
 The configuration statement <code>dispatchmode bysize</code> or <code>byduration</code>
 allows an optional modifier <code>over</code> <em>number</em>, where the stated
 number represents a connection count. When this modifier is present, then
 crossroads will use a moving average over the last <em>n</em> connections to
 compute duration and size figures.
 <p>
 In the real world you'll always want this modifier. E.g., consider two
 back ends that are running for years now, and one of them is suddenly
 overloaded and very busy (it experiences a 'spike' in activity).
 When the <code>over</code> modifier is absent, then
 the sudden load will hardly show up in the usage figures -- it will
 flatten out due to the large usage figures already stored in the years
 of service.
 <p>
 In contrast, when e.g. <code>over 3</code> is in effect, then a sudden load
 does show up -- because it highly contributes to the average of three
 connections.
 <p>
 <a name="l42"></a>
 <strong>5.1.3: Specifying decays</strong>
 <p>
 Decays are also only relevant when crossroads computes the 'next best
 back end' by size (bytes) or duration (seconds). E.g., imagine two
 back ends A and B, both averaged over say 3 connections.
 <p>
 Now when back end A is suddenly hit by a spike,
 its average would go up accordingly. But the back end would never
 again be used, unless B also received a similar spike, because A's
 'usage data' over its last three connections would forever be larger than
 B's data. 
 <p>
 For that reason, you should in real situations probably always
 specify a decay, so that the backend selection algorithm recovers from
 spikes. Note that the usage data of the back end where a decay is
 specified, decay when <strong>other</strong> back ends are hit. The decay parameter
 is like specifying how fast your body regenerates when someone else
 does the work.
 <p>
 The below configuration illustrates this:
 <p>
 <pre>
 /* Definition of the service */
 service soap {
     /* Local TCP port */
     port 8080;
 
     /* We'll select back ends by the processing
      * duration
      */
     dispatchmode byduration over 3;
 
     /* First back end: */
     backend A {
         /* Back end IP address and port */
         server 10.1.1.1:8080;
 
         /* When this back end is NOT hit because
          * the other one was less busy, then the
          * usage parameters decay 10% per connection
          */
         decay 10;
     }
 
     /* Second back end: */
     backend B {
         server 10.1.1.2:8080;
         decay 10;
     }
 }
 </pre>
 
 <p>
 <a name="l43"></a>
 <strong>5.1.4: Adjusting the weights</strong>
 <p>
 The back end modifier <code>weight</code> is useful in situations where your
 back ends differ in respect to performance. E.g,. your back ends may
 be geographically distributed, and you know that a given back end is
 difficult to reach and often experiences network lag.
 <p>
 Or you may have
 one primary back end, a system with a fast CPU and enough memory, and a
 small fall-back back end, with a slow CPU and short on memory. In that
 case you know in advance that the second back end should be used only
 rarely. Most requests should go to the big server, up to a certain load.
 <p>
 In such cases you will know in advance that the best performing back ends
 should be selected the most often. Here's where the <code>weight</code>
 statement comes in: you can simply increase the weight of the back
 ends with the least performance, so that they are selected less
 frequently.
 <p>
 E.g., consider the following configuration:
 <p>
 <pre>
 service soap {
     port 8080;
     dispatchmode byduration over 3;
     backend A {
         server 10.1.1.1:8080;
         decay 20;
     }
     backend B {
         server 10.1.1.2:8080;
         weight 2;
         decay 10;
     }
     backend C {
         server 10.1.1.3:8080;
         weight 4;
         decay 5;
     }
 }
 </pre>
 
 <p>
 This will cause crossroads to select back ends by the processing time,
 averaging over the last three connections. However, backend B will kick
 in only when its usage is half of the usage of A (back end B is
 probably only half as fast as A). Backend C will kick in only when its
 usage is a quarter of the usage of A, which is half of the usage of B
 (back end C is probably very weak, and just a fall-back system incase
 both A and B crash). Note also that A's usage data decay much faster
 than B's and C's: we're assuming that this big server recovers quicker
 than its smaller siblings.
 <p>
 <a name="l44"></a>
 <strong>5.1.5: Throttling the number of concurrent connections</strong>
 <p>
 If you suspect that your service may occasionally receive 'spikes' of
 activity&nbsp;(which you should always assume), then it might be a
 good idea to protect your service by specifying a maximum number of
 concurrent connections. This protection can be specified on two levels:
 <p>
 <dl>
         <p><dt><strong>On the service level</strong><dd> a statement like <code>maxconnections
             100;</code> states that the service as a whole will never
             service more than 100 concurrent connections. This means that
             all your back ends and the crossroads balancer itself
             will be protected from being overloaded.
         <p><dt><strong>On the back end level</strong><dd> a statement like <code>maxconnections 10;</code>
             states that this particular back end will never have more
             than 10 concurrent connections; regardless of the overall
             setting on the service level. This means that this
             particular back end will be protected from being
             overloaded (regardless of what other back ends may
             experience).</dl>
 <p>
 The <code>maxconnections</code> statement, combined with a back end selection
 algorithm, allows very fine granularity. The <code>maxconnections</code> statement
 on the back end level is like a hand brake: even when you specify a
 back end algorithm that would protect a given back end from being used
 too much, a situation may occur where that back end is about to be
 hit. A <code>maxconnections</code> statement on the level of that back may then
 protect it.
 <p>
 <a name="l45"></a>
 <h3>5.2: Using an external program to dispatch</h3>
 <a name="externalhandler"></a>
 <p>
 As mentioned before, Crossroads supports several built-in dispatch
 modes. However, you are always free to hook-in your own dispatch mode
 that determines the next back end using your own specific
 algorithm. This section explains how to do it.
 <p>
 <a name="l46"></a>
 <strong>5.2.1: Configuring the external handler</strong>
 <p>
 First, the <code>dispatchmode</code> statement needs to inform Crossroads that
 an external program will do the job. The syntax is: <code>dispatchmode
 externalhandler</code> <em>program arguments</em>. The <em>program</em> must point to
 an executable program that will be started by Crossroads. The
 specifier <em>arguments</em> can be anything you want; those will be the
 arguments to Crossroads. You can however use the following special
 format specifiers:
 <p>
 <ul>
         <li> <code>%a</code> is the availability of the current back end, when
         a current back end is established;
         <li> <code>%1a</code> is the availability of the first back end (0 when
         unavailable, 1 if available); <code>%2a</code> is the availability of
         the second back end, and so on;
         <li> <code>%b</code> is the name of the current back end, when one is
         established; 
         <li> <code>%1b</code> is the name of the first back end, <code>%2b</code> of the
         second back end, and so on;
         <li> <code>%e</code> is the count of seconds since start of epoch
         (January 1st 1970 GMT);
         <li> <code>%r</code> is the IP address of the client that requests a
         connection and for whom the external dispatcher should compute
         a back end;
         <li> <code>%s</code> is the name of the current service that the client
         connected to;
         <li> <code>%t</code> is the current local time in ASCII format, in
         <em>YYYY-MM-DD/hhh:mm:ss</em>; 
         <li> <code>%T</code> is the current GMT time in ASCIII format;
         <li> <code>%v</code> is the Crossroads version;
         <li> Any other chararacter following a <code>%</code> sign is taken
         literally; e.g. <code>%z</code> is just a z.</ul>
 <p>
 Note that the format specifiers such as <code>%b</code> don't make sense in the
 phase in which an external handler is called, since there is no
 current back end yet (the job of the handler is to supply one).
 <p>
 <a name="l47"></a>
 <strong>5.2.2: Writing the external handler</strong>
 <p>
 The external handler is activated using the arguments that are
 specified in <code>/etc/crossroads.conf</code>. The external handler can do
 whatever it wants, but ultimately, it must write a back end name on
 its <em>stdout</em>. Crossroads reads this, and if the back end is
 available, uses that back end for the connection.
 <p>
 <a name="l48"></a>
 <strong>5.2.3: Examples of external handlers</strong>
 <p>
 This section shows some examples of Crossroads configurations
 vs. external handlers. The sample handlers that are shown here, are
 also included in the Crossroads distribution, under the directory
 <code>etc/</code>. Also note that the examples shown here are just
 quick-and-dirty Perl scripts, meant to illustrate only. Your
 applications may need other external handlers, but you can use the
 shown scripts as a starting point.
 <p>
 <p><strong>Round-robin dispatching</strong><br>
 <p>
 This example is trivial in the sense that round-robin dispatching is
 already built into Crossroads, so
 that using an external handler for this purpose only slows down
 Crossroads. However, it's a good starting example.
 <p>
 The Crossroads configuration is shown below:
 <p>
 <pre>
 service test {
     port 8001;
     verbosity on;
     revivinginterval 5;
     
