RE: X-Forwarded-For Balancing
Thanks for the help and clarifications. I will give it a try. Thanks, Trent -Original Message- From: Aaron West [mailto:aa...@loadbalancer.org] Sent: Wednesday, July 26, 2017 3:11 PM To: Andrew Smalley Cc: Trenton Dyck; HAproxy Mailing Lists Subject: Re: X-Forwarded-For Balancing Trenton, To clarify I believe it will stick on XFF header if present but if not present fall back to stick on source.IP. Basically, it will use the first working "stick on" declaration, source IP will always work as there will always be one so that goes in as a last resort. Aaron West Loadbalancer.org www.loadbalancer.org +1 888 867 9504 / +44 (0)330 380 1064 aa...@loadbalancer.org LEAVE A REVIEW | DEPLOYMENT GUIDES | BLOG On 26 July 2017 at 19:36, Andrew Smalley <asmal...@loadbalancer.org> wrote: > Hi Trenton > > Here we use the stick on src ( Source IP ) and X-Forward-For method so > we can stick on both criteria > > Also the -1 to move the XFF IP back, Imagine there are 2 or 3 proxy's > all inserting X-Forward-For the -1 could also be -2 or -3 etc to move > the ip forward in the list > > 192.168.100.12 172.16.21.20 172.31.31.2 > > -1 would put the red address like this > > 172.16.21.20 172.31.31.2 > > I hope that all makes sense > > > Andruw Smalley > > Loadbalancer.org Ltd. > > www.loadbalancer.org > +1 888 867 9504 / +44 (0)330 380 1064 > asmal...@loadbalancer.org > > Leave a Review | Deployment Guides | Blog > > > On 25 July 2017 at 19:42, Trenton Dyck <trenton.d...@uxpsystems.com> wrote: >> >> Andrew, >> >> >> >> Thanks for this suggestion! When you say ‘move the XFF header back’ >> and you have a second stick on parameter what is the behavior you >> expect? Will it use src ip if no X-Forwarded-For header is present >> (our desired behavior)? >> >> >> >> Thanks, >> >> Trent >> >> >> >> From: Andrew Smalley [mailto:asmal...@loadbalancer.org] >> Sent: Tuesday, July 25, 2017 12:54 PM >> To: Trenton Dyck >> Cc: Aleksandar Lazic; haproxy@formilux.org >> Subject: Re: X-Forwarded-For Balancing >> >> >> >> Hi Trenton >> >> I hope the below example will help you with X-Forward-For + Stick >> table + replication >> >> listen VIP_Name >> >> bind 192.168.100.50:65435 transparent >> >> mode http >> >> balance roundrobin >> >> option forwardfor if-none >> >> stick on hdr(X-Forwarded-For,-1) # Note the ,-1 is to move the XFF >> header back one place in the list. >> >> stick on src >> >> stick-table type string len 64 size 10240k expire 30m peers >> loadbalancer_replication >> >> server backup 127.0.0.1:9081 backup non-stick >> >> option http-keep-alive >> >> timeout http-request 5s >> >> option redispatch >> >> option abortonclose >> >> maxconn 4 >> >> server RIP_Name 192.168.100.200:80 weight 100 check inter 500 >> rise >> 1 fall 1 minconn 0 maxconn 0 on-marked-down shutdown-sessions >> >> server RIP_Name-1 192.168.100.255:80 weight 100 check inter 500 >> rise 1 fall 1 minconn 0 maxconn 0 on-marked-down >> shutdown-sessions >> >> >> Andruw Smalley >> >> Loadbalancer.org Ltd. >> >> www.loadbalancer.org >> >> +1 888 867 9504 / +44 (0)330 380 1064 >> >> asmal...@loadbalancer.org >> >> Leave a Review | Deployment Guides | Blog >> >> >> >> On 25 July 2017 at 17:36, Trenton Dyck <trenton.d...@uxpsystems.com> >> wrote: >> >> Hi Alek, >> >> I want to balance via round-robin, but I want stick-tables to use the >> X-Forwarded-For header instead of src ip. It makes sense in our use >> case because a vast majority of our clients are behind a NAT and have >> the same source IP, but the X-Forwarded-For header is unique to them. >> >> Thanks, >> Trent >> >> >> -Original Message- >> From: Aleksandar Lazic [mailto:al-hapr...