• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAproxy GUI issue IPv6 stick tables

Scheduled Pinned Locked Moved Cache/Proxy
1 Posts 1 Posters 493 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    MichelH
    last edited by Nov 1, 2021, 4:12 PM

    HAproxy GUI issue IPv6 stick tables

    OS = pfSense 2.5.2 Release
    Package = haproxy-devel v0.62_4 (haproxy-2.2.14)

    Hello All,

    I am using pfsense with HAproxy for a couple of years now, but I am running into an issue with IPv6. Maybe someone can help me or confirm it is an issue.

    I am trying to setup a IPv6 Backend with Round robin loadbalancing and setup a stick table based on the IPv6 source address. All works accept for the sticky part :)

    In the interface I set 'Stick tables' to 'Stick on SourceIP IPv6'. For IPv4 I used the IPv4 one and that works like a charm. However for IPv6 the stick table does not work and stays empty.

    When I look in the generated haproxy.cfg it shows:
    stick-table type ip size 500k expire 30m

    If I check the haproxy docs it should be:
    stick-table type ipv6 size 500k expire 30m

    Selecting Stick on SSL-Session-ID also works, but is not sticky enough.

    haprocy docs:
    https://cbonte.github.io/haproxy-dconv/2.3/configuration.html#4.2-stick-table%20type

    ip a table declared with "type ip" will only store IPv4 addresses.
    This form is very compact (about 50 bytes per entry) and allows
    very fast entry lookup and stores with almost no overhead. This
    is mainly used to store client source IP addresses.

    ipv6 a table declared with "type ipv6" will only store IPv6 addresses.
    This form is very compact (about 60 bytes per entry) and allows
    very fast entry lookup and stores with almost no overhead. This
    is mainly used to store client source IP addresses.

    Part of the generated haproxy.cfg:

    frontend WAN-Websites-IPv6-443-147
    bind XXXXXXXXXX::147:443 name XXXXXXXXXX::147:443
    mode tcp
    log global
    maxconn 50000
    timeout client 90000
    default_backend LAN-Websites-IPv6-443-147_ipv6

    backend LAN-Websites-IPv6-443-147_ipv6
    mode tcp
    id 20113
    log global
    stick-table type ip size 500k expire 30m
    stick on src
    balance roundrobin
    timeout connect 30000
    timeout server 30000
    retries 3
    source ipv6@ usesrc clientip
    tcp-request content accept if { req.ssl_hello_type 1 }
    server WS1-IPv6-443-147 fd00::1:147:443 id 20101 check inter 1000 weight 30 maxconn 50000
    server WS2-IPv6-443-147 fd00::2:147:443 id 20102 check inter 1000 weight 25 maxconn 50000
    server WS3-IPv6-443-147 fd00::3:147:443 id 20153 check inter 1000 weight 45 maxconn 50000

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received