     dispatchmode externalhandler
         /usr/local/src/crossroads/etc/dispatcher-roundrobin
             %1b %1a %2b %2a;
 
     backend testone {
         server localhost:3128;
         verbosity on;
     }
     backend testtwo {
         server locallhost:3128;
         verbosity on;
     }
 }
 </pre>
 
 <p>
 The relevant <code>dispatchmode</code> statement invokes the external program
 <code>dispatcher-roundrobin</code> with four arguments: the name of the first
 back end (<code>testone</code>), its availability (0 or 1), the name of the
 second back end (<code>testtwo</code>) and its availability (0 or 1).
 <p>
 The external handler, which is also included in the Crossroads
 distribution, is shown below. It is a Perl script.
 <p>
 <pre>
 #!/usr/bin/perl
 
 use strict;
 
 # Example of a round-robin external dispatcher. This is totally
 # superfluous, Crossroads has this on-board; if you use the external
 # program for determining round-robin dispatching, then you'll only
 # slow things down. This script is just meant as an example.
 
 # Globals / configuration
 # -----------------------
 my $log = '/tmp/exthandler.log';    # Debug log, set to /dev/null to suppress
 my $statefile = '/tmp/rr.last';	    # Where we keep the last used
 
 # Logging
 # -------
 sub msg {
     return if ($log eq '/dev/null' or $log eq '');
     open (my $of, "&gt;&gt;$log") or return;
     print $of (scalar(localtime()), ' ', @_);
 }
 
 # Read the last used back end
 # ---------------------------
 sub readlast() {
     my $ret;
     
     if (open (my $if, $statefile)) {
         $ret = &lt;$if&gt;;
         chomp ($ret);
         close ($if);
         msg ("Last used back end: $ret\n");
         return ($ret);
     }
     msg ("No last-used back end (yet)\n");
     return (undef);    
 }
 
 # Write back the last used back end, reply to Crossroads and stop
 # ---------------------------------------------------------------
 sub reply ($) {
     my $last = shift;
 
     if (open (my $of, "&gt;$statefile")) {
         print $of ("$last\n");
     }
     print ("$last\n");
     exit (0);
 }
 
 # Main starts here
 # ----------------
 
 # Collect the cmdline arguments. We expect pairs of backend-name /
 # backend-availablility, and we'll store only the available ones.
 msg ("Dispatch request received\n");
 my @backend;
 for (my $i = 0; $i &lt;= $#ARGV; $i += 2) {
     push (@backend,  $ARGV[$i]) if ($ARGV[$i + 1]);
 }
 msg ("Available back ends: @backend\n");
 
 # Let's see what the last one is. If none found, then we return the
 # first available back end. Otherwise we need to go thru the list of
 # back ends, and return the next one in line.
 my $last = readlast();
 if ($last eq '') {
     msg ("Returning first available back end $backend[0]\n");
     reply ($backend[0]);
 }
 
 # There **was** a last back end.  Try to match it in the list,
 # then return the next-in-line.
 for (my $i = 0; $i &lt; $#backend; $i++) {
     if ($last eq $backend[$i]) {
         msg ("Returning next back end ", $backend[$i + 1], "\n");
         reply ($backend[$i + 1]);
     }
 }
 
 # No luck.. run back to the first one.
 msg ("Returning first back end $backend[0]\n");
 reply ($backend[0]);
 </pre>
 
 <p>
 The working of the script is basically as follows:
 <p>
 <ul>
         <li> The argument list is scanned. Back ends that are
         available are collected in an array <code>@backend</code>.
 <p>
 <li> The script queries a state file <code>/tmp/rr.last</code>. If a
         back end name occurs there, then the next back end is looked
         up in <code>@backend</code> and returned to Crossroads. If no last back
         is unknown or can't be matched, then the first available back
         end (first element of <code>@backend</code>) is returned to Crossroads.
 <p>
 <li> Informing Crossroads is done via the subroutine
         <code>reply()</code>. This code writes the selected back end to file
         <code>/tmp/rr.last</code> (for future usage) and prints the back end
         name to <em>stdout</em>.
 <p>
 <li> The script logs its actions to a file
         <code>/tmp/exthandler.log</code>. This log file can be inspected for
         the script's actions.</ul>
 <p>
 <p><strong>Dispatching by the client IP address</strong><br>
 <p>
 The following example shows a useful real-life situation. The
 situation is as follows:
 <p>
 <ul>
         <li> Crossroads is used as a single-address point to forward
         Remote Desktop requests to a farm of Windows systems, where
         users can work via remote access;
 <p>
 <li> However, users may stop their session, and when they
         re-connect, they expect to be sent to the Windows system that
         they had worked on previously;
 <p>
 <li> Client PC's have their distinct IP addresses, which
         distinguishes them.
 <p>
 <li> Of four windows systems, two are large servers, and two
         are small ones. We'll want to assign large servers to clients
         when we have a choice.</ul>
 <p>
 The requirements resemble session stickiness in HTTP, except that the remote
 desktop protocol doesn't support stickiness. This situation is a
 perfect example of how an external handler can help:
 <p>
 <ul>
         <li> A suitable dispatch mode isn't yet available in
         Crossroads, but can be easily coded in an external handler;
 <p>
 <li> The potential delay due to the calling of an external
         handler won't even be noticed. This is a network service where
         the connection time isn't critical; we'd expect only a few
         (albeit lengthy) TCP connections.</ul>
 <p>
 The approach to the solution of this problem uses several external
 program hooks:
 <p>
 <ul>
         <li> An external dispatcher handler will be responsible for
         suggesting a back end, given a client IP and given the current
         timestamp. This handler will consult an internal
         administration to see whether the stated IP address should
         re-use a back end, or to determine which back end is free for usage.
         <li> An external hook <code>onstart</code> will be responsible for
         updating the internal administration; i.e., to flag a back end
         as 'occupied'.
         <li> The external hooks <code>onfailure</code> and <code>onend</code> will be
         responsible for flagging a back end as 'free' again; i.e., for
         erasing any previous information that states that the back end
         was occupied.</ul>
 <p>
 The Crossroads configuration is shown below. Only four Windows back
 ends are shown. Each back end is configured on a
 given IP address, port 3389, and is limited to one concurrent connection
 (otherwise a new user might 'steal' a running desktop session).
 <p>
 <pre>
 service rdp {
     port 3389;
     revivinginterval 5;
 
