The cluster is front-ended with a Coyote Point Equalizer for load-balancing. The CPE is essentially a dynamic port-forwarder, designed for speed. It's pretty cheap, too -- about $4k for their low-end model which can handle something like 80,000 concurrent connections.

Each server in the cluster also has a reverse proxy running in front of the mod_perl server. The proxy serves two important purposes. First, it provides a light-weight Apache to deal with the slow clients. This allows heavy mod_perl Apaches to get out quick, instead of dealing with slow transfers.

Second, the proxy runs SSL, while the mod_perl servers do not! This is a cool technique we developed to get around the problems resulting from RSA licensing requirements. Essentially, we need to compile Apache as we see fit, for speed and functionality. SSL servers (especially those available in 1998, when this project started) don't allow you to recompile them (apaci is neither easy nor reliable!). By using layers implemented via reverse proxies, we can compile our own Apache + mod_perl, yet still get SSL legally.

I hadn't heard of mod_backhand until you mentioned it. I'm still wrapping my head around it -- it seems to be a dynamic reverse proxying mechanism. My instincts are that this wouldn't provide an advantage over straight load-balancing (except in cost, which is not a big factor here). Do your experiences differ?

TTYL,

-Jesse-