Question
Design a connection-pooling proxy that sits in front of a primary Postgres cluster to protect it from connection exhaustion. The app fleet is 1,500 stateless servers that would otherwise each open 20+ DB connections (30k+), but the database can only handle ~2,000 backend connections. The proxy must multiplex many client connections onto a small pool, keep p99 added latency under 1ms, handle transaction integrity, and drain/rebalance pools during a database failover without breaking in-flight transactions. Walk through the pooling model, the multiplexing strategy, and the core trade-off.
Clarify scale and constraints first. Propose a clean component breakdown, then go deep on the hard parts — data model, bottlenecks, consistency, failure modes — and name the trade-offs you are making.