Re: Using operators in ACLs
> On 24 Feb 2016, at 14:07, Willy Tarreauwrote: > > On Wed, Feb 24, 2016 at 01:36:39PM +0300, Dmitry Sivachenko wrote: >> I do have "mode http" (I intentionally put it here with a comment). >> Will it work only for tcp-mode frontend? >> Or should I use tcp-request for tcp frontend and http-request for http >> frontend? > > Both tcp-request and http-request will work in your HTTP frontend. My point > is that if your frontend is in HTTP mode, you won't be able to direct the > traffic to a TCP backend, the config parser will reject this. Ah, yes, I see. Thanks for the explanation.
Re: Using operators in ACLs
On Wed, Feb 24, 2016 at 01:36:39PM +0300, Dmitry Sivachenko wrote: > I do have "mode http" (I intentionally put it here with a comment). > Will it work only for tcp-mode frontend? > Or should I use tcp-request for tcp frontend and http-request for http > frontend? Both tcp-request and http-request will work in your HTTP frontend. My point is that if your frontend is in HTTP mode, you won't be able to direct the traffic to a TCP backend, the config parser will reject this. Willy
Re: Using operators in ACLs
> On 24 Feb 2016, at 01:02, Willy Tarreauwrote: > > Hi Dmitry, > > On Fri, Feb 19, 2016 at 05:58:47PM +0300, Dmitry Sivachenko wrote: >> Hello, >> >> I want to define ACL which will evaluate to true if a current number of >> connections to a particular backend is greater than a number of usable >> servers in that backend multiplied on some constant: >> >> be_conn(BACK) > nbsrv(BACK) * N >> >> So far I came up with the following solution: >> >> frontend FRONT >>mode http # can be either http or tcp here >>tcp-request content set-var(sess.nb) nbsrv(BACK) # I use tcp-request >> here (not http-request) so it works for both http and tcp mode backends >>acl my_acl be_conn(BACK),div(sess.nb) gt 10 # "N" in 10 here >> >> >> So I must use set-var here because div() accepts either a number or a >> variable. >> >> Is this a good sulution for my problem or it can be done better? > > It currently is the only available solution, and I'm glad that you spotted > it because support for variables in arithmetic operators was added in great > part to permit such things. > > I do have one comment regarding your comment about tcp-request vs > http-request. What you say is valid only if you don't have "mode http" > in your frontend, but I assume that you simplified the config so that > it's easy to understand here. > I do have "mode http" (I intentionally put it here with a comment). Will it work only for tcp-mode frontend? Or should I use tcp-request for tcp frontend and http-request for http frontend?
Re: Using operators in ACLs
Hi Dmitry, On Fri, Feb 19, 2016 at 05:58:47PM +0300, Dmitry Sivachenko wrote: > Hello, > > I want to define ACL which will evaluate to true if a current number of > connections to a particular backend is greater than a number of usable > servers in that backend multiplied on some constant: > > be_conn(BACK) > nbsrv(BACK) * N > > So far I came up with the following solution: > > frontend FRONT > mode http # can be either http or tcp here > tcp-request content set-var(sess.nb) nbsrv(BACK) # I use tcp-request > here (not http-request) so it works for both http and tcp mode backends > acl my_acl be_conn(BACK),div(sess.nb) gt 10 # "N" in 10 here > > > So I must use set-var here because div() accepts either a number or a > variable. > > Is this a good sulution for my problem or it can be done better? It currently is the only available solution, and I'm glad that you spotted it because support for variables in arithmetic operators was added in great part to permit such things. I do have one comment regarding your comment about tcp-request vs http-request. What you say is valid only if you don't have "mode http" in your frontend, but I assume that you simplified the config so that it's easy to understand here. Regards, Willy
Using operators in ACLs
Hello, I want to define ACL which will evaluate to true if a current number of connections to a particular backend is greater than a number of usable servers in that backend multiplied on some constant: be_conn(BACK) > nbsrv(BACK) * N So far I came up with the following solution: frontend FRONT mode http # can be either http or tcp here tcp-request content set-var(sess.nb) nbsrv(BACK) # I use tcp-request here (not http-request) so it works for both http and tcp mode backends acl my_acl be_conn(BACK),div(sess.nb) gt 10 # "N" in 10 here So I must use set-var here because div() accepts either a number or a variable. Is this a good sulution for my problem or it can be done better? Thanks!