Upgrading from v3 to v5 - XFF and client.identity

Mark Hanford mark at hanfordonline.co.uk
Wed Mar 29 00:01:08 CEST 2017


(Resending because I forgot to reply to the list earlier...)

But what's wrong with using the client IP? These solutions using cookies
are a little dirty, regardless of the blog title.

This bit for example, is completely unworkable:

if (req.http.server == "s1") {
        set req.backend_hint = s1;
    } else if (req.http.server == "s2") {
        set req.backend_hint = s2;
    } else {
        if (std.rand(0, 100) < 50) {
            req.backend_hint = s1;
        } else {
            req.backend_hint = s2;
        }
    }

Because we have at least 15 backends configured in 5 different Director
pools, I'd end up having to build an enormous set of conditionals to work
out which backend to use.

Why is _this_ the preferred solution over determining the client IP and
selecting a backend based on that?

thanks,

Mark


On 28 Mar 2017 2:11 pm, "Andrei" <lagged at gmail.com> wrote:

> Oh yeah, Guillaume also has a great post on it @ https://info.varnish-
> software.com/blog/sticky-session-with-cookies :D
>
> On Tue, Mar 28, 2017 at 6:28 AM, Andrei <lagged at gmail.com> wrote:
>
>> Hi Mark,
>>
>> I suggest going over the following blog post for the changes you're
>> looking for. Good luck moving forward :D
>>
>> https://info.varnish-software.com/blog/proper-sticky-session
>> -load-balancing-varnish
>>
>>
>> On Tue, Mar 28, 2017 at 4:52 AM, Mark Hanford <mark at hanfordonline.co.uk>
>> wrote:
>>
>>> Hi folks. I'm in the process of trying to upgrade our current v3 config
>>> to v4+ for upgrading to Varnish 5.
>>>
>>> In my old v3 config, I use the XFF header to change the client.identity
>>> if it is present.
>>>
>>>     # For session-persistence, set a client identity.
>>>     # We're using the client's IP for this to ensure server-persistence.
>>>     if (req.http.X-Forwarded-For) {
>>>         set client.identity = req.http.X-Forwarded-For;
>>>     } else {
>>>         set client.identity = client.ip;
>>>     }
>>>
>>> It is important that a request from one remote client goes to the same
>>> backend every time, when possible. Do I still need to deal with this, or
>>> will this be handled transparently in some way?
>>>
>>> I suspect I'll have more questions as I go along, so I apologise in
>>> advance for the spam :)
>>>
>>> thanks,
>>>
>>> Mark
>>>
>>> _______________________________________________
>>> varnish-misc mailing list
>>> varnish-misc at varnish-cache.org
>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20170328/62659625/attachment-0001.html>


More information about the varnish-misc mailing list