     /* rdp-helper dispatch IP STAMP ...  will suggest a back end to use,
      * arguments are for all back ends: name, availability, weight */
     dispatchmode externalhandler
         /usr/local/src/crossroads/etc/rdp-helper dispatch %r %e
             %1b %1a %1w
             %2b %2a %2w
             %3b %3a %3w
             %4b %4a %4w;
             
     backend win1 {
         server 10.1.1.1:3389;
         maxconnections 1;
         /* rdp-helper start IP STAMP BACKEND will log the actual start
          * of a connection;
          * rdp-helper end IP will log the ending of a connection */
         onstart /usr/local/src/crossroads/etc/rdp-helper start %r %e %b;
         onend   /usr/local/src/crossroads/etc/rdp-helper end %r;
         onfail  /usr/local/src/crossroads/etc/rdp-helper end %r;
     }
     backend win2 {
         server 10.1.1.2:3389;
         maxconnections 1;
         onstart /usr/local/src/crossroads/etc/rdp-helper start %r %e %b;
         onend   /usr/local/src/crossroads/etc/rdp-helper end %r;
         onfail  /usr/local/src/crossroads/etc/rdp-helper end %r;
     }
     backend win3 {
         server 10.1.1.3:3389;
         maxconnections 1;
         weight 2;
         onstart /usr/local/src/crossroads/etc/rdp-helper start %r %e %b;
         onend   /usr/local/src/crossroads/etc/rdp-helper end %r;
         onfail  /usr/local/src/crossroads/etc/rdp-helper end %r;
     }
     backend win4 {
         server 10.1.1.4:3389;
         maxconnections 1;
         weight 3;
         onstart /usr/local/src/crossroads/etc/rdp-helper start %r %e %b;
         onend   /usr/local/src/crossroads/etc/rdp-helper end %r;
         onfail  /usr/local/src/crossroads/etc/rdp-helper end %r;
     }
 }
 </pre>
 
 <p>
 Depending on the dispatcher stage, the exernal handler <code>rdp-helper</code>
 is invoked in different ways:
 <p>
 <dl>
         <p><dt><strong>During dispatching</strong><dd> the helper is called to suggest a back
         end. The arguments are an action indicator <code>dispatch</code>, the
         client's IP address, the timestamp, and four triplets that
         represent back ends: per back end its name, its availability,
         and its weight. The purpose of the helper is to tell
         Crossroads which back end to use.
 <p>
 <p><dt><strong>During connection start</strong><dd> the helper will be invoked to
         inform it of the start of a connection, given a client IP
         address.
 <p>
 <p><dt><strong>When a connection terminates</strong><dd> the helper will be invoked
         to inform it that the connection has ended.</dl>
 <p>
 Here's the external handler as Perl script. It uses the module
 <code>GDBM_File</code> which most likely will not be part of standard Perl
 distributions, but can be added using CPAN. (Alternatively, any other
 database module can be used.)
 <p>
 <pre>
 #!/usr/bin/perl
 
 use strict;
 use GDBM_File;
 
 # Global variables and configuration
 # ----------------------------------
 my $log = '/tmp/exthandler.log';    # Debug log, set to /dev/null to suppress
 my $cdb = '/tmp/client.db';         # GDBM database of clients
 my %db;                             # .. and memory representation of it
 my $timeout = 24*60*60;             # Timeout of a connection in secs
 
 # Logging
 # -------
 sub msg {
     return if ($log eq '/dev/null' or $log eq '');
     open (my $of, "&gt;&gt;$log") or return;
     print $of (scalar(localtime()), ' ', @_);
     close ($of);
 }
 
 # Reply a back end to the caller and stop processing.
 # ---------------------------------------------------
 sub reply ($) {
     my $b = shift;
     msg ("Suggesting $b to Crossroads.\n");
     print ("$b\n");
     exit (0);
 }
 
 # Is a value in an array
 # ----------------------
 sub inarray {
     my $val = shift;
     for my $other (@_) {
         return (1) if ($other eq $val);
     }
     return (0);
 }
 
 # A connection is starting
 # ------------------------
 sub start {
     my ($ip, $stamp, $backend) = @_;
     msg ("Logging START of connection for IP $ip on stamp $stamp, ",
          "back end $backend\n");
     $db{$ip} = "$backend:$stamp";
 }
 
 # A connection has ended
 # ----------------------
 sub end {
     my $ip = shift;
     msg ("Logging END of connection for IP $ip\n");
     $db{$ip} = undef;
 }
 
 # Request to determine a back end
 # -------------------------------
 sub dispatch {
     my $ip = shift;
     my $stamp = shift;
 
     msg ("Request to dispatch IP $ip on stamp $stamp\n");
     
     # Read the next arguments. They are triplets of
     # backend-name / availability / weight. Store if the back end is
     # available.
     my (@backends, @weights);
     for (my $i = 0; $i &lt; $#_; $i += 3) {
         if ($_[$i + 1] != 0) {
             push (@backends, $_[$i]);
             push (@weights,  $_[$i + 2]);
             msg ("Candidate back end: $_[$i] with weight ", $_[$i + 2], "\n");
         }
     }
 
     # See if this is a reconnect by a previously seen client IP. We'll
     # treat this as a reconnect if the timeout wasn't yet exceeded.
     if ($db{$ip} ne '') {
         my ($last_backend, $last_stamp) = split (/:/, $db{$ip});
         msg ("IP $ip had last connected on $last_stamp to $last_backend\n");
         if ($stamp &lt; $last_stamp + $timeout) {
             msg ("Timeout not yet exceeded, this may be a reconnect\n");
             # We'll allow a reconnect only if the stated last_backend is
             # free (sanity check).
             if (inarray ($last_backend, @backends)) {
                 msg ("Last back end $last_backend is available, ",
                      "letting through\n");
                 reply ($last_backend);
             } else {
                 msg ("Last used back end isn't free, suggesting a new one\n");
             }
         } else {
             msg ("Timeout exceeded, suggesting a new back end\n");
         }
     } else {
         msg ("Np preveious connection data, suggesting a new back end\n");
     }
 
     my $bestweight = -1;
     my $bestbackend;
     for (my $i = 0; $i &lt;= $#weights; $i++) {
         if ($bestweight == -1 or $bestweight &gt; $weights[$i]) {
             $bestweight  = $weights[$i];
             $bestbackend = $backends[$i];
         }
     }
 
     msg ("Best back end: $bestbackend (given weight $bestweight)\n");
     reply ($bestbackend);
 }
 
 # Main starts here
 # ----------------
 msg ("Start of run, attaching GDBM database '$cdb'\n");
 tie (%db, 'GDBM_File', $cdb, &amp;GDBM_WRCREAT, 0600);
 
 # The first argument must be an action 'dispatch', 'start' or 'end'.
 # Depending on the action, we do stuff.
 my $action = shift (@ARGV);
 if ($action eq 'dispatch') {
     dispatch (@ARGV);
 } elsif ($action eq 'start') {
     start (@ARGV);
 } elsif ($action eq 'end') {
     end (@ARGV);
 } else {
     print STDERR ("Usage: rdp-helper {dispatch|start|end} args\n");
     exit (1);
 }
 </pre>
 
