Mailing List Archive

Upgrading from v3 to v5 - XFF and client.identity
Hi folks. I'm in the process of trying to upgrade our current v3 config to
v4+ for upgrading to Varnish 5.

In my old v3 config, I use the XFF header to change the client.identity if
it is present.

# For session-persistence, set a client identity.
# We're using the client's IP for this to ensure server-persistence.
if (req.http.X-Forwarded-For) {
set client.identity = req.http.X-Forwarded-For;
} else {
set client.identity = client.ip;
}

It is important that a request from one remote client goes to the same
backend every time, when possible. Do I still need to deal with this, or
will this be handled transparently in some way?

I suspect I'll have more questions as I go along, so I apologise in advance
for the spam :)

thanks,

Mark
Re: Upgrading from v3 to v5 - XFF and client.identity [ In reply to ]
Hi Mark,

I suggest going over the following blog post for the changes you're looking
for. Good luck moving forward :D

https://info.varnish-software.com/blog/proper-sticky-session-load-balancing-varnish


On Tue, Mar 28, 2017 at 4:52 AM, Mark Hanford <mark@hanfordonline.co.uk>
wrote:

> Hi folks. I'm in the process of trying to upgrade our current v3 config to
> v4+ for upgrading to Varnish 5.
>
> In my old v3 config, I use the XFF header to change the client.identity if
> it is present.
>
> # For session-persistence, set a client identity.
> # We're using the client's IP for this to ensure server-persistence.
> if (req.http.X-Forwarded-For) {
> set client.identity = req.http.X-Forwarded-For;
> } else {
> set client.identity = client.ip;
> }
>
> It is important that a request from one remote client goes to the same
> backend every time, when possible. Do I still need to deal with this, or
> will this be handled transparently in some way?
>
> I suspect I'll have more questions as I go along, so I apologise in
> advance for the spam :)
>
> thanks,
>
> Mark
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
Re: Upgrading from v3 to v5 - XFF and client.identity [ In reply to ]
Oh yeah, Guillaume also has a great post on it @
https://info.varnish-software.com/blog/sticky-session-with-cookies :D

On Tue, Mar 28, 2017 at 6:28 AM, Andrei <lagged@gmail.com> wrote:

> Hi Mark,
>
> I suggest going over the following blog post for the changes you're
> looking for. Good luck moving forward :D
>
> https://info.varnish-software.com/blog/proper-sticky-
> session-load-balancing-varnish
>
>
> On Tue, Mar 28, 2017 at 4:52 AM, Mark Hanford <mark@hanfordonline.co.uk>
> wrote:
>
>> Hi folks. I'm in the process of trying to upgrade our current v3 config
>> to v4+ for upgrading to Varnish 5.
>>
>> In my old v3 config, I use the XFF header to change the client.identity
>> if it is present.
>>
>> # For session-persistence, set a client identity.
>> # We're using the client's IP for this to ensure server-persistence.
>> if (req.http.X-Forwarded-For) {
>> set client.identity = req.http.X-Forwarded-For;
>> } else {
>> set client.identity = client.ip;
>> }
>>
>> It is important that a request from one remote client goes to the same
>> backend every time, when possible. Do I still need to deal with this, or
>> will this be handled transparently in some way?
>>
>> I suspect I'll have more questions as I go along, so I apologise in
>> advance for the spam :)
>>
>> thanks,
>>
>> Mark
>>
>> _______________________________________________
>> varnish-misc mailing list
>> varnish-misc@varnish-cache.org
>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>
>
>
Re: Upgrading from v3 to v5 - XFF and client.identity [ In reply to ]
Thanks Andrei!

Mark, one simple solution would be to simply use the hash director, and
give it the client.ip as string. This way, the same ip will always go to
the same backend.

--
Guillaume Quintard

On Tue, Mar 28, 2017 at 3:11 PM, Andrei <lagged@gmail.com> wrote:

> Oh yeah, Guillaume also has a great post on it @ https://info.varnish-
> software.com/blog/sticky-session-with-cookies :D
>
> On Tue, Mar 28, 2017 at 6:28 AM, Andrei <lagged@gmail.com> wrote:
>
>> Hi Mark,
>>
>> I suggest going over the following blog post for the changes you're
>> looking for. Good luck moving forward :D
>>
>> https://info.varnish-software.com/blog/proper-sticky-session
>> -load-balancing-varnish
>>
>>
>> On Tue, Mar 28, 2017 at 4:52 AM, Mark Hanford <mark@hanfordonline.co.uk>
>> wrote:
>>
>>> Hi folks. I'm in the process of trying to upgrade our current v3 config
>>> to v4+ for upgrading to Varnish 5.
>>>
>>> In my old v3 config, I use the XFF header to change the client.identity
>>> if it is present.
>>>
>>> # For session-persistence, set a client identity.
>>> # We're using the client's IP for this to ensure server-persistence.
>>> if (req.http.X-Forwarded-For) {
>>> set client.identity = req.http.X-Forwarded-For;
>>> } else {
>>> set client.identity = client.ip;
>>> }
>>>
>>> It is important that a request from one remote client goes to the same
>>> backend every time, when possible. Do I still need to deal with this, or
>>> will this be handled transparently in some way?
>>>
>>> I suspect I'll have more questions as I go along, so I apologise in
>>> advance for the spam :)
>>>
>>> thanks,
>>>
>>> Mark
>>>
>>> _______________________________________________
>>> varnish-misc mailing list
>>> varnish-misc@varnish-cache.org
>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>
>>
>>
>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>
Re: Upgrading from v3 to v5 - XFF and client.identity [ In reply to ]
(Resending because I forgot to reply to the list earlier...)

