On Tue, Feb 9, 2016 at 6:02 PM, <[email protected]> wrote: > Hello, > > I need to configure my HAProxy for session affinity, so that all requests > from one client always go to the same backend server, and also need to > achieve load balancing, so clients are distributed proportionally among all > backend servers. > > All our traffic is SSL encrypted so we are using SSL Path-through > configuration, with certificates (client -> SSL -> HAproxy -> SSL -> > backend). > > Will 'balance source' achieve this? I have tried this with four clients and > four backend servers and saw that one of the four nodes got 2 sessions, the > other two got 2 sessions each, and the fourth server got zero. Is this > normal? It looks like HAProxy uses some algorithm to associate a source IP > with a backend server, but does not take any secondary guess as to what > server might have the least number of connections. > > Should 'balance source' option be used together with 'cookie SERVERID insert > indirect nocache'? Or is it itself enough to ensure session affinity? > > The other two options that I have considered are 'balance roundrobin' and > 'balance leastconn' -- with these I would definitely need to use 'cookie > insert'? > > Thank you in advance > Alex
Hi Alex, Have you read the content of these 2 blog articles? * http://blog.haproxy.com/2013/04/22/client-ip-persistence-or-source-ip-hash-load-balancing/ * http://blog.haproxy.com/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/ They have most of the anwers to your questions. If you want to do cookie based persistence, you'll have to decipher the traffic, so using a SSL bridge. More info here: http://haproxy.com/doc/aloha/7.5/deployment_guides/tls_layouts.html#ssl-tls-bridging-or-re-encryption Baptiste