 <p>
 <a name="l49"></a>
 <h3>5.3: HTTP Session Stickiness</h3>
 <p>
 This section focuses on HTTP session stickiness. This term refers to
 the ability of a balancer to route a conversation between browser and
 a backend farm always to the same back end. In other words: once a
 back end is selected by the balancer, it will remain the back end of
 choice, even for subsequent connections.
 <p>
 <a name="l50"></a>
 <strong>5.3.1: Don't use stickiness!</strong>
 <p>
 The rule of thumb as far as the balancer is concerned, is: <strong>Do not
 use HTTP session stickiness unless you really have to.</strong> Enabling
 session stickiness hampers failover, balancing and performance:
 <p>
 <ul>
     <li> Failover is hampered because during the session,
          the balancer has to assign new connections to the same back
          end that was selected at the start of a session. If the back
          end suddenly goes 'down', then the session will most likely
          crash. (Actually, when a back end becomes unreachable in the
          middle of a session, Crossroads will assign a new back end to
          that session. This will most likely result in a malfunction
          of the underlying application.)
     <li> Balancing is hampered because at the start of the session,
          the balancer has selected the next-best back end. But during
          the session, that back end may well become overloaded. The
          balancer however must continue to send the requests there.
     <li> Performance is hampered because crossroads needs to 'unpack'
          messages as they are passed to and fro. That's because
          crossroads needs to check the HTTP headers in the messages
          for persistence cookies.</ul>
 <p>
 There is a number of measures that you can take to avoid using session
 stickiness. E.g., session data can be 'shared' between web back
 ends. PHP offers functionality to store session data in a database, so
 that all PHP applications have access to these data. Application
 servers such as Websphere can be configured to replicate session data
 between nodes.
 <p>
 <a name="l51"></a>
 <strong>5.3.2: But if you must..</strong>
 <p>
 However, if you <strong>must</strong> use session stickiness, then proceed as
 follows:
 <p>
 <ul>
     <li> At the level of a <code>service</code> description, set the type to
          <code>http</code>. 
     <li> At the level of each back end description, configure the
          <code>stickycookie</code> and a <code>addclientheader</code> directives.</ul>
 <p>
 Once crossroads sees that, it will examine each HTTP message that it
 shuttles between client and back end:
 <p>
 <ul>
     <li> If there is no persistence cookie in the HTTP headers of a
          client's request, then the message must be the first one and
          a new session should be established. 
          Crossroads selects an appropriate back
          end, sends the message to that back end, catches the reply,
          and inserts a <code>Set-Cookie</code> directive.
     <li> If there is a persistence cookie in the HTTP headers of a
          client's request, then the request is part of an already
          established session. Crossroads analyzes the cookie and
          forwards the request to the appropriate back end.</ul>
 <p>
 Below is a short example of a configuration.
 <p>
 <pre>
 service www {
     port 80;
     type http;
     revivinginterval 15;
     dispatchmode byconnections;
 
     backend one {
         server 10.1.1.100:80;
         stickycookie XRID=100;
         addclientheader "Set-Cookie: XRID=100; Path=/";
     }
 
     backend two {
         server 10.1.1.101:80;
         stickycookie XRID=101;
         addclientheader "Set-Cookie: XRID=101; Path=/";
     }
 }
 </pre>
 
 <p>
 Note how the cookie names and values in the directives
 <code>stickycookie</code> and <code>addclientheader</code> match. That is obviously a
 prerequisite for stickiness.
 <p>
 <a name="l52"></a>
 <h3>5.4: Passing the client's IP address</h3>
 <p>
 Since Crossroads just shuttles bytes to and fro, meta-information of
 network connections is lost. As far as the back ends are concerned,
 their connections originate at the Crossroads junction.
 For example, standard Apache access logs will show the IP address of
 Crossroads. 
 <p>
 In order to compensate for this, Crossroads can insert a special
 header in HTTP connections, to inform the back end of the original
 client's IP address. In order to enable this, the Crossroads
 configuration must state the following:
 <p>
 <ul>
     <li> The service type must be <code>http</code>, and not <code>any</code>;
     <li> In the back end definition, the following statement must
          occur: <br>
          <code>addserverheader "X-Real-IP: %r";</code> <br>
          You are of course free to choose the header name; the here
          used <code>X-Real-IP</code> is a common name for this purpose.</ul>
 <p>
 After this, HTTP traffic that arrives at the back ends has a new
 header: <code>X-Real-IP</code>, holding the client's IP address.
 <strong>Note that</strong> once the type is set to <code>http</code>, Crossroads'
 performance will be hampered -- all passing messages will have to be
 unpacked and analyzed.
 <p>
 <a name="l53"></a>
 <strong>5.4.1: Sample Crossroads configuration</strong>
 <p>
 The below sample configuration shows two HTTP back ends that receive
 the client's IP address:
 <p>
 <pre>
 
 service www {
     port 80;
     type http;
     revivinginterval 5;
     dispatchmode roundrobin;
 
     backend one {
         server 10.1.1.100:80;
         addserverheader "X-Real-IP: %r";
     }
 
     backend two {
         server 10.1.1.200:80;
         addserverheader "X-Real-IP: %r";
     }
 }
 </pre>
 
 <p>
 <a name="l54"></a>
 <strong>5.4.2: Sample Apache configuration</strong>
 <p>
 The method by which each back end analyzes the header <code>X-Real-IP</code>
 will obviously be different per server implementations. However, a
 common method with the Apache webserver is to log the client's IP
 address into the access log.
 <p>
 Often this is accomplished using the log format <code>custom</code>, defined as
 follows:
 <p>
 <pre>
 LogFormat "%h %l %u %t %D \"%r\" %&gt;s %b" common
 CustomLog logs/access_log common
 </pre>
 
 <p>
 The first line defines the format <code>common</code>, with the remote host
 specified by <code>%h</code>. The second line sends access information to a log
 file <code>logs/access_log</code>, using the previously defined format
 <code>common</code>.
 <p>
 Furtunately, Apache's <code>LogFormat</code> allows one to log contents of
 headers. By replacing the <code>%h</code> with <code>%{X-Real-IP}i</code>, the desired
 information is sent to the log. Therefore, normally you can simply
 redefine the <code>common</code> format to 
 <p>
 <pre>
 LogFormat "%{X-Real-IP}i %l %u %t %D \"%r\" %&gt;s %b" common
 </pre>
 
 <p>
 <a name="l55"></a>
 <h3>5.5: Debugging network traffic</h3>
 <p>
 Incase the traffic between
     client and backend
     must be debugged, the statement <code>trafficlog</code> <em>filename</em> can
     be issued. This causes the traffic to be dumped in hexadecimal
     format to the stated filename.
 <p>
 Traffic sent by the client is prefixed by a <strong>C</strong>, traffic sent by
     the back end is prefixed by a <strong>B</strong>. Below is a sample traffic
     dump of a browser trying to get a HTML page. The server replies
     that the page was not modified.
 <p>
 <pre>
 C 0000  47 45 54 20 68 74 74 70 3a 2f 2f 77 77 77 2e 63 GET http://www.c
 C 0010  73 2e 68 65 6c 73 69 6e 6b 69 2e 66 69 2f 6c 69 s.helsinki.fi/li
 C 0020  6e 75 78 2f 6c 69 6e 75 78 2d 6b 65 72 6e 65 6c nux/linux-kernel
 C 0030  2f 32 30 30 31 2d 34 37 2f 30 34 31 37 2e 68 74 /2001-47/0417.ht
 C 0040  6d 6c 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e ml HTTP/1.1..Con
 C 0050  6e 65 63 74 69 6f 6e 3a 20 63 6c 6f 73 65 0d 0a nection: close..
 .
 . etcetera
 .
 B 0000  48 54 54 50 2f 31 2e 30 20 33 30 34 20 4e 6f 74 HTTP/1.0 304 Not
 B 0010  20 4d 6f 64 69 66 69 65 64 0d 0a 44 61 74 65 3a  Modified..Date:
 B 0020  20 54 75 65 2c 20 31 32 20 4a 75 6c 20 32 30 30  Tue, 12 Jul 200
 B 0030  35 20 30 39 3a 34 39 3a 34 37 20 47 4d 54 0d 0a 5 09:49:47 GMT..
 B 0040  43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 74 65 Content-Type: te
 B 0050  78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 xt/html; charset
 .
 . etcetera
 .
 </pre>
 
