dokucama

User Tools

Site Tools

Trace: juniper tcpdump do_clab zscaler netsim haproxy
network_stuff:haproxy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:haproxy [2017/11/22 12:18] jotasandokunetwork_stuff:haproxy [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 17: Line 17:
 From the cli, this command gives us a csv, dump in Calc. Check max connections and current connections. From the cli, this command gives us a csv, dump in Calc. Check max connections and current connections.
   echo "show info;show stat" | nc -U /var/lib/haproxy/stats  # Also | grep DOWN to see what is not working atm   echo "show info;show stat" | nc -U /var/lib/haproxy/stats  # Also | grep DOWN to see what is not working atm
 +  ssh -o  UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -n ha1.dc "echo "show stat" | nc -U /var/lib/haproxy/stats" > file1 ; csvtool readable file1 | view -
 +  ssh -o  UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -n ha1.dc "echo "show info" | nc -U /var/lib/haproxy/stats" 
  
 [[https://www.datadoghq.com/blog/how-to-collect-haproxy-metrics/|External Link]] [[https://www.datadoghq.com/blog/how-to-collect-haproxy-metrics/|External Link]]
Line 22: Line 24:
   nc -U /var/run/haproxy.sock   nc -U /var/run/haproxy.sock
 Also non-interactive commands for automated based operations. Also non-interactive commands for automated based operations.
 +\\
 +\\
 +From the stats page:
 +  * Session rate : number of new sessions per second. A session is a connection that was accepted by the layer 4 rules.
 +  * Connection: Note that a session can have one or more connections. "With the introduction of SSL, proxy protocol and layer4 ACLs, it was needed to cut the end-to-end sessions in smaller parts, hence the introduction of "connections""
  
  
 ---- ----
 +
 +__**PROTECT AGAINST DDOS:**__\\
 +  * [[https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/|haproxy-first-row-of-defense-against-ddos]]
 +  * Block by source IP based on different criteria. Stick tables. Some examples [[http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/st-ddos/|here]]: 
 +
 +----
 +
 **SPECIAL FEATURES**\\ **SPECIAL FEATURES**\\
 Enable slow start: Enable slow start:
Line 31: Line 45:
  
 ---- ----
- +  * Conceptual difference between a proxy and a 'reverse proxy': Proxy is a client proxy; reverse proxy is ~load balancer.  
-__**PROTECT AGAINST DDOS:**__\\ +    Proxy hides clients identity to the server. This is for client to server connections. 
-  * [[https://www.haproxy.com/blog/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/|haproxy-first-row-of-defense-against-ddos]] +    Proxy hides servers identity to the client. This is for client to server connections **as well**. 
 +TODO:\\ 
 +  * Block by source IP based on different criteria. Stick tables: 
 +  * Some examples here: http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
network_stuff/haproxy.1511353095.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki