HAProxy Enterprise Documentation 2.5r1

Traffic Mirroring Reference

The file /etc/hapee-extras/hapee-mirror-spoe.cfg configures how HAProxy Enterprise communicates with the SPOE mirror agent.

[mirror]
spoe-agent mirror
    log global
    messages mirror
    use-backend mirroragents
    timeout hello 500ms
    timeout idle 5s
    timeout processing 5s

spoe-message mirror
    args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
    event on-frontend-http-request

It supports the following directives in the spoe-agent section:

Parameter

Description

[*name*]

The file begins with an engine name, mirror, in square brackets. As mentioned, this name must match the engine parameter value set on the filter spoe directive in the HAProxy Enterprise configuration.

log global

This line means that events, such as when HAProxy Enterprise sends data, will be logged to the same output defined by the log statement in the global section of the HAProxy Enterprise configuration.

messages

This line is a space-delimited list of labels that match up with spoe-message sections.

use-backend

This line specifies which backend in the HAProxy Enterprise configuration holds the mirror agents.

timeout hello

This setting limits how long HAProxy Enterprise will wait for an agent to

acknowledge a connection.

timeout idle

This setting limits how long HAProxy Enterprise will wait for an agent to close an idle connection.

timeout processing

This setting limits how long an agent is allowed to process an event.

A spoe-message section defines which HAProxy Enterprise fetch methods will be used to capture data to send to the agents. The label here, mirror, is expected by this particular agent. For traffic mirroring, we capture the following:

  • the HTTP method

  • the URL path

  • the version of HTTP

  • all HTTP headers

  • the request body (note that this requires option http-buffer-request in the HAProxy Enterprise configuration)

Data is sent every time the on-frontend-http-request event fires, which is before the evaluation of http-request rules on the frontend side.


Next up

Traffic Policing