Re: PROXY protocol and "balance source"

haproxy Mon, 05 Mar 2012 03:49:45 -0800

Perhaps I'm having a problem with my specific implementation.
If I balance source at haproxy before SSL decryption and send traffic on, I get 
routed to a number of different backend servers from different IPs.


If I use LVS to direct incoming traffic to a group of stud SSL decryptors with 
PROXY protocol enabled, then onto HAProxy with balance source, all my traffic 
goes to the same backend.

example logs:
HAProxy listening on  :443

Mar  5 10:27:46 localhost haproxy[25795]: X.26.0.161:34205 
[05/Mar/2012:10:27:45.418] https_server https_server/server2 0/0/971 3743 -- 
0/0/0
/0/0 0/0 
Mar  5 11:27:49 localhost haproxy[25795]: X.74.241.4:6281 
[05/Mar/2012:11:27:48.835] https_server https_server/server9 0/0/822 3743 -- 
0/0/0
/0/0 0/0 
Mar  5 11:28:22 localhost haproxy[25795]: X.4.0.11:49394 
[05/Mar/2012:11:28:21.779] https_server https_server/server2 0/0/832 3743 -- 
0/0/0/0
/0 0/0 
Mar  5 11:29:10 localhost haproxy[25795]: X.94.93.215:50166 
[05/Mar/2012:11:29:08.833] https_server https_server/server14 0/0/1271 3919 -- 0
/0/0/0/0 0/0 

But with Stud and PROXY protocol before HAProxy everything goes to server 4

Mar  5 11:31:01 localhost haproxy[28351]: ::ffff:X.74.241.4:35759 
[05/Mar/2012:11:31:01.141] http_server http_server/server4 98/0/0/618/716 200 
494 - - ---- 0/0/0/0/0 0/0 {.example.com|} {|session=YcydrYJakCICpnlCNCHozw; 
Path=/; Domain=.example.com; Secure; HttpOnly; } "POST /login HTTP/1.1" 
Mar  5 11:31:05 localhost haproxy[28351]: ::ffff:X.4.0.11:50993 
[05/Mar/2012:11:31:04.304] http_server http_server/server4 102/0/0/638/740 200 
494 - - ---- 0/0/0/0/0 0/0 {10.2.6.104|} {|session=oChlXqg4XksajMIHUcuEvA; 
Path=/; Domain=.example.com; Secure; HttpOnly; } "POST /login HTTP/1.1" 
Mar  5 11:31:09 localhost haproxy[28351]: ::ffff:X.94.93.215:52581 
[05/Mar/2012:11:31:09.033] http_server http_server/server4 314/0/0/619/933 200 
494 - - ---- 0/0/0/0/0 0/0 {.example.com|} {|session=WQbyueVe6A86Zs0fMY20WA; 
Path=/; Domain=.example.com; Secure; HttpOnly; } "POST /login HTTP/1.1" 
Mar  5 11:32:03 localhost haproxy[28351]: ::ffff:X.26.0.161:48867 
[05/Mar/2012:11:32:02.762] http_server http_server/server4 60/0/0/601/661 200 
494 - - ---- 0/0/0/0/0 0/0 {.example.com|} {|session=w7xNRxyq-ySzLuxd7o4bjg; 
Path=/; Domain=.example.com; Secure; HttpOnly; } "POST /login HTTP/1.1" 


The Haproxy config is here: (to stop this post being super long)
http://pastie.org/3525275

Could stud supplying the client IP in an ipv6 format be causing this?

Using HAproxy 1.5-dev7, Centos 5.6, stud master branch.

---
posted at http://www.serverphorums.com
http://www.serverphorums.com/read.php?10,452932,456098#msg-456098

Re: PROXY protocol and "balance source"

Reply via email to