@none.at] >> Sent: Tuesday, July 25, 2017 11:20 AM >> To: Trenton Dyck >> Cc: haproxy@formilux.org >> Subject: Re: X-Forwarded-For Balancing >> >> Hi Trenton, >> >> Trenton Dyck wrote on 25.07.2017: >> >> > Hi, >> > >> > Is it possible to balance, via X-Forwarded-For header? We have >> > come across an issue with sticky-sessions and server weight that I >> > can't seem to find the answer to online (Unbalanced traffic). I >> > think stick-tables with this acl option would be nice to have for >> > a future version. >> >> http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-balanc >> e >> >> Something like this >> >> balance hdr(X-Forwarded-For) >> >> Does it make sense to balance based on this header?! >> What's the issue you want to solve? >> >> What do you mean with "stick-tables with this acl option"? >> >> > Please keep met CCed for responses since I'm not subscribed. >> > >> > Thanks, >> > >> > Trent >> >> -- >> Best Regards >> Aleks >> >> > >
Re: X-Forwarded-For Balancing
Trenton, To clarify I believe it will stick on XFF header if present but if not present fall back to stick on source.IP. Basically, it will use the first working "stick on" declaration, source IP will always work as there will always be one so that goes in as a last resort. Aaron West Loadbalancer.org www.loadbalancer.org +1 888 867 9504 / +44 (0)330 380 1064 aa...@loadbalancer.org LEAVE A REVIEW | DEPLOYMENT GUIDES | BLOG On 26 July 2017 at 19:36, Andrew Smalley <asmal...@loadbalancer.org> wrote: > Hi Trenton > > Here we use the stick on src ( Source IP ) and X-Forward-For method so we > can stick on both criteria > > Also the -1 to move the XFF IP back, Imagine there are 2 or 3 proxy's all > inserting X-Forward-For the -1 could also be -2 or -3 etc to move the ip > forward in the list > > 192.168.100.12 172.16.21.20 172.31.31.2 > > -1 would put the red address like this > > 172.16.21.20 172.31.31.2 > > I hope that all makes sense > > > Andruw Smalley > > Loadbalancer.org Ltd. > > www.loadbalancer.org > +1 888 867 9504 / +44 (0)330 380 1064 > asmal...@loadbalancer.org > > Leave a Review | Deployment Guides | Blog > > > On 25 July 2017 at 19:42, Trenton Dyck <trenton.d...@uxpsystems.com> wrote: >> >> Andrew, >> >> >> >> Thanks for this suggestion! When you say ‘move the XFF header back’ and >> you have a second stick on parameter what is the behavior you expect? Will >> it use src ip if no X-Forwarded-For header is present (our desired >> behavior)? >> >> >> >> Thanks, >> >> Trent >> >> >> >> From: Andrew Smalley [mailto:asmal...@loadbalancer.org] >> Sent: Tuesday, July 25, 2017 12:54 PM >> To: Trenton Dyck >> Cc: Aleksandar Lazic; haproxy@formilux.org >> Subject: Re: X-Forwarded-For Balancing >> >> >> >> Hi Trenton >> >> I hope the below example will help you with X-Forward-For + Stick table + >> replication >> >> listen VIP_Name >> >> bind 192.168.100.50:65435 transparent >> >> mode http >> >> balance roundrobin >> >> option forwardfor if-none >> >> stick on hdr(X-Forwarded-For,-1) # Note the ,-1 is to move the XFF >> header back one place in the list. >> >> stick on src >> >> stick-table type string len 64 size 10240k expire 30m peers >> loadbalancer_replication >> >> server backup 127.0.0.1:9081 backup non-stick >> >> option http-keep-alive >> >> timeout http-request 5s >> >> option redispatch >> >> option abortonclose >> >> maxconn 4 >> >> server RIP_Name 192.168.100.200:80 weight 100 check inter 500 rise >> 1 fall 1 minconn 0 maxconn 0 on-marked-down shutdown-sessions >> >> server RIP_Name-1 192.168.100.255:80 weight 100 check inter 500 >> rise 1 fall 1 minconn 0 maxconn 0 on-marked-down shutdown-sessions >> >> >> Andruw Smalley >> >> Loadbalancer.org Ltd. >> >> www.loadbalancer.org >> >> +1 888 867 9504 / +44 (0)330 380 1064 >> >> asmal...@loadbalancer.org >> >> Leave a Review | Deployment Guides | Blog >> >> >> >> On 25 July 2017 at 17:36, Trenton Dyck <trenton.d...