Hi all,
No reliability issue was reported since 1.4.4 was released. This is a very good
thing, because some people were asking for a few minor features, so it was the
right opportunity to get them merged without mixing them with fixes.
First, Cyril Bonté provided the new ignore-persist directive. it allows haproxy
to ignore the persistence cookie on some requests which validate an ACL-based
condition. It is particularly suited to optimise the load balancing of static or
stateless objects in the middle of a stateful farm.
Second, it was planned 3 years ago to be able to feed ACLs with large data sets
loaded from files, but it was still not implemented due to the lack of precise
needs. Now, 3 years later, more and more people are reporting difficulties
writing
large configurations, and the last config I saw which was 104000 lines long
convinced me that it was urgent to support this feature. But matching requests
against very large datasets can be CPU intensive, so I have extended my Elastic
Binary Trees to support new lookup methods and now it is possible to lookup a
string or an IP address among tens of thousands in a few tens of nanoseconds.
This means that it is now possible to use haproxy to perform geolocation. For
instance, checking that a source address belongs to one of the 38400 european
networks only consumes 2% CPU at 40000 requests per second. I'll try to write
down a HOWTO for those interested in geolocation. I can already say that the
"CIDR" or "Netmask" continent tables distributed by countryipblocks.net can
be loaded unmodified. For instance :
acl host_www hdr_beg(host) -i www.
redirect prefix http://eu.my.domain if host_www { src -f Europe_cidr.txt
-f Africa_cidr.txt }
redirect prefix http://us.my.domain if host_www { src -f
North_America_cidr.txt -f South_America_cidr.txt }
redirect prefix http://as.my.domain if host_www { src -f Asia_cidr.txt -f
Oceania_cidr.txt }
# otherwise process locally
The rest are just minor improvements. Tt's now possible to stick on an IP
address extracted from an HTTP header, and I improved a bit more the halog
analyser, which is now possible to report request counts by status codes. It
also gained some nice performance boost as it can now parse about 1.3
Gigabytes of logs per second on a 3 GHz Core2. For most of us this doesn't
speak, but I know that those periodically running it over their logs from
Nagios, the less time it takes, the better.
I have not yet merged the ECV patch, simply because I forgot to review and
fix it before the release. Shame on me, it will be for next release if I
don't forget.
I hope that I'll be able to start new devs for 1.5 soon. Generally the
first release without a bugfix is the right moment to fork.
I expect that this version will take some time to spread because it only
contains minor new features and will likely not be backported to various
distros. Still, some power users will probably interested in giving it a
try.
Once again, I've built for linux-x86 and solaris-sparc, and the usual links
apply :
site index : http://haproxy.1wt.eu/
sources : http://haproxy.1wt.eu/download/1.4/src/
changelog : http://haproxy.1wt.eu/download/1.4/src/CHANGELOG
binaries : http://haproxy.1wt.eu/download/1.4/bin/
Have fun,
Willy