 <p>
 Turning on traffic dumps will <em>significantly</em>
     slow down crossroads.
 <p>
 Besides <code>trafficlog</code>, there is also a directive
     <code>throughputlog</code>. This directive also takes one argument, a
     filename. The file is appended, and the following information is
     logged:
 <p>
 <ul>
         <li> The process ID of the crossroads image that serves the
         TCP connection;
         <li> The time of the request, in seconds and microseconds
         since start of the run;
         <li> A <strong>C</strong> when the request originated at the client, or
         <strong>B</strong> when the request originated at the back end;
         <li> The first 100 bytes of the request.</ul>
 <p>
 As an example, consider the following (the lines are shortened for
     brevity and prefixed by line numbers for clarity):
 <p>
 <pre>
 
 1 0000594 0.000001 C GET http://public.e-tunity.com/index.html...
 2 0000594 0.173713 B HTTP/1.0 200 OK..Date: Fri, 18 Nov 2005 0...
 3 0000594 0.278125 B  width="100" bgcolor="#e0e0e0" valign="to...
 4 0000595 0.000001 C GET http://public.e-tunity.com/css/style/...
 5 0000594 0.944339 B /a&gt;&lt;/td&gt;..  &lt;/tr&gt;.&lt;/table&gt;.&lt;/td&gt;&lt;td class...
 6 0000594 0.946356 B smallboxdownl"&gt;Download&lt;/td&gt;..  &lt;td class...
 7 0000594 0.961102 B td&gt;&lt;td class="smallboxodd" valign="top"&gt;&lt;...
 8 0000595 0.698215 B HTTP/1.0 304 Not Modified..Date: Fri, 18 ...
 </pre>
 
 <p>
 This tells us that:
 <p>
 <ul>
         <li> Line 1:  PID 594 served a request that originated at
              the client. The corresponding time is (almost) 0 seconds,
              so this is really the start of the run.
         <li> Line 2: A back end replied 0.17 seconds later, and
              0.28 seconds later, it was still replying (this is the
              third line, again a <strong>B</strong>-type transmission).
         <li> Line 4: PID 595 served a request that originated
              at the client. Again, the corresponding time is (almost)
              0 seconds, since this is the first conversation part of
              this connection.
         <li> Lines 5 to 7: This is the continuation of line 2. Line 7
              is the last line of the <strong>B</strong> series (not visible from
              the example, but trust me, it is), so that we may
              conclude that it took the back end 0.96 seconds to serve
              the file <code>index.html</code> requested in line 1.
         <li> Line 8: This is the answer to the client's request of
              line 4 (you can tell by the process ID  number).
              So the back end took 0.68 seconds to confirm that
              the stylesheet requested in line 4 wasn't modified.</ul>
 <p>
 It is also worth while remembering that the start time of a <strong>C</strong>
     request is the time that crossroads sees the activity. Any latency
     between the true client and crossroads is obviously not
     included. This is illustrated by the below simple ASCII art:
 <p>
 <pre>
 
 client ----&gt;----&gt;----&gt;---&gt;*crossroads ====&gt;====&gt;====&gt;
                                                      \    
                                                   back end
                                                      /
 client ----&lt;----&lt;----&lt;---&lt; crossroads ====&lt;====&lt;====&lt;
 
 </pre>
 
 <p>
 This simple picture shows a typical HTTP request that originates
     at a client, travels to crossroads, and is relayed via the back
     end. The <strong>C</strong> entry in a throughput log is the time when
     crossroads sees the request, indicated by an asterisk. The <strong>B</strong>
     entries are the times that it takes the back end to answer,
     indicated by <code>===</code> style lines. Therefore, the true roundtrip
     time will be longer than the number of seconds that are logged in
     the throughput log: the latency between client and crossroads
     isn't included in that measurement.
 <p>
 Summarizing, the throughput times of a client-back end connection
     can be analyzed using the directive <code>throughputlog</code>. In a
     real-world analysis, you'd probably want to write up a script to
     analyze the output and to compute round trip times. Such scripts
     are not (yet) included in Crossroads.
 <p>
 <a name="l56"></a>
 <h3>5.6: Limiting Access to Crossroads by Client IP Address</h3>
 <p>
 <a name="l57"></a>
 <strong>5.6.1: General Examples</strong>
 <p>
 The directives <code>allowfrom</code>, <code>denyfrom</code>, <code>allowfile</code> and
 <code>denyfile</code> can be used to instruct Crossroads to specifically allow
 access by using a "whitelist" of IP addresses, or to specifically deny
 access by using a "blacklist". E.g., the following configuration
 allows access to service <code>webproxy</code> only to <em>localhost</em>:
 <p>
 <pre>
 service webproxy {
     port 8000;    
     allowfrom 127.0.0.1;
     backend one {
         .
         . Back end definitions occur here
         .
     }
     .
     . Other back ends or other service directives
     . may occur here
     .
 }
 </pre>
 
 <p>
 In this example there is a "whitelist" having only one entry: IP
 address 127.0.0.1, or <em>localhost</em>. (Incidentally, the same behaviour
 could be accomplished by stating <em>bindto 127.0.0.1</em>, in which case
 Crossroads would only listen to the local network device.)
 <p>
 In the same vein, the directive <code>allowfrom 127.0.0.1 192.168.1/24</code>
 would allow access to <em>localhost</em> and to all IP addresses that start
 with 192.168.1. The specifier <code>192.168.1/24</code> states that there are
 three network bytes (192, 168 and 1), and 24 bits (or 3 bytes) are
 relevant; so that the fourth network byte doesn't matter.
 <p>
 <a name="l58"></a>
 <strong>5.6.2: Using External Files</strong>
 <p>
 The directives <code>allowfile</code> and <code>denyfile</code> allow you to specify IP
 addresses in external files. The Crossroads configuration states
 e.g. <code>allowfile /tmp/allow.txt</code>, and the IP addresses are then in
 <code>/tmp/allow.txt</code>. The format of <code>/tmp/allow.txt</code> is as follows:
 <p>
 <ul>
         <li> The specifications follow again <em>p.q.r.s/mask</em>, where
         p, q, r and s are network bytes which can be left out on the
         right hand side when the mask allows it;
 <p>
 <li> The specifications must be separated by white space
         (spaces, tabs or newlines).</ul>
 <p>
 E.g., the following is a valid example of an external specification
 file:
 <p>
 <pre>
 127.0.0.1
 192.168.1/24
 10/8
 </pre>
 
 <p>
 When external files are in effect, then the signal <code>SIGHUP</code> (1)
 causes Crossroads to reload the external file. E.g., while Crossroads
 is running, you may edit <code>/tmp/allow.txt</code>, and then issue <code>killall
 -1 crossroads</code>. The new contents of <code>/tmp/allow.txt</code> will be
 reloaded.
 <p>
 <a name="l59"></a>
 <strong>5.6.3: Mixing Directives</strong>
 <p>
 Crossroads allows to mix all directives in one service
 description. However, some mixes are less meaningful than others. It's
 up to you to take this into account.
 <p>
 The following rules apply:
 <p>
 <ul>
         <li> Blacklisting and whitelisting can be used together. When
         combined, the blacklist will always be interpreted
         first. E.g., consider the following directives:
 <p>
 <pre>
 allowfrom 192.168.1/24
 denyfrom  192.168.1.100
 </pre>
 
 <p>
 Given the fact that the deny list is checked first, client
         192.168.1.100 won't be able to access Crossroads. Then the
         allow list will be checked, stating that all clients whose IP
         address starts with 192.168.1 may connect. The effect will be
         that e.g., client 192.168.1.1 may connect, 192.168.1.2 may
         connect too, 192.168.1.100 will be blocked, and 10.1.1.1 will
         be blocked as well.
 <p>
 Now consider the following directives:
 <p>
 <pre>
 allowfrom 192.168.1.100 127.0.0.1
 denyfrom  192.168.1/24
 </pre>
 