@uxpsystems.com> >> wrote: >> >> Hi Alek, >> >> I want to balance via round-robin, but I want stick-tables to use the >> X-Forwarded-For header instead of src ip. It makes sense in our use case >> because a vast majority of our clients are behind a NAT and have the same >> source IP, but the X-Forwarded-For header is unique to them. >> >> Thanks, >> Trent >> >> >> -Original Message- >> From: Aleksandar Lazic [mailto:al-hapr...@none.at] >> Sent: Tuesday, July 25, 2017 11:20 AM >> To: Trenton Dyck >> Cc: haproxy@formilux.org >> Subject: Re: X-Forwarded-For Balancing >> >> Hi Trenton, >> >> Trenton Dyck wrote on 25.07.2017: >> >> > Hi, >> > >> > Is it possible to balance, via X-Forwarded-For header? We have come >> > across an issue with sticky-sessions and server weight that I can't >> > seem to find the answer to online (Unbalanced traffic). I think >> > stick-tables with this acl option would be nice to have for a future >> > version. >> >> http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-balance >> >> Something like this >> >> balance hdr(X-Forwarded-For) >> >> Does it make sense to balance based on this header?! >> What's the issue you want to solve? >> >> What do you mean with "stick-tables with this acl option"? >> >> > Please keep met CCed for responses since I'm not subscribed. >> > >> > Thanks, >> > >> > Trent >> >> -- >> Best Regards >> Aleks >> >> > >
Re: X-Forwarded-For Balancing
Hi Trenton Here we use the stick on src ( Source IP ) and X-Forward-For method so we can stick on both criteria Also the -1 to move the XFF IP back, Imagine there are 2 or 3 proxy's all inserting X-Forward-For the -1 could also be -2 or -3 etc to move the ip forward in the list 192.168.100.12 172.16.21.20 172.31.31.2 -1 would put the red address like this 172.16.21.20 172.31.31.2 I hope that all makes sense Andruw Smalley Loadbalancer.org Ltd. www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017> <https://plus.google.com/+LoadbalancerOrg> <https://twitter.com/loadbalancerorg> <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name> <https://www.loadbalancer.org/?category=company=overview&?gclid=ES2017> <https://www.loadbalancer.org/?gclid=ES2017> +1 888 867 9504 / +44 (0)330 380 1064 asmal...@loadbalancer.org Leave a Review <http://collector.reviews.io/loadbalancer-org-inc-/new-review> | Deployment Guides <https://www.loadbalancer.org/?category=resources=deployment-guides&?gclid=ES2017> | Blog <https://www.loadbalancer.org/?category=blog&?gclid=ES2017> On 25 July 2017 at 19:42, Trenton Dyck <trenton.d...@uxpsystems.com> wrote: > Andrew, > > > > Thanks for this suggestion! When you say ‘move the XFF header back’ and > you have a second stick on parameter what is the behavior you expect? Will > it use src ip if no X-Forwarded-For header is present (our desired > behavior)? > > > > Thanks, > > Trent > > > > *From:* Andrew Smalley [mailto:asmal...@loadbalancer.org] > *Sent:* Tuesday, July 25, 2017 12:54 PM > *To:* Trenton Dyck > *Cc:* Aleksandar Lazic; haproxy@formilux.org > *Subject:* Re: X-Forwarded-For Balancing > > > > Hi Trenton > > I hope the below example will help you with X-Forward-For + Stick table + > replication > > listen VIP_Name > > bind 192.168.100.50:65435 transparent > > mode http > > balance roundrobin > > option forwardfor if-none > > stick on hdr(X-Forwarded-For,-1) # Note the ,-1 is to move the XFF > header back one place in the list. > > stick on src > > stick-table type string len 64 size 10240k expire 30m peers > loadbalancer_replication > > server backup 127.0.0.1:9081 backup non-stick > > option http-keep-alive > > timeout http-request 5s > > option redispatch > > option abortonclose > > maxconn 4 > > server RIP_Name 192.168.100.200:80 weight 100 check inter 500 rise 