RE: Peer tables don't synch on clear

Mon, 12 Feb 2018 07:29:29 -0800 

Hi Fred,
  Thanks for the reply.
I have two peers synchronising (we use keepalived over the two to control which 
is live).

HAProxy config:

peers lb_replication
  peer server1 10.128.176.141:1024
  peer server2 10.128.176.142:1024

backend sourceaddr
        stick-table type ip size 10240k expire 30m peers lb_replication 

frontend ft_web_ssl
        bind 0.0.0.0:443 name https ssl crt /etc/haproxy/certs/main.pem    
        mode http
        option httplog

        acl is_from_outside src 192.168.110.0/24
        acl is_empty_path path /
       acl is_webmail hdr(host) -i webmail
       acl is_webmail_fqdn hdr(host) -i webmail.domain

       redirect location /owa/ code 302 if is_webmail is_empty_path ! 
is_from_outside
       redirect location /owa/ code 302 if is_webmail_fqdn is_empty_path ! 
is_from_outside
       default_backend bk_web_ssl

backend bk_web_ssl
        mode http
        option httplog
        cookie SERVERID insert nocache indirect   
        stick on src table sourceaddr  
        server server1 10.128.176.150:443 check ssl    
        server server2 10.51.0.150:443 check ssl backup    

It's fine for new connections - it records the correct server1/server2 
information. It's hard to demonstrate, but I can see when I use haproxyctl to 
clear an entry :

Haproxyctl clear table sourceaddr key <key> 

.. it doesn't clear the secondary node entry. When that entry for the client 
re-presents the expiry time on the secondary updates but the entry never clears.

I can't really include pictures on these emails, but the tables are kind of 
standard:

e.g. 

0x7fa8b247a4f4: key=217.40.203.34 use=0 exp=1574957 server_id=1

Thanks
Andy

-----Original Message-----
From: Frederic Lecaille [mailto:[email protected]] 
Sent: 12 February 2018 12:56
To: Franks Andy (IT Technical Architecture Manager); '[email protected]'
Subject: Re: Peer tables don't synch on clear

On 02/08/2018 11:22 AM, Franks Andy (IT Technical Architecture Manager) 
wrote:
> Hi all,

Hello Franks,

>    Haproxy 1.6.13
> 
>    I've checked the documentation again but can't see an option for this.
> 
> We sometimes clear backup path server use for individual connections and 
> whilst the peers synchronisation works for new connections, it doesn't 
> clear on the secondary peer node we're using.
> 
> Is this by design or an option I'm not seeing?

Please give us more information about your configuration. If possible, 
also provide us with the information of stick-table entries concerned 
with this issue (see "show table" CLI command).

Do not forget to obfuscate the critical data.

Regards,

Fred.

Reply via email to