Introduction to HAProxy Stick Tables

blog20180921-01.cfg

backend webfarm
    stick-table type ip size 1m expire 10s store http_req_rate(10s)
    # other configuration...

blog20180921-02.cfg

backend st_src_global
    stick-table type ip size 1m expire 10s store http_req_rate(10s)

frontend fe_main
    bind *:80
    http-request track-sc0 src table st_src_global

blog20180921-03.cfg

backend st_src_global
    stick-table type ip size 1m expire 10m store http_req_rate(10m)

backend st_src_login
    stick-table type ip size 1m expire 10m store http_req_rate(10m)

backend st_src_api
    stick-table type ip size 1m expire 10m store http_req_rate(10m)

frontend fe_main
    bind *:80
    http-request track-sc0 src table st_src_global
    http-request track-sc1 src table st_src_login if { path_beg /login }
    http-request track-sc1 src table st_src_api if { path_beg /api }

blog20180921-04.sh

$ echo "show table st_src_global" | socat stdio UNIX-CONNECT:/var/run/hapee-1.8/hapee-lb.sock
# table: st_src_global, type: ip, size:1048576, used:1
0x18f907c: key=127.0.0.1 use=0 exp=3583771 http_req_rate(86400000)=3

$ echo "show table st_src_api" | socat stdio UNIX-CONNECT:/var/run/hapee-1.8/hapee-lb.sock
# table: st_src_api, type: ip, size:1048576, used:1
0x18f919c: key=127.0.0.1 use=0 exp=3572396 http_req_rate(86400000)=2

$ echo "show table st_src_login" | socat stdio UNIX-CONNECT:/var/run/hapee-1.8/hapee-lb.sock
# table: st_src_login, type: ip, size:1048576, used:1
0x18f989c: key=127.0.0.1 use=0 exp=3563780 http_req_rate(86400000)=1

blog20180921-05.cfg

stick-table type ip size 1m expire 10s store http_req_rate(10s)
tcp-request inspect-delay 10s
tcp-request content track-sc0 src
http-request deny if { sc_http_req_rate(0) gt 10 }

blog20180921-06.cfg

stick-table type ip size 1m expire 10s store conn_cur
tcp-request content track-sc0 src
tcp-request content reject if { sc_conn_cur(0) gt 10 }

blog20180921-07.cfg

stick-table type string len 128 size 2k expire 1d store http_err_rate(1d)
tcp-request content track-sc0 path

blog20180921-08.sh

# table: fe_main, type: string, size:2048, used:2
0xbc929c: key=/ use=0 exp=86387441 http_err_rate(86400000)=0
0xbc99ac: key=/foobar use=0 exp=86390564 http_err_rate(86400000)=1

blog20180921-09.cfg

stick-table type string len 32 size 100k expire 30m
stick on req.cook(sessionid)

blog20180921-10.cfg

backend mysql
    mode tcp
    stick-table type integer size 1 expire 1d
    stick on int(1)
    server primary 192.168.122.60:3306 check on-marked-down shutdown-sessions
    server backup 192.168.122.61:3306 check backup on-marked-down shutdown-sessions

blog20180921-11.cfg

backend st_ssl_stats
    stick-table type string len 32 size 200 expire 24d store http_req_rate(24d)

frontend fe_main
    tcp-request inspect-delay 10s
    tcp-request content track-sc0 ssl_fc_protocol table st_ssl_stats

blog20180921-12.sh

$ echo "show table st_ssl_stats" | socat stdio UNIX-CONNECT:/var/run/hapee-1.8/hapee-lb.sock
# table: st_ssl_stats, type: string, size:200, used:2
0xe4c62c: key=TLSv1 use=0 exp=2073596788 http_req_rate(2073600000)=1
0xe5a18c: key=TLSv1.2 use=0 exp=2073586582 http_req_rate(2073600000)=2

blog20180921-13.cfg

backend st_ssl_stats
    stick-table type ip size 200 expire 1h store http_req_rate(1d)

frontend fe_main
    tcp-request inspect-delay 10s
    tcp-request content track-sc0 src table st_ssl_stats if { ssl_fc_protocol TLSv1.1 }

blog20180921-14.cfg

http-request deny if { sc_http_req_rate(0) gt 100 }

blog20180921-15.cfg

http-request deny if { src,table_http_req_rate(st_src_global) gt 100 }

blog20180921-16.cfg

tcp-request inspect-delay 10s

blog20180921-17.cfg

listen fe_main
    bind *:443 ssl crt /path/to/cert.pem
    bind *:80
    server local unix:/var/run/hapee-1.8/ssl_handoff.sock send-proxy-v2

frontend fe_secondary
    bind unix:/var/run/hapee-1.8/ssl_handoff.sock accept-proxy process 1
    # Stick tables, use backend, default backend, etc goes here.

blog20180921-18.cfg

peers mypeers
    peer centos7vert 192.168.122.64:10000
    peer shorepoint 192.168.122.1:10000

blog20180921-19.cfg

stick-table type string len 32 size 100k expire 30m peers mypeers

Hi Charles.

OK, so I am going to give you what I think is a correct interpretation.

"sticky counters" are what let you track a client across requests. They, for lack of a better word, stick to the client in that whenever that client returns, HAProxy knows because it has stored a key, such as their IP address, in the stick table. The sticky counter, I think, is a slot into which the key and all counters are stored.

A "general purpose counter" is a custom counter. It is just a number you can increment based on an ACL. Use it for your own custom logic. It is stored among the other counters in the "slot".

These things are only relevant to stick tables.

"sc-inc-gpc0(2)" is equivalent to "sc2-inc-gpc0", but the latter is deprecated.

Hi, I'm trying to implement the:

backend mysql
mode tcp
stick-table type integer size 1 expire 1d
stick on int(1)
server primary 192.168.122.60:3306 check on-marked-down shutdown-sessions
server backup 192.168.122.61:3306 check backup on-marked-down shutdown-sessions

example above and am getting this error in /var/log/messages:

Mar 29 04:34:18 nyitsdes201 systemd: Started HAProxy Load Balancer.
Mar 29 04:34:18 nyitsdes201 systemd: Starting HAProxy Load Balancer...
Mar 29 04:34:18 nyitsdes201 haproxy-systemd-wrapper: [ALERT] 087/043418 (32002) : parsing [/etc/haproxy/haproxy.cfg:87] : 'stick': unknown fetch method 'int'
Mar 29 04:34:18 nyitsdes201 haproxy-systemd-wrapper: [ALERT] 087/043418 (32002) : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg

Is this because my haproxy version (1.5.18) is too old and doesn't support this feature?

@jbrkeith Yes, it looks like the int method was added in version 1.6.