I have rather typical setup:
1 frontend + 1 backend, tcp mode, in backend I’ve several ejabberd servers.
Ejabberd backends are stateless and when some of them go down, I’d like client not to know about it and to be redispatched to another ejabberd backend.
Unfortunately it seems that when backend goes down, it send FIN packet to haproxy. This is great, since it allows to remove connection from haproxy to unavailable backend. But then haproxy send FIN packet to client, what makes client to reconnect.
When we use netfilter on haproxy and block sending FIN packet to client, everything seems to be OK: client is unconscious of situation, and continues its session on another ejabberd backend - redispatched by haproxy. Since - as I wrote above - ejabberd cluster is stateless, from application point of view, nothing wrong happen.
Therefore: is there any way to block on haproxy that session termination between client and haproxy? That iptables-way doesn’t look like production approach for me, and we’re looking for more proper way.