Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAproxy GUI issue IPv6 stick tables

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 506 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MichelH
      last edited by

      HAproxy GUI issue IPv6 stick tables

      OS = pfSense 2.5.2 Release
      Package = haproxy-devel v0.62_4 (haproxy-2.2.14)

      Hello All,

      I am using pfsense with HAproxy for a couple of years now, but I am running into an issue with IPv6. Maybe someone can help me or confirm it is an issue.

      I am trying to setup a IPv6 Backend with Round robin loadbalancing and setup a stick table based on the IPv6 source address. All works accept for the sticky part :)

      In the interface I set 'Stick tables' to 'Stick on SourceIP IPv6'. For IPv4 I used the IPv4 one and that works like a charm. However for IPv6 the stick table does not work and stays empty.

      When I look in the generated haproxy.cfg it shows:
      stick-table type ip size 500k expire 30m

      If I check the haproxy docs it should be:
      stick-table type ipv6 size 500k expire 30m

      Selecting Stick on SSL-Session-ID also works, but is not sticky enough.

      haprocy docs:
      https://cbonte.github.io/haproxy-dconv/2.3/configuration.html#4.2-stick-table%20type

      ip a table declared with "type ip" will only store IPv4 addresses.
      This form is very compact (about 50 bytes per entry) and allows
      very fast entry lookup and stores with almost no overhead. This
      is mainly used to store client source IP addresses.

      ipv6 a table declared with "type ipv6" will only store IPv6 addresses.
      This form is very compact (about 60 bytes per entry) and allows
      very fast entry lookup and stores with almost no overhead. This
      is mainly used to store client source IP addresses.

      Part of the generated haproxy.cfg:

      frontend WAN-Websites-IPv6-443-147
      bind XXXXXXXXXX::147:443 name XXXXXXXXXX::147:443
      mode tcp
      log global
      maxconn 50000
      timeout client 90000
      default_backend LAN-Websites-IPv6-443-147_ipv6

      backend LAN-Websites-IPv6-443-147_ipv6
      mode tcp
      id 20113
      log global
      stick-table type ip size 500k expire 30m
      stick on src
      balance roundrobin
      timeout connect 30000
      timeout server 30000
      retries 3
      source ipv6@ usesrc clientip
      tcp-request content accept if { req.ssl_hello_type 1 }
      server WS1-IPv6-443-147 fd00::1:147:443 id 20101 check inter 1000 weight 30 maxconn 50000
      server WS2-IPv6-443-147 fd00::2:147:443 id 20102 check inter 1000 weight 25 maxconn 50000
      server WS3-IPv6-443-147 fd00::3:147:443 id 20153 check inter 1000 weight 45 maxconn 50000

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.