Welcome to WebmasterWorld Guest from 3.80.38.5

Forum Moderators: phranque

HAProxy Stick Tables - an answer you might not know

     
9:17 pm on Sep 21, 2018 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 25, 2003
posts:1206
votes: 339


I don't know how many of you use or are familiar with HAProxy [haproxy.org]the open source load balancer/proxy server - I have been a fan/user for over a decade.

I was reminded, today, of a feature that might be of interest given the EU's GDPR, current cookie directive and upcoming ePrivacy regulations, and various other jurisdictions requirements: stick tables.

For a quick overview: Introduction to HAProxy Stick Tables [haproxy.com] by Chad Lavoie, haproxy-dotcom blog, 20-September-2018.

From the version 1.8 (current stable release) Starter Guide:

Stick-tables are commonly used to store stickiness information, that is, to keep
a reference to the server a certain visitor was directed to. The key is then the
identifier associated with the visitor (its source address, the SSL ID of the
connection, an HTTP or RDP cookie, the customer number extracted from the URL or
from the payload, ...) and the stored value is then the server's identifier.

Stick tables may use 3 different types of samples for their keys : integers,
strings and addresses. Only one stick-table may be referenced in a proxy, and it
is designated everywhere with the proxy name. Up to 8 keys may be tracked in
parallel. The server identifier is committed during request or response
processing once both the key and the server are known.

Stick-table contents may be replicated in active-active mode with other HAProxy
nodes known as "peers" as well as with the new process during a reload operation
so that all load balancing nodes share the same information and take the same
routing decision if client's requests are spread over multiple nodes.

Since stick-tables are indexed on what allows to recognize a client, they are
often also used to store extra information such as per-client statistics. The
extra statistics take some extra space and need to be explicitly declared. The
type of statistics that may be stored includes the input and output bandwidth,
the number of concurrent connections, the connection rate and count over a
period, the amount and frequency of errors, some specific tags and counters,
etc. In order to support keeping such information without being forced to
stick to a given server, a special "tracking" feature is implemented and allows
to track up to 3 simultaneous keys from different tables at the same time
regardless of stickiness rules. Each stored statistics may be searched, dumped
and cleared from the CLI and adds to the live troubleshooting capabilities.

While this mechanism can be used to surclass a returning visitor or to adjust
the delivered quality of service depending on good or bad behavior, it is
mostly used to fight against service abuse and more generally DDoS as it allows
to build complex models to detect certain bad behaviors at a high processing
speed.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members