cond table via dummy backend though. I don't have access to
>> my notes atm so maybe someone else can jump in and help with this.
>> On 01/10/2015 2:22 PM, "Jason J. W. Williams" <jasonjwwilli...@gmail.com>
>> wrote:
>>
>>> I still would like to ke
We've been seeing CenturyLink and a few other residential providers NATing
their IPv4 traffic, making client persistency on source IP result in really
lopsided load balancing lately.
We'd like to convert to sticking on a custom header we're already using
that IDs the user. There isn't a lot of
in that case though
>
> On 01/10/2015 5:07 AM, "Jason J. W. Williams" <jasonjwwilli...@gmail.com>
> wrote:
> >
> > We've been seeing CenturyLink and a few other residential providers
> NATing their IPv4 traffic, making client persistency on source IP result in
<ig...@encompasscorporation.com>
> wrote:
>
> Well in case of header you would have something like this I guess:
>
> tcp-request content track-sc1 hdr(x-app-authorization)
>
>
>
>> On Thu, Oct 1, 2015 at 9:47 AM, Jason J. W. Williams
>> <jasonjwwilli..
Hi,
I'm converting an older listen configuration to a frontend/backend set
up for SSL...would the following directives be better suited in the
frontend or the backend section?
# Persistently map clients to backends by client IP
stick-table type ip size XX expire YY peers ZZ
stick on src
the list know
what we end up with. :)
-J
Sent via iPhone
On Oct 24, 2014, at 0:49, JCM cont...@jpluscplusm.com wrote:
On 24 Oct 2014 03:18, Jason J. W. Williams jasonjwwilli...@gmail.com
wrote:
How are folks deal with direct healthchecks (e.g. from Nagios) of
backend servers that have
Just wanted to say thank you to cbonte for the searchable version of
the docs at http://cbonte.github.io/haproxy-dconv/
They're fantastic. Thank you for putting the effort into making that interface.
-J
Is there a max length of a peername? We're noticing HAProxy can't
find the local peer because it's hostname is quite long and HAProxy
appears to be truncating the last 4 characters when trying to match.
-J
How are folks deal with direct healthchecks (e.g. from Nagios) of
backend servers that have PROXY protocol enabled? Currently we're
using a BASH scripts around wget and curl, but since wget and curl
can't send the PROXY header, that approach doesn't work. Hoping
someone has a a slick wrapper
://gist.github.com/williamsjj/cc1207b5fc42ad94df73
Thank you in advance.
-J
On Thu, Oct 16, 2014 at 1:03 PM, Willy Tarreau w...@1wt.eu wrote:
On Tue, Oct 14, 2014 at 11:57:14PM -0700, Jason J. W. Williams wrote:
Are there any known issues with using HAProxy to load balance forward
proxies? I'm seeing
With incoming mail, I can make use of HAProxy’s send-proxy feature to make
the source-IP known to the backend SMTP-servers.
(Works in the lab, I just need to move a few hundred customers off port 25
for authenticated SMTP, as send-proxy is incompatible with authentication
(right?))
Are there any known issues with using HAProxy to load balance forward
proxies? I'm seeing an issue where when I put HAProxy in front of the
forward proxies, the connection just hangs after the forward proxy
replies 200 Connection Established.
All other HTTP methods work fine. And if I connect
I'm really amazed by the amount of breakage these new service managers are
causing to a simple process management that has been working well for over
40 years of UNIX existence now, and the difficulty we have to work around
this whole mess!
If there was a poster child for knowing better than
Hi Kobus,
You might look into if Zeus/Stingray can do this with their rules, as it looks
like F5 can:
https://devcentral.f5.com/articles/accessing-tcp-options-from-irules
HAProxy is my first choice normally, but for situations like yours I'd take a
look at Zeus/Stingray ZXTM (since it's
Ahmed,
Why don't you just set up test environment and see if it works for you?
-J
Sent via iPhone
Is your email Premiere?
On Jul 9, 2014, at 5:43, Ahmed Ayoub a.ay...@cequens.com wrote:
Dears any updates?
Best regards,
Ahmed Ayoub
Chief Architect
Mob: +20 (10) 06719983
Hello,
Is anyone running redundant HAProxy servers that use TPROXY for
transparent proxying (preserve source IP) and use Heartbeat for
failover of VIPs and shared interface IPs? We're curious if you run
into issues due to combination of shared IPs and TPROXY? Thank you in
advance.
-J
great. I have several pairs of vm haproxy servers in transparent mode
and running heartbeat to take over the shared IP.