1 > fall 1 minconn 0 maxconn 0 on-marked-down shutdown-sessions > > server RIP_Name-1 192.168.100.255:80 weight 100 check inter 500 rise > 1 fall 1 minconn 0 maxconn 0 on-marked-down shutdown-sessions > > > Andruw Smalley > > Loadbalancer.org Ltd. > > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017> > > <https://plus.google.com/+LoadbalancerOrg> > <https://twitter.com/loadbalancerorg> > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name> > <https://www.loadbalancer.org/?category=company=overview&?gclid=ES2017> > > <https://www.loadbalancer.org/?gclid=ES2017> > > +1 888 867 9504 / +44 (0)330 380 1064 > > asmal...@loadbalancer.org > > Leave a Review > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> | Deployment > Guides > <https://www.loadbalancer.org/?category=resources=deployment-guides&?gclid=ES2017> > | Blog <https://www.loadbalancer.org/?category=blog&?gclid=ES2017> > > > > On 25 July 2017 at 17:36, Trenton Dyck <trenton.d...@uxpsystems.com> > wrote: > > Hi Alek, > > I want to balance via round-robin, but I want stick-tables to use the > X-Forwarded-For header instead of src ip. It makes sense in our use case > because a vast majority of our clients are behind a NAT and have the same > source IP, but the X-Forwarded-For header is unique to them. > > Thanks, > Trent > > > -Original Message- > From: Aleksandar Lazic [mailto:al-hapr...@none.at] > Sent: Tuesday, July 25, 2017 11:20 AM > To: Trenton Dyck > Cc: haproxy@formilux.org > Subject: Re: X-Forwarded-For Balancing > > Hi Trenton, > > Trenton Dyck wrote on 25.07.2017: > > > Hi, > > > > Is it possible to balance, via X-Forwarded-For header? We have come > > across an issue with sticky-sessions and server weight that I can't > > seem to find the answer to online (Unbalanced traffic). I think > > stick-tables with this acl option would be nice to have for a future > version. > > http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-balance > > Something like this > > balance hdr(X-Forwarded-For) > > Does it make sense to balance based on this header?! > What's the issue you want to solve? > > What do you mean with "stick-tables with this acl option"? > > > Please keep met CCed for responses since I'm not subscribed. > > > > Thanks, > > > > Trent > > -- > Best Regards > Aleks > > >
Re: X-Forwarded-For Balancing
I just wanted to add a quick apology for the HTML footer. Andruw Smalley Loadbalancer.org Ltd. www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017> <https://plus.google.com/+LoadbalancerOrg> <https://twitter.com/loadbalancerorg> <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name> <https://www.loadbalancer.org/?category=company=overview&?gclid=ES2017> <https://www.loadbalancer.org/?gclid=ES2017> +1 888 867 9504 / +44 (0)330 380 1064 asmal...@loadbalancer.org Leave a Review <http://collector.reviews.io/loadbalancer-org-inc-/new-review> | Deployment Guides <https://www.loadbalancer.org/?category=resources=deployment-guides&?gclid=ES2017> | Blog <https://www.loadbalancer.org/?category=blog&?gclid=ES2017> On 25 July 2017 at 17:54, Andrew Smalley <asmal...@loadbalancer.org> wrote: > Hi Trenton > > I hope the below example will help you with X-Forward-For + Stick table + > replication > > listen VIP_Name > bind 192.168.100.50:65435 transparent > mode http > balance roundrobin > option forwardfor if-none > stick on hdr(X-Forwarded-For,-1) # Note the ,-1 is to move the XFF > header back one place in the list. > stick on src > stick-table type string len 64 size 10240k expire 30m peers > loadbalancer_replication > server backup 127.0.0.1:9081 backup non-stick > option http-keep-alive > timeout http-request 5s > option redispatch > option abortonclose > maxconn 4 > server RIP_Name 192.168.100.200:80 weight 100 check inter 500 rise 