But what's wrong with using the client IP? These solutions using cookies
are a little dirty, regardless of the blog title.

This bit for example, is completely unworkable:

if (req.http.server == "s1") {
set req.backend_hint = s1;
} else if (req.http.server == "s2") {
set req.backend_hint = s2;
} else {
if (std.rand(0, 100) < 50) {
req.backend_hint = s1;
} else {
req.backend_hint = s2;
}
}

Because we have at least 15 backends configured in 5 different Director
pools, I'd end up having to build an enormous set of conditionals to work
out which backend to use.

Why is _this_ the preferred solution over determining the client IP and
selecting a backend based on that?

thanks,

Mark


On 28 Mar 2017 2:11 pm, "Andrei" <lagged@gmail.com> wrote:

> Oh yeah, Guillaume also has a great post on it @ https://info.varnish-
> software.com/blog/sticky-session-with-cookies :D
>
> On Tue, Mar 28, 2017 at 6:28 AM, Andrei <lagged@gmail.com> wrote:
>
>> Hi Mark,
>>
>> I suggest going over the following blog post for the changes you're
>> looking for. Good luck moving forward :D
>>
>> https://info.varnish-software.com/blog/proper-sticky-session
>> -load-balancing-varnish
>>
>>
>> On Tue, Mar 28, 2017 at 4:52 AM, Mark Hanford <mark@hanfordonline.co.uk>
>> wrote:
>>
>>> Hi folks. I'm in the process of trying to upgrade our current v3 config
>>> to v4+ for upgrading to Varnish 5.
>>>
>>> In my old v3 config, I use the XFF header to change the client.identity
>>> if it is present.
>>>
>>> # For session-persistence, set a client identity.
>>> # We're using the client's IP for this to ensure server-persistence.
>>> if (req.http.X-Forwarded-For) {
>>> set client.identity = req.http.X-Forwarded-For;
>>> } else {
>>> set client.identity = client.ip;
>>> }
>>>
>>> It is important that a request from one remote client goes to the same
>>> backend every time, when possible. Do I still need to deal with this, or
>>> will this be handled transparently in some way?
>>>
>>> I suspect I'll have more questions as I go along, so I apologise in
>>> advance for the spam :)
>>>
>>> thanks,
>>>
>>> Mark
>>>
>>> _______________________________________________
>>> varnish-misc mailing list
>>> varnish-misc@varnish-cache.org
>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>
>>
>>
>
Re: Upgrading from v3 to v5 - XFF and client.identity [ In reply to ]
Mark, to avoid conditionnal, you can avoid vmod-stendahl:
https://github.com/gquintard/libvmod-stendhal, the std.rand() part can just
use the random director.

But, as I said, for this one, I'd go with the hash director and just use
the client.ip, since you don't care about the actual session.

--
Guillaume Quintard

On Wed, Mar 29, 2017 at 12:01 AM, Mark Hanford <mark@hanfordonline.co.uk>
wrote:

> (Resending because I forgot to reply to the list earlier...)
>
> But what's wrong with using the client IP? These solutions using cookies
> are a little dirty, regardless of the blog title.
>
> This bit for example, is completely unworkable:
>
> if (req.http.server == "s1") {
> set req.backend_hint = s1;
> } else if (req.http.server == "s2") {
> set req.backend_hint = s2;
> } else {
> if (std.rand(0, 100) < 50) {
> req.backend_hint = s1;
> } else {
> req.backend_hint = s2;
> }
> }
>
> Because we have at least 15 backends configured in 5 different Director
> pools, I'd end up having to build an enormous set of conditionals to work
> out which backend to use.
>
> Why is _this_ the preferred solution over determining the client IP and
> selecting a backend based on that?
>
> thanks,
>
> Mark
>
>
> On 28 Mar 2017 2:11 pm, "Andrei" <lagged@gmail.com> wrote:
>
>> Oh yeah, Guillaume also has a great post on it @
>> https://info.varnish-software.com/blog/sticky-session-with-cookies :D
>>
>> On Tue, Mar 28, 2017 at 6:28 AM, Andrei <lagged@gmail.com> wrote:
>>
>>> Hi Mark,
>>>
>>> I suggest going over the following blog post for the changes you're
>>> looking for. Good luck moving forward :D
>>>
>>> https://info.varnish-software.com/blog/proper-sticky-session
>>> -load-balancing-varnish
>>>
>>>
>>> On Tue, Mar 28, 2017 at 4:52 AM, Mark Hanford <mark@hanfordonline.co.uk>
>>> wrote:
>>>
>>>> Hi folks. I'm in the process of trying to upgrade our current v3 config
>>>> to v4+ for upgrading to Varnish 5.
>>>>
>>>> In my old v3 config, I use the XFF header to change the client.identity
>>>> if it is present.
>>>>
>>>> # For session-persistence, set a client identity.
>>>> # We're using the client's IP for this to ensure server-persistence.
>>>> if (req.http.X-Forwarded-For) {
>>>> set client.identity = req.http.X-Forwarded-For;
>>>> } else {
>>>> set client.identity = client.ip;
>>>> }
>>>>
>>>> It is important that a request from one remote client goes to the same
>>>> backend every time, when possible. Do I still need to deal with this, or
>>>> will this be handled transparently in some way?
>>>>
>>>> I suspect I'll have more questions as I go along, so I apologise in
>>>> advance for the spam :)
>>>>
>>>> thanks,
>>>>
>>>> Mark
>>>>
>>>> _______________________________________________
>>>> varnish-misc mailing list
>>>> varnish-misc@varnish-cache.org
>>>> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>>>>
>>>
>>>
>>
> _______________________________________________
> varnish-misc mailing list
> varnish-misc@varnish-cache.org
> https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
>