Hi alex, the expiry time gets reset on every access so if the expiry time is set to 1h and the client sends a request say every 30 minutes then that session will never expire.
Once the session has expired though there is no way for haproxy to know which backend server the client was connected to before so it will assign a new one based on the balancing algorithm. If you require this then you need to select a deterministic balancing algorithm like "source" or maybe a cookie so hyproxy can use that information to use the same backend as before. Regards, Dennis On 10.02.2016 15:53, [email protected] wrote: > Thank you, Baptiste, > Very useful links indeed. I have seen the first two; just did not realize we > were using hash type source IP persistence. > > I have a question about stick-table expiration. Let's say I have it set to > 1h. Does it get reset every time a client accesses the server (through the > load balancer?) In other words, is it a one hour of *inactivity* that will > result in the expired clientIP/backend association? Or is it one hour after > the record was put in the table? And if the client accesses the server after > that record is expired, will the algorithm associate the same client with the > *same* backend? I want to avoid unnecessary authorization challenges for user > if he ends up on another node because of how the expiration works. > > Regards,Alex > > From: Baptiste <[email protected]> > To: [email protected] > Cc: HAProxy <[email protected]> > Sent: Wednesday, February 10, 2016 4:15 AM > Subject: Re: Load balancing and session affinity > > On Tue, Feb 9, 2016 at 6:02 PM, <[email protected]> wrote: >> Hello, >> >> I need to configure my HAProxy for session affinity, so that all requests >> from one client always go to the same backend server, and also need to >> achieve load balancing, so clients are distributed proportionally among all >> backend servers. >> >> All our traffic is SSL encrypted so we are using SSL Path-through >> configuration, with certificates (client -> SSL -> HAproxy -> SSL -> >> backend). >> >> Will 'balance source' achieve this? I have tried this with four clients and >> four backend servers and saw that one of the four nodes got 2 sessions, the >> other two got 2 sessions each, and the fourth server got zero. Is this >> normal? It looks like HAProxy uses some algorithm to associate a source IP >> with a backend server, but does not take any secondary guess as to what >> server might have the least number of connections. >> >> Should 'balance source' option be used together with 'cookie SERVERID insert >> indirect nocache'? Or is it itself enough to ensure session affinity? >> >> The other two options that I have considered are 'balance roundrobin' and >> 'balance leastconn' -- with these I would definitely need to use 'cookie >> insert'? >> >> Thank you in advance >> Alex > > > Hi Alex, > > Have you read the content of these 2 blog articles? > * > http://blog.haproxy.com/2013/04/22/client-ip-persistence-or-source-ip-hash-load-balancing/ > * > http://blog.haproxy.com/2012/03/29/load-balancing-affinity-persistence-sticky-sessions-what-you-need-to-know/ > > They have most of the anwers to your questions. > > If you want to do cookie based persistence, you'll have to decipher > the traffic, so using a SSL bridge. More info here: > http://haproxy.com/doc/aloha/7.5/deployment_guides/tls_layouts.html#ssl-tls-bridging-or-re-encryption > > Baptiste > > > > >