1 > fall 1 minconn 0 maxconn 0 on-marked-down shutdown-sessions > server RIP_Name-1 192.168.100.255:80 weight 100 check inter 500 rise > 1 fall 1 minconn 0 maxconn 0 on-marked-down shutdown-sessions > > > Andruw Smalley > > Loadbalancer.org Ltd. > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017> > > <https://plus.google.com/+LoadbalancerOrg> > <https://twitter.com/loadbalancerorg> > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name> > <https://www.loadbalancer.org/?category=company=overview&?gclid=ES2017> > <https://www.loadbalancer.org/?gclid=ES2017> > +1 888 867 9504 / +44 (0)330 380 1064 > asmal...@loadbalancer.org > > Leave a Review > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> | Deployment > Guides > <https://www.loadbalancer.org/?category=resources=deployment-guides&?gclid=ES2017> > | Blog <https://www.loadbalancer.org/?category=blog&?gclid=ES2017> > > On 25 July 2017 at 17:36, Trenton Dyck <trenton.d...@uxpsystems.com> > wrote: > >> Hi Alek, >> >> I want to balance via round-robin, but I want stick-tables to use the >> X-Forwarded-For header instead of src ip. It makes sense in our use case >> because a vast majority of our clients are behind a NAT and have the same >> source IP, but the X-Forwarded-For header is unique to them. >> >> Thanks, >> Trent >> >> -Original Message- >> From: Aleksandar Lazic [mailto:al-hapr...@none.at] >> Sent: Tuesday, July 25, 2017 11:20 AM >> To: Trenton Dyck >> Cc: haproxy@formilux.org >> Subject: Re: X-Forwarded-For Balancing >> >> Hi Trenton, >> >> Trenton Dyck wrote on 25.07.2017: >> >> > Hi, >> > >> > Is it possible to balance, via X-Forwarded-For header? We have come >> > across an issue with sticky-sessions and server weight that I can't >> > seem to find the answer to online (Unbalanced traffic). I think >> > stick-tables with this acl option would be nice to have for a future >> version. >> >> http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-balance >> >> Something like this >> >> balance hdr(X-Forwarded-For) >> >> Does it make sense to balance based on this header?! >> What's the issue you want to solve? >> >> What do you mean with "stick-tables with this acl option"? >> >> > Please keep met CCed for responses since I'm not subscribed. >> > >> > Thanks, >> > >> > Trent >> >> -- >> Best Regards >> Aleks >> >> >> >
Re: X-Forwarded-For Balancing
Hi Trenton I hope the below example will help you with X-Forward-For + Stick table + replication listen VIP_Name bind 192.168.100.50:65435 transparent mode http balance roundrobin option forwardfor if-none stick on hdr(X-Forwarded-For,-1) # Note the ,-1 is to move the XFF header back one place in the list. stick on src stick-table type string len 64 size 10240k expire 30m peers loadbalancer_replication server backup 127.0.0.1:9081 backup non-stick option http-keep-alive timeout http-request 5s option redispatch option abortonclose maxconn 4 server RIP_Name 192.168.100.200:80 weight 100 check inter 500 rise 1 fall 1 minconn 0 maxconn 0 on-marked-down shutdown-sessions server RIP_Name-1 192.168.100.255:80 weight 100 check inter 500 rise 1 fall 1 minconn 0 maxconn 0 on-marked-down shutdown-sessions Andruw Smalley Loadbalancer.org Ltd. www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017> <https://plus.google.com/+LoadbalancerOrg> <https://twitter.com/loadbalancerorg> <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name> <https://www.loadbalancer.org/?category=company=overview&?gclid=ES2017> <https://www.loadbalancer.org/?gclid=ES2017> +1 888 867 9504 / +44 (0)330 380 1064 asmal...@loadbalancer.org Leave a Review <http://collector.reviews.io/loadbalancer-org-inc-/new-review> | Deployment Guides <https://www.loadbalancer.org/?category=resources=deployment-guides&?gclid=ES2017> | Blog <https://www.loadbalancer.org/?category=blog&?gclid=ES2017> On 25 July 2017 at 17:36, Trenton Dyck <trenton.d...