HAProxy Enterprise Documentation 2.2r1

NetAcuity

The NetAcuity module provides geolocation lookups using Digital Element's GeoIP databases.

Install the NetAcuity module

  1. Log into your account at the Digital Element website and download the NetAcuity database .tar.gz file. Extract the contents of the file and place them in a directory on your HAProxy Enterprise server (e.g. /etc/hapee-2.2/netacuity/).

  2. Install the NetAcuity module according to your platform:

    $ # On Debian/Ubuntu
$ sudo apt-get install hapee-2.2r1-lb-netacuity
    $ # On CentOS/RedHat/Oracle/Photon OS
$ sudo yum install hapee-2.2r1-lb-netacuity
    $ # On SUSE
$ sudo zypper install hapee-2.2r1-lb-netacuity
    $ # On FreeBSD
$ sudo pkg install hapee-2.2r1-lb-netacuity

  3. In the global section of HAProxy Enterprise configuration, add the following lines:

    global
   module-load hapee-lb-netacuity.so
   netacuity-load 04 /etc/hapee-2.2/netacuity
   netacuity-cache-size 2000000

  4. Reload the HAProxy Enterprise configuration to apply the changes.

Global directives

The module adds the following global directives:

Directive

Description

netacuity-load <feature_code> <directory>

Required. Specifies the local directory where you store NetAcuity files. The <feature_code> depends on the type of database. For example, if you name your NetAcuity files na_04_01.db, na_04_02.db, etc., then set it to 04.

netacuity-cache-size <number>

Specifies the size of the LRU cache used for lookups. The minimum size of 0 disables the cache. The maximum cache size is 10000000. Default: 0

netacuity-debug <level>

Enables logging for unsuccessful IP address lookups, as well as for attempts to read unavailable fields from records of successfully looked up IP addresses.

netacuity-test-ipv4 <filename> [rows]

If used, it allows loading IPv4 addresses from the input file. If you don't specify the number of rows, the module loads the entire file. Use this only when the module runs in debug mode; in normal use it has no significance.

Converters

netacuity-lookup-ipv4

Use the converter netacuity-lookup-ipv4 to perform a lookup in the IPv4 database that returns the values of the specified properties. It can return several properties by specifying each successively; In that case, the returned values are separated by commas.

The maximum number of properties in one lookup is eight. Valid property types are:

  • src-ip (Note: This property shows the IP address of the client in IPv6 format.)

  • pulse-area-codes

  • pulse-city

  • pulse-city-code

  • pulse-city-conf

  • pulse-conn-speed

  • pulse-conn-type

  • pulse-continent-code

  • pulse-country

  • pulse-country-code

  • pulse-country-conf

  • pulse-gmt-offset

  • pulse-in-dst

  • pulse-internal-code

  • pulse-latitude

  • pulse-longitude

  • pulse-metro-code

  • pulse-postal-code

  • pulse-postal-conf

  • pulse-region

  • pulse-region-code

  • pulse-region-conf

  • pulse-timezone-name

  • pulse-two-letter-country

Syntax

netacuity-lookup-ipv4(<prop>[,<prop>*])

Example: Set HTTP request headers that contain geolocation properties based on client's source IP address

frontend www
   bind :80
   mode http
   http-request add-header X-NetAcuity-IPv4-1 %[src,netacuity-lookup-ipv4("src-ip","pulse-area-codes","pulse-city","pulse-city-code","pulse-city-conf","pulse-conn-speed","pulse-conn-type","pulse-continent-code")]
   http-request add-header X-NetAcuity-IPv4-2 %[src,netacuity-lookup-ipv4("pulse-country","pulse-country-code","pulse-country-conf","pulse-gmt-offset","pulse-in-dst","pulse-internal-code","pulse-latitude","pulse-longitude")]
   http-request add-header X-NetAcuity-IPv4-3 %[src,netacuity-lookup-ipv4("pulse-metro-code","pulse-postal-code","pulse-postal-conf","pulse-region","pulse-region-code","pulse-region-conf","pulse-timezone-name","pulse-two-letter-country")]

netacuity-lookup-ipv6

Use the converter netacuity-lookup-ipv6 to perform a lookup in the IPv6 database that returns the values of the specified properties. It can return several properties by specifying each successively; In that case, the returned values are separated by commas.

The maximum number of properties in one lookup is eight. Valid property types are:

  • src-ip (Note: This property shows the IP address of the client in IPv6 format.)

  • pulse-area-codes

  • pulse-city

  • pulse-city-code

  • pulse-city-conf

  • pulse-conn-speed

  • pulse-conn-type

  • pulse-continent-code

  • pulse-country

  • pulse-country-code

  • pulse-country-conf

  • pulse-gmt-offset

  • pulse-in-dst

  • pulse-internal-code

  • pulse-latitude

  • pulse-longitude

  • pulse-metro-code

  • pulse-postal-code

  • pulse-postal-conf

  • pulse-region

  • pulse-region-code

  • pulse-region-conf

  • pulse-timezone-name

  • pulse-two-letter-country

Syntax

netacuity-lookup-ipv6(<prop>[,<prop>*])

