Hi Mathew, On Tue, Aug 13, 2013 at 12:40:43PM +0100, Mathew Levett wrote: > Just an update on this, it looks like there may be a small bug in the way > multiports work when used with RDP as if I specify the port on the real > servers as below it then works correctly. > > listen TS-Farm > bind 192.168.75.38:3389 > mode tcp > balance leastconn > persist rdp-cookie > server backup 127.0.0.1:9081 backup non-stick > option tcpka > tcp-request inspect-delay 5s > tcp-request content accept if RDP_COOKIE > timeout client 12h > timeout server 12h > option redispatch > option abortonclose > maxconn 40000 > log global > option tcplog > server TS01 192.168.75.36:3389 weight 1 check inter 2000 rise 2 > fall 3 minconn 0 maxconn 0 on-marked-down shutdown-sessions > server TS02 192.168.75.37:3389 weight 1 check inter 2000 rise 2 > fall 3 minconn 0 maxconn 0 on-marked-down shutdown-sessions > > It would appear that the when Session broker is in Use Token > Redirection mode you have to specify the RIP ports or you end up with > duplicate sessions.
Hmmm good point. The RDP protocol transmits the port number in the cookie, so it's a discriminant as well as the address. Thus, I think we should emit a warning when "persist rdp-cookie" is used in a farm where at least one server does not have an explicit port. Finally I've just done it with the attached patch. Kudos for catching this, I know how hard it can be sometimes to track long-session persistence issues! Best regards, Willy
>From 82ffa39bfd34e5680cb65cc0b7ef625c0a274856 Mon Sep 17 00:00:00 2001 From: Willy Tarreau <[email protected]> Date: Tue, 13 Aug 2013 17:19:08 +0200 Subject: MINOR: config: warn when a server with no specific port uses rdp-cookie Mathew Levett reported an issue which is a bit nasty and hard to track down. RDP cookies contain both the IP and the port, and haproxy matches them exactly. So if a server has no port specified (or a remapped port), it will never match a port specified in a cookie. Better warn the user when this is detected. --- src/cfgparse.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/cfgparse.c b/src/cfgparse.c index d51e1b6..41c1949 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -6885,6 +6885,12 @@ out_uri_auth_compat: err_code |= ERR_WARN; } + if ((newsrv->state & SRV_MAPPORTS) && (curproxy->options2 & PR_O2_RDPC_PRST)) { + Warning("config : %s '%s' : RDP cookie persistence will not work for server '%s' because it lacks an explicit port number.\n", + proxy_type_str(curproxy), curproxy->id, newsrv->id); + err_code |= ERR_WARN; + } + #if defined(CONFIG_HAP_CTTPROXY) || defined(CONFIG_HAP_TRANSPARENT) if (curproxy->mode != PR_MODE_HTTP && newsrv->conn_src.bind_hdr_occ) { newsrv->conn_src.bind_hdr_occ = 0; -- 1.7.12.2.21.g234cd45.dirty