@uxpsystems.com> wrote: > Hi Alek, > > I want to balance via round-robin, but I want stick-tables to use the > X-Forwarded-For header instead of src ip. It makes sense in our use case > because a vast majority of our clients are behind a NAT and have the same > source IP, but the X-Forwarded-For header is unique to them. > > Thanks, > Trent > > -Original Message- > From: Aleksandar Lazic [mailto:al-hapr...@none.at] > Sent: Tuesday, July 25, 2017 11:20 AM > To: Trenton Dyck > Cc: haproxy@formilux.org > Subject: Re: X-Forwarded-For Balancing > > Hi Trenton, > > Trenton Dyck wrote on 25.07.2017: > > > Hi, > > > > Is it possible to balance, via X-Forwarded-For header? We have come > > across an issue with sticky-sessions and server weight that I can't > > seem to find the answer to online (Unbalanced traffic). I think > > stick-tables with this acl option would be nice to have for a future > version. > > http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-balance > > Something like this > > balance hdr(X-Forwarded-For) > > Does it make sense to balance based on this header?! > What's the issue you want to solve? > > What do you mean with "stick-tables with this acl option"? > > > Please keep met CCed for responses since I'm not subscribed. > > > > Thanks, > > > > Trent > > -- > Best Regards > Aleks > > >
RE: X-Forwarded-For Balancing
Hi Alek, I want to balance via round-robin, but I want stick-tables to use the X-Forwarded-For header instead of src ip. It makes sense in our use case because a vast majority of our clients are behind a NAT and have the same source IP, but the X-Forwarded-For header is unique to them. Thanks, Trent -Original Message- From: Aleksandar Lazic [mailto:al-hapr...@none.at] Sent: Tuesday, July 25, 2017 11:20 AM To: Trenton Dyck Cc: haproxy@formilux.org Subject: Re: X-Forwarded-For Balancing Hi Trenton, Trenton Dyck wrote on 25.07.2017: > Hi, > > Is it possible to balance, via X-Forwarded-For header? We have come > across an issue with sticky-sessions and server weight that I can't > seem to find the answer to online (Unbalanced traffic). I think > stick-tables with this acl option would be nice to have for a future version. http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-balance Something like this balance hdr(X-Forwarded-For) Does it make sense to balance based on this header?! What's the issue you want to solve? What do you mean with "stick-tables with this acl option"? > Please keep met CCed for responses since I'm not subscribed. > > Thanks, > > Trent -- Best Regards Aleks
Re: X-Forwarded-For Balancing
Hi Trenton, Trenton Dyck wrote on 25.07.2017: > Hi, > > Is it possible to balance, via X-Forwarded-For header? We have come > across an issue with sticky-sessions and server weight that I can’t > seem to find the answer to online (Unbalanced traffic). I think > stick-tables with this acl option would be nice to have for a future version. http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-balance Something like this balance hdr(X-Forwarded-For) Does it make sense to balance based on this header?! What's the issue you want to solve? What do you mean with "stick-tables with this acl option"? > Please keep met CCed for responses since I’m not subscribed. > > Thanks, > > Trent -- Best Regards Aleks
X-Forwarded-For Balancing
Hi, Is it possible to balance, via X-Forwarded-For header? We have come across an issue with sticky-sessions and server weight that I can't seem to find the answer to online (Unbalanced traffic). I think stick-tables with this acl option would be nice to have for a future version. Please keep met CCed for responses since I'm not subscribed. Thanks, Trent
