Hi all,
I have a working loadbalancing config with balance source and hash-type-consistent for my FTP but isn’t sufficient.
It seems that I’m still getting to much connections from one IP address on one of my FTP servers.
If I can send all of the traffic from one customer with one IP address to one FTP server I should have fixed the issue.
How can I send all traffic to FTP server A and traffic coming from a certain external IP address to server B?
Regards,
John
Use ACL’s and use_backend or use-server directives:
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-use_backend
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-use-server
Hi Lukastribus,
Thank you for the useful information!
ACL is probably what I was looking for although I can’t find any examples for forwarding by source ip.
What I have now is:
listen ftp-pool
bind *:21 transparent
bind *:50000-50049 transparent
mode tcp
maxconn 2000
option tcplog
option tcp-check
balance source
hash-type consistent
server ftp01 192.168.1.1 check port 21
server ftp02 192.168.1.2 check port 21
and when using a backend I should do the below if I’m not mistaken:
frontend ftp-pool
bind *:21 transparent
bind *:50000-50049 transparent
mode tcp
maxconn 2000
option tcplog
option tcp-check
default_backend ftp-pool-backend
backend ftp-pool-backend
balance source
hash-type consistent
server ftp01 192.168.1.1 check port 21
backend ftp-pool-backend-static
balance source
hash-type consistent
server ftp02 192.168.1.2 check port 21
The only part I’m still trying to figure out is the ACL whichis confusing even with the documentation that you provided via link.
What I have is:
acl forwarding_acl -ip eq 190.190.10.10
use_backend backend ftp-pool-backend-static if forwarding_acl
This doesn’t seem to work. Is the ACL part wrong or is the backend part wrong?
acl forwarding_acl src 190.190.10.10
use_backend ftp-pool-backend-static if forwarding_aclThat does seem more logical thanks!
I added the acl to the frontend, but now it fails to start the haproxy service with code=exited, status=1/FAILURE.
Commenting the ACL rules out makes it run again.
These acl rules must be added in the frontend part right?
Current config:
frontend ftp-pool
bind *:21 transparent
bind *:50000-50049 transparent
mode tcp
maxconn 2000
option tcplog
option tcp-check
# acl forwarding_acl src 190.190.10.10
# use_backend backend ftp-pool-backend-static if forwarding_acl
default_backend ftp-pool-backend
backend ftp-pool-backend
balance source
hash-type consistent
server ftp01 192.168.1.1 check port 21
backend ftp-pool-backend-static
balance source
hash-type consistent
server ftp02 192.168.1.2 check port 21Alright I found the problem.
use_backend backend ftp-pool-backend-static if forwarding_acl
Removed the extra backend and now it runs.
This config doesn’t send the connections to the servers now even though I got the HAPROXY service running.
Without the backend it works, but with the backend it doesn’t send anything to ftp01 or ftp02 server.
Have I made a mistake in the config?
Got it working.
It seems that the backend part also needs the “mode” part to work.
Added the mode tcp to both backends and it’s now routing correctly.
Thanks for the help lukastribus!