Remix.run Logo
Why we built yet another Postgres connection pooler(pgdog.dev)
114 points by levkk 8 hours ago | 32 comments
27183 2 hours ago | parent | next [-]

It's awesome to see AGPL instead of the horrible BSL variants that have been going around.

levkk 2 hours ago | parent [-]

Thanks! We try to be very open and explicit about why we chose AGPL. Personally, I like it because it's an extension of GPL, which is a huge reason why I was able to self-teach programming. Just trying to give back.

petters 6 hours ago | parent | prev | next [-]

> Since connection poolers reuse connections between clients, the connection state of one client “leaks” into the connection state of another.

Wow this is very bad. This actually happens in typical Postgres setups?

vizzier 6 hours ago | parent | next [-]

by definition connection poolers re-use connections so it it can happen with any connection pooling setup, PG or no.

in pgbouncer the connection is reset via a customisable command [0] which should reset the connection to a clean state.

[0] https://www.pgbouncer.org/config.html#server_reset_query

danudey 3 hours ago | parent | prev | next [-]

It's not unique to postgres, as others have said; the same thing can happen with e.g. MySQL poolers/proxies/etc., since the behavior of the connection can be changed dynamically and it persists for the lifetime of the connection.

Example: legacy client A connects to MySQL via the bouncer and says 'I want all of our conversations to use latin-1, not utf-8'. This changes the character set that MySQL parses queries with and returns responses in. The legacy client does some queries and then disconnects.

Now a new client connects to MySQL, and the bouncer just assigns it to the still-open connection from before. The new client is fully UTF-8 compatible and since this is the default for our database it doesn't explicitly say so; it just assumes that UTF-8 is the way to go. Unfortunately, the database server is still thinking in latin-1, meaning that if this new client sends UTF-8 data it will be parsed as latin-1; latin-1 is a subset of UTF-8, meaning that queries will actually work fine unless they need to use a character outside of latin-1, in which case they will get an error, or corrupted data, from the server.

The only solutions around this are:

1. Ensure that every client is using the same settings; if your database is for a single app that uses the same ORM, then this is automatic.

2. Ensure that every client is always explicit about everything it might need to change e4very time, so that every UTF-8 client explicitly sets UTF-8 connections even when that's the default; clients that need utf8mb4 ask for it explicitly and clients that can't handle it ask for something else. One way of ensuring this happens is to configure the server (or the bouncer) to use defaults which are not valid for anyone, or which are going to cause errors frequently and not rarely (e.g. setting the default character set to 7-bit swedish, which would cause frequent errors).

3. Use a bouncer which can either disallow these changes or detect and revert them after the original client has disconnected. I'm not sure if this exists for MySQL at least.

4. Use separate bouncers for each application that might be different (extension of #1); in other words, instead of having a bouncer or set of bouncers for each pool of database servers, you have them for each application; your web app gets one, your legacy reporting tool gets one, your ODBC connector gets one, and so on.

It's kind of a huge mess in theory; in practice, a lot of installations fall into the #1 case so it never matters, but that makes the occasional instance where it does matter extremely difficult to debug.

drdexebtjl 2 hours ago | parent | next [-]

> 4. Use separate bouncers for each application that might be different (extension of #1)

I wonder if clients send something equivalent to a User-Agent, such that the connection pooler could assign them to different pools automatically.

tpetry 2 hours ago | parent | next [-]

This exists, its called a user. You just use different database users for this.

drdexebtjl an hour ago | parent [-]

I was thinking of something that only exists at the pool level.

Every new version of your app has the potential to change behavior in a way that would affect the previous version if the connection was recycled during a progressive rollout.

But I don’t think I would want to create a real database user for every version of the app.

I suppose the connection pooler could map versioned users to the same real user, and use separate pools, but a dedicated UA field is probably better.

SahAssar 5 minutes ago | parent [-]

> But I don’t think I would want to create a real database user for every version of the app.

Why not? Database users are (usually) not expensive, and with groups you can give access to a group you just add the user to.

