Balance based on SNI

MasterSlave · January 12, 2018, 9:53pm

Hello all,

I want to to load-balancing with SSL passthrough (mode tcp).

I have multiple backend servers and the load balancing algorithm should choose the server by hashing the provided SSL SNI Hostname.
It is important that requests are always routed to the same backend server and that the server is chosen by examining the SNI Hostname field.

I am looking for something like

backend test1
  mode tcp
  ...
  balance req_ssl_sni # <-- balance by SNI Hostname, but req_ssl_sni is not allowed here
  ...
  server ....
  server ....

Or can I to this in the frontend ?

frontend test1
  mode tcp
  ...
  use_backend server1 if(hash(req_ssl_sni) modulo 2) == 0
  use_backend server2 if(hash(req_ssl_sni) modulo 2) == 0
  ...

(How) can I do this ?

Best regards
MasterSlave

lukastribus · January 13, 2018, 9:49am

No, that’s not supported.

I can certainly see how this would be useful, but we currently only support balancing on http header (and source IP, etc).

Maybe you can do something with LUA.
People already used LUA to select the backend when using HTTP:
https://dx13.co.uk/articles/2016/5/27/selecting-a-haproxy-backend-using-lua.html

And you do have access to TCP options within LUA:
https://www.arpalert.org/src/haproxy-lua-api/1.8dev/index.html#applettcp-class

But I’m unsure whether this can be combined and used to satisfy your use-case.

Topic		Replies	Views
Custom load balancing Help!	2	1824	February 21, 2020
New guy ... drowning Help!	1	953	March 21, 2016
Configure HAProxy for round robin load balancing Help!	1	5478	July 25, 2016
SSL Load balancing with session affinity Help!	3	8193	May 13, 2016
Reload closes partially connected proxies Help!	1	407	December 8, 2020

Balance based on SNI

Related Topics