Re: Sticky-table contents is not distributed among peers

2017-11-29 Thread Максим Куприянов 
Oh, I've found in documentation that "The pushed values overwrite remote
ones without aggregation." So identical src as a key is possibly not a good
choice at all. I've tried `hostname` as a key, but still see only one entry
with it's local hostname in tables on each host.

Maybe I'm doing something completely wrong and there is a better way. What
I really want is to get an acl for a backend selection based on
request-per-second rate of connections through the whole location with many
haproxy installations. How can I achieve this?

2017-11-29 19:39 GMT+05:00 Максим Куприянов :

> Hi!
>
> First of all I'd like to thank you for such a great software, as Haproxy
> is. It is really one of the best opensource projects. And I'm your happy
> user for many years :)
>
> But now, I need help in troubleshooting. Recently I've tried to use
> distributed sticky-tables, but for some reason they're not synced between
> hosts (sometimes they really do, sometimes not).
>
> --
> Best regards,
> Maksim Kupriianov
>

Sticky-table contents is not distributed among peers

2017-11-29 Thread Максим Куприянов 
Hi!

First of all I'd like to thank you for such a great software, as Haproxy
is. It is really one of the best opensource projects. And I'm your happy
user for many years :)

But now, I need help in troubleshooting. Recently I've tried to use
distributed sticky-tables, but for some reason they're not synced between
hosts (sometimes they really do, sometimes not).

I have a haproxy-config which looks like following:


peers slb_local

  peer slb1 2a02:6b8:0::1:1666

  peer slb2 2a02:6b8:0::2:1666


frontend test

…

  stick-table type ipv6 size 100 peers slb_local store
http_req_rate(10s),http_err_rate(10s),conn_rate(10s)

  http-request track-sc0 src

…

I have only one client on top of haproxy. Tcpdump shows some traffic over
port tcp/1666 between hosts (connections are established, no firewall
problems here). But counters differ both in 1.7.9 haproxy and 1.8.0
versions of haproxy.

When both balancers are serving requests:

‘echo "show table test" | socat stdio /var/run/haproxy.sock’ from slb1:

# table: test, type: ipv6, size:100, used:1

0x7f2a38592b84: key=fdee:fdee:0:3400::2:225 use=34 exp=0
conn_rate(1)=15905 http_req_rate(1)=15905 http_err_rate(1)=0

>From slb2:

# table: test, type: ipv6, size:100, used:1

0x7fccb877bb24: key=fdee:fdee:0:3400::2:225 use=28 exp=0
conn_rate(1)=15941 http_req_rate(1)=15941 http_err_rate(1)=0

When one of them is blocked with firewall from external traffic:

# table: test, type: ipv6, size:100, used:1

0x7f2a38592b84: key=fdee:fdee:0:3400::2:225 use=94 exp=0
conn_rate(1)=32786 http_req_rate(1)=32786 http_err_rate(1)=0

# table: test, type: ipv6, size:100, used:1

0x7fccb877bb24: key=fdee:fdee:0:3400::2:225 use=0 exp=0 conn_rate(1)=0
http_req_rate(1)=0 http_err_rate(1)=0

Version:
HA-Proxy version 1.8.0-4 2017/11/29
Copyright 2000-2017 Willy Tarreau 

Build options :
  TARGET  = linux2628
  CPU = generic
  CC  = gcc
  CFLAGS  = -g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4
-Wformat -Werror=format-security -D_FORTIFY_SOURCE=2
  OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_THREAD=1
USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1 USE_TFO=1 USE_NS=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
Running on OpenSSL version : OpenSSL 1.0.1f 6 Jan 2014
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.1
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT
IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.31 2012-07-06
Running on PCRE version : 8.31 2012-07-06
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"),
deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.

Available polling systems :
  epoll : pref=300,  test result OK
   poll : pref=200,  test result OK
 select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace

--
Best regards,
Maksim Kupriianov