yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1713424] [NEW] [RFE] Support proxy protocol enablement in Neutron LBaaS API

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Michael Steffens <michael_steffens@xxxxxxxxx>
Date: Mon, 28 Aug 2017 08:05:43 -0000
Reply-to: Bug 1713424 <1713424@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

Problem: servers behind a TCP load balancer, as provisioned using the
Neutron LBaaS API, can't determine the source IP of a TCP connection.
Instead they will always see the load balancer IP as origin of requests.
This makes troubleshooting client connection issues using logs gathered
behind a LB very hard and often impossible.

Solution: the PROXY protocol has been introduced to forward the missing
information across a load balancer:

    http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

A number of backend services can make use of it, such as Nginx

    https://www.nginx.com/resources/admin-guide/proxy-protocol/

but also Apache, Squid, Undertow. Proxy protocol is also supported by
Amazon ELB since 2013.

As HAproxy, the implementation behind the Neutron LBaaS API, does
already offer native support, this RFE is about its enablement using the
LBaaS API and corresponding Heat resources.

** Affects: neutron
     Importance: Undecided
         Status: New


** Tags: lbaas rfe

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1713424

Title:
  [RFE] Support proxy protocol enablement in Neutron LBaaS API

Status in neutron:
  New

Bug description:
  Problem: servers behind a TCP load balancer, as provisioned using the
  Neutron LBaaS API, can't determine the source IP of a TCP connection.
  Instead they will always see the load balancer IP as origin of
  requests. This makes troubleshooting client connection issues using
  logs gathered behind a LB very hard and often impossible.

  Solution: the PROXY protocol has been introduced to forward the
  missing information across a load balancer:

      http://www.haproxy.org/download/1.8/doc/proxy-protocol.txt

  A number of backend services can make use of it, such as Nginx

      https://www.nginx.com/resources/admin-guide/proxy-protocol/

  but also Apache, Squid, Undertow. Proxy protocol is also supported by
  Amazon ELB since 2013.

  As HAproxy, the implementation behind the Neutron LBaaS API, does
  already offer native support, this RFE is about its enablement using
  the LBaaS API and corresponding Heat resources.

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1713424/+subscriptions

Follow ups

[Bug 1713424] Re: [RFE] Support proxy protocol enablement in Neutron LBaaS API
From: Michael Johnson, 2017-09-12