 <p>
 This will first of all deny access to all IP addresses that
         start with 192.168.1. So the rule that allows 192.168.1.100
         won't ever be effective. The net result will be that access
         will be granted to 127.0.0.1, and IP addresses that don't
         match 192.168.1/24.
 <p>
 <li> Blacklisting or whitelisting can be left out.
         A list is considered empty when no appropriate directives
         occur in <code>/etc/crossroads.conf</code>, or when the directive
         points to an empty or non-existent external file.
 <p>
 <li> Using <code>*from</code> and <code>*file</code> statements is allowed, but
         doesn't make sense. E.g., the following configuration sample
         is such a case:
 <p>
 <pre>
 allowfrom 127.0.0.1 192.168.1/24
 allowfile /tmp/allow.txt
 </pre>
 
 <p>
 There is a technical reason for this. Once Crossroads
         processes the <code>allowfile</code> directive, then the whole
         whitelist is cleared (thereby removing the entries 127.0.0.1
         and 192.168.1/24), and new entries are reloaded from the
         file. The net result is that the <code>allowfrom</code> specification
         is overruled.
 <p>
 Crossroads doesn't check for such configurations, which are
         syntactially correct, but make no semantic sense.</ul>
 <p>
 <a name="l60"></a>
 <h3>5.7: Configuration examples</h3>
 <p>
 As a general hint, use <code>crossroads sampleconf</code> to view the most
 up-to-date examples of configurations. The description below shows a
 few examples too.
 <p>
 <a name="l61"></a>
 <strong>5.7.1: A load balancer for three webserver back ends</strong>
 <p>
 The following configuration example binds crossroads to port 80 of the
 current server, and distributes the load over three back ends. This
 configuration shows most of the possible settings.
 <p>
 <pre>
 service www {
     /* We don't need session stickyness. */
     type any;
     
     /* Port on which we'll listen in this service: required. */
     port 8000;
 
     /* What IP address should this service listen? Default is 'any'.
      * Alternatively you can state an explicit IP address, such as
      * 127.0.0.1; that would bind the service only to 'localhost'. */
     bindto any;
     
     /* Verbose reporting or not. Default is off. */    
     verbosity on;
     
     /* Dispatching mode, or: How to select a back end for an incoming
      * request. Possible values:
      *   roundrobin: just the next back end in line
      *   random: like roundrobin, but at random to make things more
      *          confusing. Probably only good for testing.
      *   bysize: The backend that transferred the least nr of bytes
      *          is the next in line. As a modifier you can say e.g.
      *          bysize over 10, meaning that the 10 last connections will
      *          be used to compute the transfer size, instead of all
      *          transfers.
      *   byduration: The backend that was active for the shortest time
      *          is the next in line. As a modifier you can say e.g.
      *          byduration of 10 to compute over the last 10 connections.
      *   byconnections: The back end with the least active connections
      *          is the next ine line.
      *   byorder: The first available back end is always taken.
      */
     dispatchmode byduration over 5;
 
     /* Interval at which we'll check whether a temporarily unavailable
      * backend has woken up.
      */
     revivinginterval 5;
     
     /* TCP backlog of connections. Default is 0 (no backlog, one
      * connection may be active).
      */
     backlog 5;
     
     /* For status reporting: a shared memory key. Default is the same
      * as the port number, OR-ed by a magic number.
      */
     shmkey 8000;
 
     /* This controls when crossroads should consider a connection as
      * finished even when the TCP sockets weren't closed. This is to
      * avoid hanging connections that don't do anything. NOTE THAT when
      * crossroads cuts off a connection due to timeout exceed, this is
      * not marked as a failure, but as a success. Default is 0: no timeout.
      */
     connectiontimeout 300;
 
     /* The max number of allowed client connections. When present, connections
      * won't be accepted if the max is about to be exceeded. When
      * absent, all connections will be accepted, which might be misused
      * for a DOS attack.
      */
     maxconnections 300;
 
     /* Now let's define a couple of back ends. Number 1: */
     backend www_backend_1 {
         /* The server and its port, the minimum configuration. */
         server httpserver1;
         port 9010;
         /* The 'decay' of usage data of this back end. Only relevant
          * when the whole service has 'dispatchmode bysize' or
          * 'byduration'. The number is a percentage by which the usage
          * parameter is decreased upon each connection of an other back
          * end.
          */
         decay 10;
         
         /* To see what's happening in /var/log/messages: */
         verbosity on;
     }
 
     /* The second one: */
     backend www_backend_2 {
         /* Server and port */
         server httpserver2;
         port 9011;
 
         /* Verbosity of reporting when this back end is active */
         verbosity on;
 
         /* Decay */
         decay 10;
 
         /* This back end is twice as weak as the first one */
         weight 2;
 
         /* Event triggers for system commands upon succesful activation
          * and upon failure.
          */
         onsuccess echo 'success on backend 2' | mail root;
         onfailure echo 'failure on backend 2' | mail root;
     }
 
     /* And yet another one.. this time we will dump the traffic
      * to a trace file. Furthermore we don't want more than 10 concurrent
      * connections here. Note that there's also a total maxconnections for the
      * whole service.
      */
     backend www_backend_3 {
         server httpserver3;
         verbosity on;
         port 9000;
         verbosity on;
         decay 10;
         trafficlog /tmp/backend.3.log;
         maxconnections 10;
     }
 }
 </pre>
 
 <p>
 <a name="l62"></a>
 <strong>5.7.2: An HTTP forwarder when travelling</strong>
 <p>
 As another example, here's my <code>crossroads.conf</code> that I use on my
 Unix laptop. The problem that I face is that I need many HTTP proxy
 configurations (at home, at customers' sites and so on) but I'm too
 lazy to reconfigure browsers all the time.
 <p>
 Here's how it used to be before crossroads:
 <p>
 <ul>
         <li> At home, I would surf through a squid proxy on my local
         machine. The browser proxy setting is then
         <code>http://localhost:3128</code>.
 <p>
 <li> Sometimes I start up an SSH tunnel to our offices. The
         tunnel has a local port 3129, and connects to a squid proxy on
         our e-tunity server. Hence, the browser proxy is then
         <code>http://localhost:3129</code>.
 <p>
 <li> At a customer's location I need the proxy
         <code>http://10.120.34.113:8080</code>, because they have configured it
         so.
 <p>
 <li> And in yet other instances, I use a HTTP diagnostic tool
         <a href="http://www.xk72.com/charles">Charles</a>
         that sits between browser and website and shows me
         what's happening. I run charles on my own machine and it
         listens to port 8888, behaving like a proxy. The browser
         configuration for the proxy is then
         <code>http://localhost:8888</code>.</ul>
 <p>
 Here's how it works with a crossroads configuration:    
 <p>
 <ul>
         <li> I have configured my browsers to use
         <code>http://localhost:8080</code> as the proxy. For all situations.
 <p>
 <li> I use the following crossroads configuration, and let
         crossroads figure out which proxy backend works, and which
         doesn't. Note two particularities:
 <p>
 <ul>
                 <li> The statement <code>dispatchmode byorder</code>. This
                 makes sure that once crossroads determines which
                 backend works, it will stick to it. This usage of
                 crossroads doesn't need to balance over more than one
                 back end.
 <p>
 <li> The statement <code>bindto 127.0.0.1</code> makes sure
                 that requests from other interfaces than loopback
                 won't get serviced.</ul>
 <p>
 <pre>
 service HttpProxy {
     port 8080;
     bindto 127.0.0.1;
     verbosity on;
     dispatchmode byorder;
     revivinginterval 15;
 
     backend Charles {
         server localhost:8888;
         verbosity on;
     }
 
     backend CustomerProxy {
         server 10.120.34.113:8080;
         verbosity on;
     }
 
