HAProxy Enterprise Documentation 2.5r1

Tuning Mirrored Traffic

There are several ways to tune the traffic that is mirrored.

  • Filtering

  • Sampling

  • Mapping key-value pairs

  • Making runtime changes using the REST API

Filtering

You can add an ACL that limits the requests that are captured. For instance, if you only want to mirror traffic for requests to the /search feature on your site, you would ignore all requests except those that have a URL path beginning with /search, as shown:

spoe-message mirror-msg
     args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
     event on-frontend-http-request if { path_beg /search }

You can also define named ACLs that do the same thing:

spoe-message mirror-msg
     args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
     acl is_search path_beg /search
     event on-frontend-http-request if is_search

Sampling

Suppose you don't want to capture all traffic but rather only a portion of it. You would add an ACL that collects a random sample of requests. In the next example, we generate a random number between 1 and 100 and only mirror the request if that number is less than or equal to 10:

spoe-message mirror-msg
     args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
     acl is_search path_beg /search
     event on-frontend-http-request if { rand(100) le 10 }

Mapping key-value pairs

Your ACL statements can also check values from map files. For example, you can switch mirroring on or off by using a map file that contains a key-value pair like mirroring on. Then, check the map file from your hapee-mirror-spoe.cfg file like this:

spoe-message mirror-msg
     args arg_method=method arg_path=url arg_ver=req.ver arg_hdrs=req.hdrs_bin arg_body=req.body
     acl mirroring_on str(mirroring),map(/etc/hapee-2.5/mirroring.map) -m str on
     event on-frontend-http-request if mirroring_on

Use the HAProxy Enterprise Runtime API to change the value in the map file to off.

# Change mirroring to off
$ echo "set map /etc/hapee-2.5/mirroring.map mirroring off" | nc 127.0.0.1 9999

# Show current value
$ echo "show map /etc/hapee-2.5/mirroring.map mirroring" | nc 127.0.0.1 9999

Making runtime changes using the REST API

You can also use the Data Plane API to add or remove filter spoe lines from the HAProxy configuration file dynamically. In the following example, we show the existing filters, then add a new one, and then remove it:

# Show existing filters
$ curl -X GET --user admin:mypassword "http://localhost:5555/v1/services/haproxy/configuration/filters?parent_name=fe_main&parent_type=frontend"

# Add a filter line
$ curl -X POST --user admin:mypassword "http://localhost:5555/v1/services/haproxy/configuration/filters?parent_name=fe_main&parent_type=frontend&version=1" -H "Content-Type: application/json" -d '{"id": 0, "spoe_config":"/etc/hapee-2.5/spoa.conf", "spoe_engine":"mirror", "type": "spoe"}'
{"id":0,"spoe_config":"/etc/hapee-2.5/spoa.conf","spoe_engine":"mirror","type":"spoe"}

# Remove a filter line
$ curl -X DELETE --user admin:mypassword "http://localhost:5555/v1/services/haproxy/configuration/filters/0?parent_name=fe_main&parent_type=frontend&version=2" -H "Content-Type: application/json"

Use the Data Plane API to fully configure your load balancer using REST API commands.

See also

Next up

Traffic Mirroring Reference