-Original Message-
From: Jason J. W. Williams [mailto:jasonjwwilli...@gmail.com]
Sent: Tuesday, September 27, 2011 3:46 PM
To: haproxy@formilux.org
Subject: TPROXY
a look at:
http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/
Ignore the kernel re-compile stuff, as its all pretty standard in
modern kernels.
But it should show you how to construct the haproxy.cfg file.
On 23 September 2011 22:53, Jason J
Hello,
My understanding has been that HAProxy can be set up in conjunction
with TPROXY support in the Linux kernel so that the backend servers
see the original client's source IP address on incoming packets?
So is the option transparent
(http://code.google.com/p/haproxy-docs/wiki/transparent)
Generally the Caviums are used for SSL offload. The CPUs in F5s generally do
the bulk of the L7 + iRules application.
-J
Sent via iPhone
Is your e-mail Premiere?
On May 7, 2011, at 0:06, Baptiste bed...@gmail.com wrote:
On Sat, May 7, 2011 at 12:14 AM, Vincent Bernat ber...@luffy.cx wrote:
with both client and server
- a NATing device doesn't know about sockets at all and will simply
rewrite IP and sometimes TCP/UDP headers
On Thu, Mar 24, 2011 at 4:59 PM, Jason J. W. Williams
jasonjwwilli...@gmail.com wrote:
Hi All,
I'm trying to find documentation on configuring HAProxy to do
If you mean something like half-NAT described below...
http://lbwiki.com/index.php/NAT
That's exactly what I mean by half-NAT.
Then you are looking for the TPROXY support of HAProxy...
http://blog.loadbalancer.org/configure-haproxy-with-tproxy-kernel-for-full-transparent-proxy/
Anyway the purist in me will say that this is not NAT, as there is no
relation between the packets of each side, this is still proxying but
with spoofed addresses.
Hey, I don't care what HAProxy wants to call it...y'all have it is all that
matters for me. :)
I just come from a traditional
somebody wanna make it do DSR next? :)
-r
Just from a cursory look, that seems like something TPROXY would need to be
extended to support and then HAProxy could leverage it. Should only take a
weekend right? ;)
-J
Hello,
Can you tell me why HAProxy considers this response from a Riak
backend server invalid? https://gist.github.com/850204
I suspect it's the length of the Link header. Thank you in advance.
-J
to make a new record. ;)
-J
Sent via iPhone
Is your e-mail Premiere?
On Mar 1, 2011, at 23:20, Willy Tarreau w...@1wt.eu wrote:
On Tue, Mar 01, 2011 at 05:24:18PM -0700, Jason J. W. Williams wrote:
Hello,
Can you tell me why HAProxy considers this response from a Riak
backend server invalid
You might take a look at one of these:
http://www.caviumnetworks.com/processor_security_nitroxLite.htm
They ship a modified OpenSSL stack to take advantage of the card. Cavium is
what's inside most of the commercial load balancers...including I believe F5.
-J
Sent via iPhone
Is your e-mail
I very much agree with the checkbox and then action button. I've used
SLB devices that do it both ways, and the checkbox method has an
additional benefit: when you need to disable a segment of your
backends for upgrades you can set the checkboxes then double check
your settings and take them all
My two cents for what it's worth...
This would be a terrific feature and the one I miss the most from
commercial load balancers. Makes taking real servers in and out of
battery to test an issue simple.
My recommendation would be to make the stats interface read-only by
default, and allow
Hello,
Is it possible to handle UDP load balancing with HAProxy? Particular
application here is SLB in front of multiple DNS servers.
-J
Hi Laurie,
This thread might be helpful:
http://www.mail-archive.com/haproxy@formilux.org/msg00926.html
-J
On Thu, Jun 3, 2010 at 8:33 AM, Laurie Young lau...@new-bamboo.co.uk wrote:
Hi Everyone
I'm curious to know what is the maximum number of open connections that
HAProxy can have at any
Hi Matt,
I'm new to HAProxy myself, but I'm going to guess it does NOT have
support for event-ports (Solaris' version of epoll or kqueues) which
means it's going to use poll() and be much less performant. It's
pretty much impossible to do efficient asynchronous network servers
without epoll,
loading one web page.
matt
On May 19, 2010, at 4:52 PM, Jason J. W. Williams wrote:
Hi Matt,
I'm new to HAProxy myself, but I'm going to guess it does NOT have
support for event-ports (Solaris' version of epoll or kqueues) which
means it's going to use poll() and be much less performant. It's
Hi Y'all,
In case anyone else could use it, I've posted a syntax highlighting
TextMate bundle for HAProxy config files:
http://github.com/williamsjj/haproxy.tmbundle
-J
34 matches
Mail list logo