     backend SshTunnel {
         server localhost:3129;
     }
 
     backend LocalSquid {
         server localhost:3128;
     }
 }
 </pre>
 </ul>
 <p>
 As a final note, the commandline argument <code>tell</code> can be used to
 influence crossroad's own detection mechanism of back end availability
 detection. E.g., if in the above example the back ends <code>SshTunnel</code>
 and <code>LocalSquid</code> are both active, then <code>crossroads tell httpproxy
 sshtunnel down</code> will 'take down' the back end <code>SshTunnel</code> -- and
 will automatically cause crossroads to switch to <code>LocalSquid</code>.
 <p>
 <a name="l63"></a>
 <strong>5.7.3: SSH login with enforced idle logout</strong>
 <p>
 The following example shows how crossroads 'throttles' SSH
 logins. Connections are accepted on port
 22 (the normal SSH port) and forwarded to the actual SSH daemon
 which is running on port 2222.
 <p>
 Note the usage of the
 <code>connectiontimeout</code> directive. This makes sure that users are logged
 out after 10 minutes of inactivity. Note also the <code>maxconnections</code>
 setting, this makes sure that no more than 10 concurrent logins occur.
 <p>
 <pre>
 service Ssh {
     port 22;
     backlog 5;
     maxconnections 10;
     connectiontimeout 600;
     backend TrueSshDaemon {
         server localhost:2222;
     }
 }
 </pre>
 
 <p>
 <a name="l64"></a>
 <h2>6: Benchmarking</h2>
 <a name="benchmarking"></a>This section shows how crossroads affects the
 transmitting of HTML data when used as an intermediate 'station'
 through which all data travels.
 <p>
 <a name="l65"></a>
 <h3>6.1: Benchmark 1: Accessing a proxy via crossroads or directly</h3>
 <p>
 The benchmark was run on a system where the following was varied:
 <p>
 <ol>
         <li> A website was recursively spidered through a local squid
         proxy. The spidering was repeated 10 times, the total was recorded.
 <p>
 <li> Crossroads was placed in front of the squid proxy, and
         the website was again recursively spidered. Again, the
         spidering was repeated 10 times and the total was recorded.</ol>
 <p>
 The crossroads configuration of the second alternative is shown below:
 <p>
 <pre>
 service HttpProxy {
     port 8080;
     verbosity on;
     backend LocalSquid {
         server 127.0.0.1;
         port 3128;
         verbosity on;
     }
 }
 </pre>
 
 <p>
 <a name="l66"></a>
 <strong>6.1.1: Results</strong>
 <p>
 The results of this test are that crossroads causes a negligible
 delay, if it is statistically relevant at all. Without crossroads, the
 timing results are:
 <p>
 <pre>
 real	0m8.146s
 user	0m0.130s
 sys	0m0.253s
 </pre>
 
 <p>
 When using crossroads as a middle station, the results are:
 <p>
 <pre>
 real	0m9.481s
 user	0m0.141s
 sys	0m0.230s
 </pre>
 
 <p>
 <a name="l67"></a>
 <strong>6.1.2: Discussion</strong>
 <p>
 The above shown results are quite favorable to crossroads. However,
 one should know that situations will exist where crossroads leans
 towards the 'worst case' scenario, causing up to 50%
 delay.
 <p>
 E.g., imagine a test where a <code>wget</code> command retrieves a
 HTML document from an Apache server on <code>localhost</code>. Now we have
 (almost) no overhead due to network throttling, hostname lookups and
 so on. When this test would be run either with or without crossroads
 in between, then theoretically, crossroads would cause a much larger
 delay, because it has to read from the server, and then write the same
 information to <code>wget</code>.  Each read/write occurs twice when crossroads
 sits in between.
 <p>
 This worst case scenario will however (fortunately) occur only very
 seldom in the real world:
 <p>
 <ul>
         <li> Normally network issues, such as the above mentioned host
         name lookups or throughput restrictions, will add
         significantly to the duration of a request. The 'twice as
         many' read/writes caused by crossroads are then relatively
         irrelevant.
 <p>
 <li> Normally a significant amount of time will be spent in a
         back end, due to processing (e.g., when calling a servlet on a
         back end). Again, this processing time will weigh much heavier
         than the multiple read/writes.</ul>
 <p>
 <a name="l68"></a>
 <h3>6.2: Benchmark 2: Crossroads versus Linux Virtual Server (LVS)</h3>
 <p>
 LVS is a kernel-based balancer that acts like a masquerading
 firewall: TCP packets that arrive at the balancer are sent to one of
 the configured back ends. LVS has the advantage over crossroads that
 there is no stop-and-go in the transmission; in contrast, crossroads
 needs to send data via an internal buffer. Crossroads has the
 advantage that it offers instantaneous failover because it tries to
 contact the back end for upon each new TCP connection; in contrast,
 LVS isn't aware of downtime of back ends (unless one implements an
 external heartbeat). Also, crossroads offers more complex balancing
 than LVS.
 <p>
 <a name="l69"></a>
 <strong>6.2.1: Environment</strong>
 <p>
 On the balancer, LVS was run on port 80, its forwarding set up for two
 equally weighted back ends, using <code>ipvsadm</code>:
 <p>
 <pre>
 ipvsadm -a -t 192.168.1.250:http -r 10.1.1.100:http -m -w 1
 ipvsadm -a -t 192.168.1.250:http -r 10.1.1.101:http -m -w 1
 </pre>
 
 <p>
 Crossroads was run on port 81. The configuration file is shown below:
 <p>
 <pre>
 service http {
     port 81;
     dispatchmode roundrobin;
     revivinginterval 5;
     backend one {
         server 10.1.1.100;
         port 80;
     }
     backend two {
         server 10.1.1.101;
         port 80;
     }
 }
 </pre>
 
 <p>
 <a name="l70"></a>
 <strong>6.2.2: Tests and results</strong>
 <p>
 In the first test, ports 80 and 81 on the balancer were 'bombed' with
 50 concurrent clients, each requesting a small page 50 times. The
 following timings where measured:
 <p>
 <ul>
         <li> How long it takes to establish a connection;
         <li> How long it takes to retrieve the page.</ul>
 <p>
 The results of this test were:
 <p>
 <ul>
         <li> On average, each client took 0.12 seconds to connect
         to LVS, and each page was retrieved in 0.14 seconds;
         <li> On average, each client took 0.11 seconds to connect to
         crossroads, and each page was retrieved in 0.13 seconds.</ul>
 <p>
 In this setup there seems to be no difference between the performance
 of LVS and crossroads!
 <p>
 In a second test, the size of the retrieved page was varied from 2.000
 to 2.000.000 bytes. This test was taken to see whether crossroads would
 show performance degradation when transferring larger amounts of data.
 <p>
 For each page size, 30 concurrent clients were started, that retrieved
 the page 50 times. Again, the connect times and processing times where
 recorded.
 <p>
 The results of the total time (connect time + retrieval time)
 are shown in the below table:
 <p>
 <table>
 
   <td colspan=3><hr></td>
 
   
 <tr>
 
     <td> <strong>Bytes</strong></td> <td> <strong>LVS timing</strong></td> <td> <strong>Crossroads timing</strong></td>
  
