Pound or something like it is a big improvement over exposing multiple servers to the Internet.

I run two separate lans, so all requests across several virtual IP addresses come in through a single pound server.

Fail-over is pretty simple since the backup system has to take over the IP address pool and have an identical configuration.

Before using Pound, I would expose multiple systems with Apache acting as the front end, which worked alright for a partitioned fan-out, but was really difficult to balance.

Pound supports session affinity so that once a session is used on a given back-end server, all future requests will be forwarded to the same server as long as the server is up.

One minor change to the source code is to add an immutable header that contains the remote IP address. My application servers protect access to some resources based on IP filters, and privileged clients aren't allowed to proxy.

The forwarded-for appears as a list, so this might be overkill, but was done in a very early version and I have carried it forward since it is independent of how Pound handles the forwarded-for header.

I have read where at one point in time Nginx claimed to be faster, but usually big differences between competing packages is temporary. The bigger reason for not using Nginx is because it is full of other features being a web-server, and a lot of other unneeded features. When it comes to putting a reverse proxy facing the Internet, the last thing I want is some errant feature allowing access that I never intended to give!