HAProxy Traffic Mirroring for Real-world Testing

blog20190723-01.sh

$ sudo apt update
$ sudo apt install -y autoconf automake build-essential git libcurl4-openssl-dev libev-dev libpthread-stubs0-dev pkg-config
$ git clone https://github.com/haproxytech/spoa-mirror
$ cd spoa-mirror
$ ./scripts/bootstrap
$ ./configure
$ make all
$ sudo cp ./src/spoa-mirror /usr/local/bin/

blog20190723-02.sh

./configure --enable-debug

blog20190723-03.sh

$ spoa-mirror --runtime 0 --mirror-url http://test.local --logfile /var/log/haproxy-mirror.log

blog20190723-04.cfg

program mirror
    command spoa-mirror --runtime 0 --mirror-url http://test.local

blog20190723-05.sh

$ sudo systemctl status haproxy

haproxy.service - HAProxy Load Balancer
 Main PID: 1177 (haproxy)
    Tasks: 14 (limit: 1152)
   CGroup: /system.slice/haproxy.service
           ├─1177 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -S /run/haproxy-master.sock -sf 1209
           ├─2081 spoa-mirror --runtime 0 --mirror-url http://localhost:81 --address 127.0.0.1
           └─2082 /usr/sbin/haproxy -Ws -f /etc/haproxy/haproxy.cfg -p /run/haproxy.pid -S /run/haproxy-master.sock -sf 1209

blog20190723-06.cfg

# Production frontend
frontend fe_main
    mode http
    bind :80
    option http-buffer-request
    filter spoe  engine mirror  config /etc/haproxy/mirror.conf
    default_backend servers

blog20190723-07.cfg

# Production servers
backend be_servers
    mode http
    server s1 prodserver:80

# Mirror agents
backend mirroragents
    mode tcp
    balance roundrobin
    timeout connect 5s
    timeout server 5s
    server agent1 localhost:12345

blog20190723-08.conf

[mirror]
spoe-agent mirror
    log global
    messages mirror
    use-backend mirroragents
    timeout hello 500ms
    timeout idle 5s
    timeout processing 5s

spoe-message mirror
    args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
    event on-frontend-http-request

blog20190723-09.txt

SPOE: [mirror] <EVENT:on-frontend-http-request> sid=0 st=0 0/1/0/0/1 1/1 0/0 0/1

blog20190723-10.conf

spoe-message mirror-msg
    args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
    event on-frontend-http-request if { path_beg /search }

blog20190723-11.conf

spoe-message mirror-msg
    args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
    acl is_search path_beg /search
    event on-frontend-http-request if is_search

blog20190723-12.conf

spoe-message mirror-msg
    args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
    acl is_search path_beg /search
    event on-frontend-http-request if { rand(100) le 10 }

blog20190723-13.conf

spoe-message mirror-msg
    args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
    acl mirroring_on str(mirroring),map(/etc/haproxy/mirroring.map) -m str on
    event on-frontend-http-request if mirroring_on

blog20190723-14.sh

# Change mirroring to off
$ echo "set map /etc/haproxy/mirroring.map mirroring off" | nc 127.0.0.1 9999

# Show current value
$ echo "show map /etc/haproxy/mirroring.map mirroring" | nc 127.0.0.1 9999

blog20190723-15.sh

# Show existing filters
curl -X GET --user admin:mypassword "http://localhost:5555/v1/services/haproxy/configuration/filters?parent_name=fe_main&parent_type=frontend"

# Add a filter line
curl -X POST --user admin:mypassword "http://localhost:5555/v1/services/haproxy/configuration/filters?parent_name=fe_main&parent_type=frontend&version=1" -H "Content-Type: application/json" -d '{"id": 0, "spoe_config":"/etc/haproxy/spoa.conf", "spoe_engine":"mirror", "type": "spoe"}'
{"id":0,"spoe_config":"/etc/haproxy/spoa.conf","spoe_engine":"mirror","type":"spoe"}

# Remove a filter line
curl -X DELETE --user admin:mypassword "http://localhost:5555/v1/services/haproxy/configuration/filters/0?parent_name=fe_main&parent_type=frontend&version=2" -H "Content-Type: application/json"