Example: Set HTTP request headers that contain geolocation properties based on client's source IP address

frontend www
   bind :80
   mode http
   http-request add-header X-NetAcuity-IPv6-1 %[src,netacuity-lookup-ipv6("src-ip","pulse-area-codes","pulse-city","pulse-city-code","pulse-city-conf","pulse-conn-speed","pulse-conn-type","pulse-continent-code")]
   http-request add-header X-NetAcuity-IPv6-2 %[src,netacuity-lookup-ipv6("pulse-country","pulse-country-code","pulse-country-conf","pulse-gmt-offset","pulse-in-dst","pulse-internal-code","pulse-latitude","pulse-longitude")]
   http-request add-header X-NetAcuity-IPv6-3 %[src,netacuity-lookup-ipv6("pulse-metro-code","pulse-postal-code","pulse-postal-conf","pulse-region","pulse-region-code","pulse-region-conf","pulse-timezone-name","pulse-two-letter-country")]

Update the database during runtime

Use the NetAcuity Update feature to keep the contents of the geolocation database current. This allows you to keep multiple HAProxy Enterprise nodes synced with the latest data.

  1. Install a Web server of your choice and host the database file at a URL where HAProxy Enterprise can access. For example, host the files at http://192.168.122.1/netacuity.tar.gz. We recommend that you host the unzipped file directory at this URL.

  2. Add the following lines to the global section of your configuration file, where the URL hosts an updated version of the file:

global
   # ... other global settings
   netacuity-update url 04 http://192.168.122.1/netacuity.tar.gz delay 24h  timeout 100ms  retries 3  checksum  hash  log

With this configuration, HAProxy Enterprise downloads the database every 24 hours and displays a message in the logs when it succeeds or if it encountered errors during the update.

netacuity-update

The netacuity-update directive enables updating the database over HTTP from a specified URL. Updating a database with a newer version invalidates any cached lookups (if using cache), unless you enable the checksum setting and the new and old database contents are identical.

The directive supports the following syntax:

netacuity-update url <feature_code url>
   [delay <u> | xdelay <u s b r>]
   [timeout <t>]
   [retries <n>]
   [checksum]
   [hash]
   [log]
   [dontlog-normal]
   [param\*]

where:

url <feature_code url>

Required. Specifies URL for the database update. We recommend that you host the unzipped file directory at this URL. The feature code depends on the type of database. For example, if you name your NetAcuity files na_04_01.db, na_04_02.db, etc., then set the feature code to 04.

delay <u>

<u> specifies the period between each attempt to download a new database version. The delay is a simplified version of the xdelay keyword.

xdelay <u s b r>

xdelay settings are defined as follows:

  • <u> specifies the period between each attempt to download a new database version. Default: 5m

  • <s> specifies the initial (first) download delay. Default: 5s

  • <b> specifies the delay between the download of each element of the database. Default: 10s

  • If the download fails, <r> determines the delay for the next attempt. Default: 30s

If the new version of the database fails to download after three attempts, the module cancels the download until the next time interval specified by <u>. In this case, it discards the downloaded data.

timeout <t>

Specifies the HTTP connection timeout for attempts to download a new database version. The value is in milliseconds by default, but you can set it to any other unit if you add it as a suffix to the number. Default: 5s.

retries <n>

Specifies the number of retries to download a new NetAcuity database version. If unspecified, the global retries value applies. Default: 3

checksum

If present, determines the use of the SHA1 control sum to verify that the content of the recently downloaded database is identical to the one already used. If they are identical, the module does not do a live-reload of the database, thereby preserving cache contents (if you use caching).

hash

If present, enables authentication of downloaded data. Each upgraded file must have the associated file with a SHA1 check The SHA1 checksum file has the extension .sha1. The typical way to create the SHA1 checksum file is: sha1sum file > file.sha1

log

Specifies whether to log operation errors.

dontlog-normal

Deactivates logging for successful updates.

param*

Lists other server parameters; useful to configure special SSL features.

Runtime API

The following Runtime API commands are available:

lb-netacuity cache delete [n]

Deletes the oldest n cache elements. If n is not set, the module deletes the entire cache. Use this only when the module runs in debug mode; in normal use it has no significance.

lb-netacuity cache disable

Disables the cache.

lb-netacuity cache dump [n]

Shows the first n elements of the cache. If n is not set, it defaults to 5. The maximum value for n is 150. Use this only when the module runs in debug mode; in normal use it has no significance.

lb-netacuity cache enable

Enables the cache.

lb-netacuity cache invalidate

Declares the entire cache invalid.

lb-netacuity debug [level]

Set the debug level. Use this only when the module runs in debug mode; in normal use it has no significance. Default: level 7

lb-netacuity disable

Disables the NetAcuity database lookup engine.

lb-netacuity enable

Enables the NetAcuity database lookup engine.

lb-netacuity get <ip>

Displays all the data associated with the selected IP address. You can specify the IP address in IPv4 or IPv6 format. The query works whether the lookup engine is enabled or not. The query does not use the cache and does not cache the result.

lb-netacuity status

Displays the module status.

lb-netacuity update [delay]

Runs the update at a time specified in the delay argument. If you don't specify the delay (or the delay is 0), the update executes immediately. The delay cannot exceed the time until the next regular update.

lb-netacuity test [count [size [type [threshold]]]]

Initiates a module operation check and prints database lookup speeds. Use this only when the module runs in debug mode; in normal use it has no significance.

  • Count is the number of tests to perform. Default:1000

  • Size is the number of different IPv4 addresses to use in testing. Default: 256

  • Type indicates how to generate IPv4 addresses. Default: 0

  • Threshold is a limit value that does not enter in the calculation of the speed. Default: 0

Next up

Service Mesh