Hi Fred,
  Thanks for the reply.
I have two peers synchronising (we use keepalived over the two to control which 
is live).

HAProxy config:

peers lb_replication
  peer server1
  peer server2

backend sourceaddr
        stick-table type ip size 10240k expire 30m peers lb_replication 

frontend ft_web_ssl
        bind name https ssl crt /etc/haproxy/certs/main.pem    
        mode http
        option httplog

        acl is_from_outside src
        acl is_empty_path path /
       acl is_webmail hdr(host) -i webmail
       acl is_webmail_fqdn hdr(host) -i webmail.domain

       redirect location /owa/ code 302 if is_webmail is_empty_path ! 
       redirect location /owa/ code 302 if is_webmail_fqdn is_empty_path ! 
       default_backend bk_web_ssl

backend bk_web_ssl
        mode http
        option httplog
        cookie SERVERID insert nocache indirect   
        stick on src table sourceaddr  
        server server1 check ssl    
        server server2 check ssl backup    

It's fine for new connections - it records the correct server1/server2 
information. It's hard to demonstrate, but I can see when I use haproxyctl to 
clear an entry :

Haproxyctl clear table sourceaddr key <key> 

.. it doesn't clear the secondary node entry. When that entry for the client 
re-presents the expiry time on the secondary updates but the entry never clears.

I can't really include pictures on these emails, but the tables are kind of 


0x7fa8b247a4f4: key= use=0 exp=1574957 server_id=1


-----Original Message-----
From: Frederic Lecaille [mailto:flecai...@haproxy.com] 
Sent: 12 February 2018 12:56
To: Franks Andy (IT Technical Architecture Manager); 'haproxy@formilux.org'
Subject: Re: Peer tables don't synch on clear

On 02/08/2018 11:22 AM, Franks Andy (IT Technical Architecture Manager) 
> Hi all,

Hello Franks,

>    Haproxy 1.6.13
>    I've checked the documentation again but can't see an option for this.
> We sometimes clear backup path server use for individual connections and 
> whilst the peers synchronisation works for new connections, it doesn't 
> clear on the secondary peer node we're using.
> Is this by design or an option I'm not seeing?

Please give us more information about your configuration. If possible, 
also provide us with the information of stick-table entries concerned 
with this issue (see "show table" CLI command).

Do not forget to obfuscate the critical data.



Reply via email to