Hi Fred, Thanks for the reply. I have two peers synchronising (we use keepalived over the two to control which is live).
HAProxy config: peers lb_replication peer server1 10.128.176.141:1024 peer server2 10.128.176.142:1024 backend sourceaddr stick-table type ip size 10240k expire 30m peers lb_replication frontend ft_web_ssl bind 0.0.0.0:443 name https ssl crt /etc/haproxy/certs/main.pem mode http option httplog acl is_from_outside src 192.168.110.0/24 acl is_empty_path path / acl is_webmail hdr(host) -i webmail acl is_webmail_fqdn hdr(host) -i webmail.domain redirect location /owa/ code 302 if is_webmail is_empty_path ! is_from_outside redirect location /owa/ code 302 if is_webmail_fqdn is_empty_path ! is_from_outside default_backend bk_web_ssl backend bk_web_ssl mode http option httplog cookie SERVERID insert nocache indirect stick on src table sourceaddr server server1 10.128.176.150:443 check ssl server server2 10.51.0.150:443 check ssl backup It's fine for new connections - it records the correct server1/server2 information. It's hard to demonstrate, but I can see when I use haproxyctl to clear an entry : Haproxyctl clear table sourceaddr key <key> .. it doesn't clear the secondary node entry. When that entry for the client re-presents the expiry time on the secondary updates but the entry never clears. I can't really include pictures on these emails, but the tables are kind of standard: e.g. 0x7fa8b247a4f4: key=22.214.171.124 use=0 exp=1574957 server_id=1 Thanks Andy -----Original Message----- From: Frederic Lecaille [mailto:flecai...@haproxy.com] Sent: 12 February 2018 12:56 To: Franks Andy (IT Technical Architecture Manager); 'email@example.com' Subject: Re: Peer tables don't synch on clear On 02/08/2018 11:22 AM, Franks Andy (IT Technical Architecture Manager) wrote: > Hi all, Hello Franks, > Haproxy 1.6.13 > > I've checked the documentation again but can't see an option for this. > > We sometimes clear backup path server use for individual connections and > whilst the peers synchronisation works for new connections, it doesn't > clear on the secondary peer node we're using. > > Is this by design or an option I'm not seeing? Please give us more information about your configuration. If possible, also provide us with the information of stick-table entries concerned with this issue (see "show table" CLI command). Do not forget to obfuscate the critical data. Regards, Fred.