8

We're using HAProxy to load balance our websocket and comet application. There is one HAProxy and 3 applications running in the back. We use HTTP Basic Auth (and we will use other types of auth in the future, like OAuth) to identify the connected user.

We can't use regular round robin, because it is important that connections for a given user end up on the same server. It doesn't matter where, but it's important that they use the same server.

I know HAProxy as a smart cookie based approach, but unfortunately, in our case, sometimes, the same user will be connected from different machines, so the cookie would not work).

Is it possible to use a hash of the HTTP Authorization header to do the load balancing? Also, and this is more complex, is it possible to define our own hashing method?

Follow up question [after Willy's response] :

Since it's possible to do balance hdr(Authorization), would it be possible to do it only on the login field (after parsing)?

Also, what is the exact algorithm? I believe it's in the form of hash(Authorization) % number_of_backend_server, but then, what is the hash function, and more importantly, is it tweakable? (or can I add an offset).

I'm asking because this app is actually a keeping an XMPP Component connection open and that I need to load balance the XMPP components with the same algorithm. The to jid in the XMPP stanzas is determined by the HTTP Header Authorization.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
Julien Genestoux
  • 609
  • 8
  • 19

1 Answers1

10

Yes you can very well hash any header of your choice. Just use "balance hdr(header_name)". I must say I had never thought about doing it that way. In some environments, it can indeed be quite useful. You can also hash on a URL parameter or a POST parameter if that can help.

You can't define your hashing method however. You can select if the hash is map-based or consistent but that's all.

Willy Tarreau
  • 3,896
  • 1
  • 20
  • 12
  • +1 ... but how'd you end up with so many different accounts here, Willy? :) – danlefree Nov 26 '10 at 03:00
  • 1
    Amazed the you're the one replying Willy! Follow up question : do I have to use the full 'Authorization' header? It would be great that HAProxy does the [login,password] resolution. Also, what is the exact algorithm? I believe it's in the form of hash(Authorization) % number_of_backend_server, but then, what is the hash function, and more importantly, is it tweakable? (or can I add an offset). I'm asking because this app is actually a keeping an XMPP Component connection open and that I need to load balance the XMPP components with the same algorithm. – Julien Genestoux Nov 26 '10 at 05:46
  • @WillyTarreau Can Haproxy send specific connections to a set of machines and the other ones to another? For example, if a request has a header, send the request to a slow machine and the remain requests to the fast machine. – Wiliam Mar 23 '14 at 15:12
  • I think I found the solution to my previous question here: http://serverfault.com/questions/307647/can-haproxy-load-balance-by-referrer-url-filtering-a-slashdot-scenario – Wiliam Mar 23 '14 at 15:14