git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Willy Tarreau <w@1wt.eu>
	Fri, 8 Oct 2021 15:53:12 +0000 (17:53 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Fri, 8 Oct 2021 15:53:12 +0000 (17:53 +0200)
commit	db2ab8218cab1872b8be2874f5a68c6ab1d5dcb1
tree	fabb2e1c5075b608475989273cdcd69b619322ba	tree
parent	e3f4d7496d1ed3a6f1da12230054b634aecafc90	commit \| diff

MEDIUM: stick-table: never learn the "conn_cur" value from peers

There have been a large number of issues reported with conn_cur
synchronization because the concept is wrong. In an active-passive
setup, pushing the local connections count from the active node to
the passive one will result in the passive node to have a higher
counter than the real number of connections. Due to this, after a
switchover, it will never be able to close enough connections to
go down to zero. The same commonly happens on reloads since the new
process preloads its values from the old process, and if no connection
happens for a key after the value is learned, it is impossible to reset
the previous ones. In active-active setups it's a bit different, as the
number of connections reflects the number on the peer that pushed last.

This patch solves this by marking the "conn_cur" local and preventing
it from being learned from peers. It is still pushed, however, so that
any monitoring system that collects values from the peers will still
see it.

The patch is tiny and trivially backportable. While a change of behavior
in stable branches is never welcome, it remains possible to fix issues
if reports become frequent.

doc/configuration.txt		diff \| blob \| blame \| history
include/haproxy/stick_table-t.h		diff \| blob \| blame \| history
src/peers.c		diff \| blob \| blame \| history
src/stick_table.c		diff \| blob \| blame \| history