 </tr>
 
   
 <tr>
 
     <td> 2000</td> 	    <td> 0.130741688</td> 	<td> 0.12739582</td>
  
 </tr>
 
   
 <tr>
 
     <td> 20000</td>     <td> 0.490916224</td> 	<td> 0.50376901</td>
  
 </tr>
 
   
 <tr>
 
     <td> 200000</td>    <td> 3.799440328</td> 	<td> 4.33125273</td>
  
 </tr>
 
   
 <tr>
 
     <td> 2000000</td>   <td> 45.25090855</td> 	<td> 45.9600728</td>
  
 </tr>
 
   <td colspan=3><hr></td>
 
 </table>
 <p>
 Again, the results show that crossroads performs just as effectively
 as LVS, even with large data chunks!
 <p>
 <a name="l71"></a>
 <h2>7: Compiling and Installing</h2>
 <a name="compiling"></a><a name="l72"></a>
 <h3>7.1: Prerequisites</h3>
 <p>
 The creation of crossroads requires:
 <p>
 <ul>
         <li> Standard Unix tools, such as <code>sed</code>, <code>awk</code>, <code>Perl</code>
         (5.00 or better);
 <p>
 <li> A POSIX-compliant C compiler;
 <p>
 <li> Support for SYSV IPC, networking and so on.
 </ul>
 <p>
 Basically a Linux or Apple MacOSX box will do nicely. To compile and install
 crossroads, follow these steps.
 <p>
 <a name="l73"></a>
 <h3>7.2: Compiling and installing</h3>
 <p>
 <ul>
         <li> Obtain the source distribution. It can be found on
         <a href="http://crossroads.e-tunity.com">http://crossroads.e-tunity.com</a>. The distribution comes as an
         archive <code>crossroads-</code><em>type</em><code>.tar.gz</code>, where <em>type</em> is
         <code>stable</code> or <code>devel</code>.
 <p>
 <li> Unpack the archive in a sources directory using <code>tar
         xzf crossroads-</code><em>X.YY</em><code>.tar.gz</code>. The contents spill into a
         subdirectory <code>crossroads-</code><em>X.YY/</em>.
 <p>
 <li> Change-dir into the directory.
 <p>
 <li> Next, edit <code>etc/Makefile.def</code> and verify that all
         compilation settings are to your likings. The settings are
         explained in the file. <strong>Note that</strong> the default distribution
         of <code>Makefile.def</code> is suited for Linux or Apple MacOSX
         systems. On other Unices, or on non-Unix systems, you must
         particularly pay attention to <code>SET_PROC_TITLE_BY...</code>. When
         in doubt, comment out all <code>SET_PROC_TITLE...</code>
         settings. Crossroads will work nevertheless, but it won't show
         nice titles in <code>ps</code> listings. Also there's a macro
         <code>EXTRA_LIBS</code> to add linkage flags (an example for a Solaris
         build is included).
 <p>
 <li> Now crossroads is ready for compilation. Do a <code>make
         local</code> followed by <code>make install</code>. The latter step may have
         to be done by the user <code>root</code> if the <code>BINDIR</code> setting of
         <code>etc/Makefile.def</code> points to a root-owned directory.
 <p>
 <li> The documentation doesn't install in this process. If you
         want to install the documentation, then proceed as follows:
 <p>
 <ul>
         	<li> Optionally, <code>cp doc/crossroads.html</code>
         	<em>htmldirectory/</em>; where <em>htmldirectory</em> is the destination
         	directory for your HTML manuals;
 <p>
 <li> Optionally, <code>cp doc/crossroads.pdf</code>
         	<em>pdfdirectory/</em>; where <em>pdfdirectory</em> is the
         	destination directory for your PDF manuals;
 <p>
 <li> Optionally, <code>cp doc/crossroads.man</code>
         	<em>manualdirectory</em><code>/crossroads.1</code>, where
         	<em>manualdirectory</em> is e.g. <code>/usr/man/man1</code>,
         	<code>/usr/share/man1</code>, <code>/usr/local/man/man1</code>,
         	<code>/usr/local/share/man1</code>. Any possibility is valid, as
         	long as <em>manualdirectory</em> is one of the directories
         	where manual pages are stored;
 <p>
 <li> If your manual page system supports compressed
         	manual pages, then you can save some space with
         	<code>gzip</code> <em>manualdirectory</em><code>/crossroads.1</code>.</ul>
 <p>
 </ul>
 <p>
 <a name="l74"></a>
 <h3>7.3: Configuring crossroads</h3>
 <p>
 Now that the binary is available on your system, you need to create a
 suitable <code>/etc/crossroads.conf</code>. Use this manual or the output of
 <code>crossroads samplconf</code> to get started.
 <p>
 Once you have the configuration ready, start crossroads with
 <code>crossroads start</code>. Test the availability of your services and back
 ends. Monitor how crossroads is doing with:
 <p>
 <ul>
         <li> In one terminal, run the script:
         <pre>
 while [ 1 ] ; do
     tput clear
     crossroads status
     sleep 3
 done
 </pre>
 
 <p>
 <strong>Note</strong> that depending on your system you might need
         <code>sleep 3s</code>, i.e., with an <code>s</code> appended.
 <p>
 <li> In another terminal, run:
         <pre>
 while [ 1 ] ; do
     tput clear
     ps ax | grep crossroads | grep -v grep
     sleep 3		    	
 done
 </pre>
 
 <p>
 <strong>Note</strong> that depending on your system you might need
         <code>ps -ef</code> instead of <code>ps ax</code>.
 <p>
 <li> In yet another terminal, run <code>tail -f
         /var/log/messages</code> (supply the appropriate system log file if
         <code>/var/log/messages</code> doesn't work for you).</ul>
 <p>
 Now thoroughly test the availability of your back ends through
 crossroads. The status display will show an updated view of which back
 ends are selected and how busy they are. The process list will show
 which crossroads daemons are running. Finally, the tailing of
 <code>/var/log/messages</code> shows what's going on -- especially if you have
 <code>verbosity true</code> statements in the configuration.
 <p>
 <a name="l75"></a>
 <h3>7.4: A boot script</h3>
 <p>
 Finally, you may want to create a boot-time startup script. The exact
 procedure depends on the used Unix flavor.
 <p>
 <a name="l76"></a>
 <strong>7.4.1: SysV Style Startup</strong>
 <p>
 On SysV style systems, there's a startup script directory
 <code>/etc/init.d</code> where bootscripts for all utilities are located.
 You may have the <code>chkconfig</code> utility to automate the task of
 inserting scripts into the boot sequence, but
 otherwise the steps will resemble the following.
 <p>
 <ul>
         <li> Create a script <code>crossroads</code> in <code>/etc/init.d</code> similar to the
         following:
 <p>
 <pre>
 #!/bin/sh
 /usr/local/bin/crossroads -v $@
 </pre>
 
 <p>
 The stated directory <code>/usr/local/bin</code> must correspond with
         the installation path. The flag <code>-v</code> causes the startup to
         be more 'verbose'. However, once daemonized, the verbosity is
         controlled by the appropriate statements in the configuration.
 <p>
 <li> Determine your 'runlevel': usually 3 when your system is
         running in text-mode only, or 5 when you are using a graphical
         interface. If your runlevel is 3, then:
 <p>
 <pre>
 root&gt; cd /etc/rc.d/rc3.d
 root&gt; ln -s /etc/init.d/crossroads S99crossroads
 root&gt; ln -s /etc/init.d/crossroads K99crossroads
 </pre>
 
 <p>
 This creates startup (<code>S*</code>) and stop (<code>K*</code>) links that
         will be run when the system enters or leaves a given runlevel.
 <p>
 If your runlevel is 5, then the right <code>cd</code> command is to
         <code>/etc/rc.d/rc5.d</code>. Alternatively, you can create the
         symlinks in both runlevel directories.</ul>
 <p>
 <a name="l77"></a>
 <strong>7.4.2: BSD Style Startup</strong>
 <p>
 On BSD style systems, daemons are booted directly from <code>/etc/rc</code> and
 related scripts. Incase you have a file <code>/etc/rc.local</code>, edit it,
 and add the statement:
 <p>
 <pre>
 /usr/local/bin/crossroads start
 </pre>
 
 <p>
 If your BSD system lacks <code>/etc/rc.local</code>, then you may need to start
 Crossroads from <code>/etc/rc</code>. Your mileage may vary.
 <p>
 </body>
 </html>