Implementation Details

The INSSL class is based on the IN class, using iptables for l3 traffic filtering/forwarding and Pound for l7 forwarding. Pound is a fast reverse proxy, which INSSL uses just for adding the "X-Forwarded-For" header so that the client IP is passed to the backend web servers.

Class Volume Content

The INSSL appliance class is a minimal Linux installation (CentOS? 4.3), with a modified version of the Pound load-balancer and reverse-proxy installed. The following modifications are made compared to Pound 2.0.1:

• fixed-size thread pool (auto-configured per available memory), to ensure operation in all resource configurations
• minor performance optimizations.

The firewall and TCP-level (layer-3) routing is implemented using the netfilter subsystem of the Linux kernel (IPTABLES).

-- NetClime - 14 Mar 2007