Rate limiting with multiple haproxy servers

Sun, 17 Apr 2016 10:49:29 -0700 

Hi,

We have multiple haproxy servers  receiving traffic from our firewall, we
want to apply some rate limiting that takes into account counters from all
the haproxy servers.

I am testing this with 1.6.4 and I tried the peer feature, but not able to
get it to work. I understand that counter aggregation does not happen, but
even replication doesn¹t seem to be working for me.

Conf:
Peers article

        peer haproxy1 127.0.0.1:11023

        peer haproxy2 127.0.0.1:11024



global

        stats socket /tmp/haproxy.sock mode 600 level admin

        #maxconn 3000

        #maxconn 10000





defaults

        log 127.0.0.1 local1

        option httplog

        mode http

        timeout server 120s

        timeout queue 1000s

        timeout client 1200s # CLient Inactive time

        timeout connect 100s # timeout for server connection

        timeout check 500s   # timeout for server check pings

        maxconn 10000

        retries 2

        option redispatch

        option http-server-close



frontend haproxy1_l2

        mode http

        option forwardfor

        capture cookie egnyte-proxy len 32

        capture request header host len 32



        bind *:1443 ssl crt /home/egnyte/haproxy/conf/key.pem crt
/home/egnyte/haproxy/conf/certs

        tcp-request inspect-delay 5s

        tcp-request content accept if { req_ssl_hello_type 1 }



        stick-table type string size  1M expire 10m store conn_cur peers
article

        acl is_range  hdr_sub(Range) bytes=

        acl is_path_throttled path_beg /public-api/v1/fs-content-download

        acl is_path_throttled path_end /get_file

        acl is_path_throttled path_beg /wsgi/print_headers.py

        #tcp-request content track-sc1 base32 if is_range is_path_throttled

        http-request set-header X-track %[url]

        http-request track-sc1 req.hdr(X-track) if is_range
is_path_throttled

        http-request deny if { sc1_conn_cur gt 2 } is_range
is_path_throttled



        default_backend apache_l1



backend apache_l1

        mode http

        maxconn 10000

        reqadd      X-Haproxy-L1:\ true

        server apache_l1 127.0.0.1:80



Is there any other way to have rate limiting that can track the counters
across haproxy servers? How about seeding counters in to redis using lua and
then reading them to rate limit ­ is it even feasible, I have not looked at
it in detail yet,  just wanted to see if somebody has tried something
similar.

Thanks
Sachin

Reply via email to