Adding this logic to the connection pooler seems more complicated.

nijave 2 hours ago | parent | prev [-]

Can also use different database names since pgbouncer lets you remap that

nijave 2 hours ago | parent | prev [-]

Recently ran into a related bug in duckdb. They implemented a basic http connection pooler (described as a parking lot) but there are edge cases where broken connections get returned to the pool then the next thing tries to use a busted connection and fails.

nijave 2 hours ago | parent | prev | next [-]

pgbouncer has different pool modes you can pick from that have some impact over what's possible to leak https://www.pgbouncer.org/features.html

llimllib 6 hours ago | parent | prev | next [-]

Yes, as a consequence of how aggressively transparent to the postgres wire protocol pgbouncer wants to be. This article does a good job explaining it: https://www.augusteo.com/blog/how-pgbouncer-works

McGlockenshire 6 hours ago | parent | prev [-]

You'll see this kind of fun in other databases that support "persistent connections." When you start up, you have absolutely no idea what the state of the database is. If a previous process errored out, you might find yourself in the middle of a broken transaction for example. Did the last session do some weird SET magic to make things work? Did it create temporary tables? Well guess what, it's all still there!

khurs 3 hours ago | parent | prev | next [-]

Any plans to add Query Caching for Selects?

as per:

https://www.pgpool.net/docs/latest/en/html/runtime-in-memory...

levkk 3 hours ago | parent | next [-]

I don't think so. Too much trouble. Caching is a really hard problem without context, and the context, typically, is app-specific.

khurs 3 hours ago | parent [-]

Thanks for the reply and good work on pgDog!!

HackerThemAll 2 hours ago | parent | prev [-]

I hope not. It introduces a lot more problems than it solves.

babayega2 3 hours ago | parent | prev | next [-]

Is there a pooler handling schema switching in PostgreSQL? like something in front of django-tenant ?

inigyou 4 hours ago | parent | prev | next [-]

Doesn't this NOTIFY performance fix mean that it isn't transactional any more?

levkk 4 hours ago | parent [-]

From the strictest CAP theorem definition, that's correct, it is not. But, it's pretty close. I know that in the database world, that's not a good answer, but in practice, it will deliver the vast majority of messages, so maybe that's good enough? We'll see.

We show that it's possible to come close without breaking the DB or the app, but I suspect, it's not quite yet at the level you'd expect from a _durable_ work queue, e.g., Kafka. Not going to replace that one anytime soon.

jauntywundrkind 5 hours ago | parent | prev | next [-]

Clickhouse also just put out a fun article on scaling pgbouncer too, talking about scaling out so_reuseport while not having to shard so harshly (a major limitation pgdog here is addressing via rewrite), https://clickhouse.com/blog/pgbouncer-clickhouse-managed-pos... https://news.ycombinator.com/item?id=48814152

merb 5 hours ago | parent [-]

Well tbf pgdog looks extremely amazing on paper and goes way beyond multi threading.

The notify/listen fix and automatic query routing to read replicas and auto sharding might bringt Postgres finally closer to vitess

khurs 3 hours ago | parent [-]

>might bringt Postgres finally closer to vitess

Supabase are launching a Vitess for Postgresql, they have hired the original creator of Vitess for it

https://supabase.com/blog/multigres-vitess-for-postgres

tpetry 2 hours ago | parent [-]

And Planetscale (who is the current primary maintainer of vitess) is developing a Vitess for PostgreSQL.

There will be a couple of production-grade PG vitess solutions the next months.

khurs 25 minutes ago | parent [-]

Looked it up, says 'Will be released as an open source project' but announcement was in July 2025 and no public repo yet which is strange, so time will tell if they will stick to this.

https://planetscale.com/blog/planetscale-for-postgres#vitess...

https://planetscale.com/neki

...

Supabase one is open from start:

https://github.com/multigres/multigres

https://multigres.com/

samlambert 11 minutes ago | parent [-]

We are already moving Neki customers into production. Nobody else is even close. PlanetScale doesn't spend our days yapping about what we are going to do. We just do it.

khurs 6 minutes ago | parent [-]

Congrats!

The question was whether your previous statement about it being open source was still the case, or is it now going to be propriety?

samlambert 3 minutes ago | parent [-]

More details on this are coming soon.

mmakeev 7 hours ago | parent | prev [-]

we moved our django app behind pgbouncer transaction pooling a few days ago and the surprise wasn't SET so much as queryset.iterator(). it relies on server side cursors, which don't survive being pooled, so we had to disable it everywhere and let it fall back to client side. also had to move statement_timeout out of the app's connection options into the pooler's own connect query, since libpq startup params just get silently ignored behind it.

levkk 3 hours ago | parent | next [-]

Handling cursors is tough - they are very much session-level objects, so even if we, say, pinned your client while it uses that cursor, which would work, that would decrease the performance of connection pooling overall.

So, what's better, breaking your app initially so you know to remove that feature, or letting it work silently while the connection pool isn't 100% in transaction mode? Tough call.

HackerThemAll 2 hours ago | parent | prev [-]

Using server-side cursors is a sign of bad design. You use the PostgreSQL server's resources as a cache when you're fetching and processing stuff row by row, which is very bad. Just get the data you requested in the first place in one go and do your stuff in your app. Or process all data on the server and then get the processed data in one batch as well.