allocating backend attributes to layers

Poul-Henning Kamp phk at
Tue Dec 8 10:11:23 UTC 2020

I'm working on the "backend-clone" thing for dynamic directors and
I have run into something I could surprisningly not answer:  Which
backend attributes lives at which levels ?

So roughly speaking our backend stack looks like this:

        +-----> [CGI]
        Backend                                 probe, hosthdr
	+-----> [Http2, QUIC]
        |         |
        |      proxyhdr                         prefix, proxy_header
        v         |
        +------> TCP                            ipv4, ipv6, port
        +------> UDS                            path
        +------> [TLS]				ipv4, ipv6, port, [clientcert, pubkey]

I have added the obvious extension-points in [....] 

I have allocated the some of the backend attributes in the right column.

But now I need help:


Can one send a PROXY header over a TLS connection ?

If not, it needs to go to the TCP and UDS levels


I dont think these would apply to [CGI], they would have
their own separate timeouts.

I lean that they belong at the Backend level, but does that make sense ?

What would first_byte and between_bytes refer to in H2 or QUIC
context ?  Payload bytes or overhead bytes ?

Same question for TLS ?


Does it go to the Backend level or the Endpoint level ?

Endpoints pool and serve multiple backends, so if we
put it in at the Backend level, you have to summ all the
backends limits to get the limit at the Endpoint level.

Maybe we need to be able to set limits both at the
Backend and Endpoint levels ?

Poul-Henning Kamp       | UNIX since Zilog Zeus 3.20
phk at FreeBSD.ORG         | TCP/IP since RFC 956
FreeBSD committer       | BSD since 4.3-tahoe
Never attribute to malice what can adequately be explained by incompetence.

More information about the varnish-dev mailing list