We are moving to run HAPROXY v2.2.18 using opnSense firewall.
We currently run pfSense with HAPROXY 1.8.30 and as I understand there are (were?) issues with threads and especially stick tables.
We are using HAPROXY as load balancer in front of a proxy server and what I think I have been seeing under pfSense HAPROXY 1.8.30 is proxy users bouncing between proxy1 and proxy2 backend proxy servers and this has caused thread exhaustion on the backend proxy servers.
I have disabled multi threading on HAPROXY 1.8.30 and also changed the load balancer algorithm from “Round Robin” to “Source-IP Hash”.
I now see in the proxy server management portal that any given source IP address is only balanced to the same backend proxy1 or proxy2 but never the same source IP address across both backend servers.
Any comments on what I;m doing very welcomed.
That’s the first time I’m hearing about it. 1.8.30 does not have any known issues regarding stick tables, whether multi threading is used or not.
That doesn’t make sense:
You disable multi-threading to “fix” stick tables, but then you also change the load-balancer algorithm to something different so that stick tables are not necessary anymore.
Either the issue is caused by multithreading, then disabling multithreading fixes the issue. Or none of this has anything to do with multi threading at all (which is what I suspect), and stick tables never worked in the first place, which is why the only “fix” that works for your is changing the load-balancing algorithm to something that doesn’t require stick tables in the first place.
I suggest you share the complete configuration with multi threading, round robin and stick tables enabled, so we can take a look at it.
Thank for your answer.
Yu’re right, the multi threading / stick table issue is non existent now that I’ve removed stick tables from that backend and moved to the “Source IP Hash” load balancer algorithm.
My concern with multi threading is that pfSense with HAPROXY 1.8.30 still state:
pfSense:
“FOR NOW, THREADS SUPPORT IN HAPROXY 1.8 IS HIGHLY EXPERIMENTAL AND IT MUST BE ENABLED WITH CAUTION AND AT YOUR OWN RISK.”
So I guess my followup question is:
As I understand, there were issues with multi thread support in 1.8 originally - are these issues now solved and I can safely enable multi threading for the other various services we protect with HAPROXY?
This note was removed in haproxy 1.8.18 (see this commit), it therefor doesn’t apply to 1.8.30:
It was mentioned when releasing 1.8 but early bugs have long been
addressed and this comment discourages some users from using threads.
That said, 1.8 is near it’s end of support, it’s in “critical fixes only” state and you should upgrade to a current long term support release instead. Please see the version table at the top of haproxy.org
Thanks, yes, we are transitioning to OPNsense firewall which currently uses HAPROXY 2.2 so we will be upgrading.