I've read this section in "proto_http.c" :
<code>
/* Here, we'll look for the first running server which supports the cookie.
* This allows to share a same cookie between several servers, for example
* to dedicate backup servers to specific servers only.
* However, to prevent clients from sticking to cookie-less backup server
* when they have incidentely learned an empty cookie, we simply ignore
* empty cookies and mark them as invalid.
* The same behaviour is applied when persistence must be ignored.
*/
if ((delim == val_beg) || (s->flags & (SF_IGNORE_PRST | SF_ASSIGNED)))
srv = NULL;
while (srv) {
if (srv->cookie && (srv->cklen == delim - val_beg) &&
!memcmp(val_beg, srv->cookie, delim - val_beg)) {
if ((srv->state != SRV_ST_STOPPED) ||
(s->be->options & PR_O_PERSIST) ||
(s->flags & SF_FORCE_PRST)) {
/* we found the server and we can use it */
txn->flags &= ~TX_CK_MASK;
txn->flags |= (srv->state != SRV_ST_STOPPED) ? TX_CK_VALID : TX_CK_DOWN;
s->flags |= SF_DIRECT | SF_ASSIGNED;
s->target = &srv->obj_type;
break;
} else {
/* we found a server, but it's down,
* mark it as such and go on in case
* another one is available.
*/
txn->flags &= ~TX_CK_MASK;
txn->flags |= TX_CK_DOWN;
}
}
srv = srv->next;
}
</code>
I guess when the port exhaustion occured on n1_0, the state of n1_1 and n1_2
are all changed to SRV_ST_STOPPED? So, in this case, all n1_ * servers are
unavailable?
--
Best Regards
BaiYang
[email protected]
http://baiy.cn
**** < END OF EMAIL > ****
发件人: baiyang
发送时间: 2017-08-15 06:18
收件人: haproxy
主题: Logical server auto switching on port exhaustion with cookie stickness
Hi there, continue with my loast question:
We have a anti port exhaustion configuration with cookie stickness:
[...]
option redispatch
cookie NID insert preserve httponly secure domain .zhiyejing.com
...
server n1_0 10.0.0.1:80 check cookie n1 weight 10
server n1_1 10.0.0.1:800 track n1_0 cookie n1 weight 10
server n1_2 10.0.0.1:801 track n1_0 cookie n1 weight 10
...
server n2_0 10.0.0.2:80 check cookie n2 weight 10
server n2_1 10.0.0.2:800 track n2_0 cookie n2 weight 10
server n2_2 10.0.0.2:801 track n2_0 cookie n2 weight 10
...
[...]
With this configuration, when a request come with Cookie: NID=n1 and n1_0's
source port has been exhausted, will HAProxy pickup and using n1_1 or n1_2
instead of the full n1_0 automatically?
Or should I let HAProxy call "bind" explicitly using the "source" directive to
help it detect that this is a port exhaustion error:
[...] option redispatch
cookie NID insert preserve httponly secure domain .zhiyejing.com
...
server n1_0 10.0.0.1:80 check cookie n1 weight 10 source
10.0.0.100:1024-65534
server n1_1 10.0.0.1:800 track n1_0 cookie n1 weight 10 source
10.0.0.100:1024-65534
server n1_2 10.0.0.1:801 track n1_0 cookie n1 weight 10 source
10.0.0.100:1024-65534
...
server n2_0 10.0.0.2:80 check cookie n2 weight 10 source
10.0.0.100:1024-65534
server n2_1 10.0.0.2:800 track n2_0 cookie n2 weight 10 source
10.0.0.100:1024-65534
server n2_2 10.0.0.2:801 track n2_0 cookie n2 weight 10 source
10.0.0.100:1024-65534
...
[...]
Thanks :-)
--
Best Regards
BaiYang
[email protected]
http://baiy.cn
**** < END OF EMAIL > ****
