Single-level setup

Enable the Stick Table Aggregator CLI in the global section.

The stats socket directive enables a CLI that lets you view data that the aggregator has stored.

global
  stats socket /tmp/stktagg.socket

global
  stats socket ipv4@192.168.56.111:9999

Create an aggregations section with the name of your choice, and make the aggr1 Stick Table Aggregator listen to HAProxy Enterprise nodes hapee1 and hapee2.

aggregations myaggr
  peer hapee1 192.168.56.101:44444
  peer hapee2 192.168.56.102:44444

Make the Stick Table Aggregator listen to incoming remote peer connections through the local keyword.

aggregations myaggr
  peer hapee1 192.168.56.101:44444
  peer hapee2 192.168.56.102:44444
  peer aggr1  192.168.56.111:11111 local

Define the stick table mapping.

The Stick Table Aggregator works by combining the data from normal stick tables into aggregated stick tables.

In your HAProxy Enterprise configuration, you will store data in the normal tables, as usual, using http-request track-sc0, but base ACL logic, such as whether to deny a request, on the aggregated tables.

You'll use suffixes on your stick table names to declare which tables are uncombined vs aggregated. For example, you might add the suffix .uncombined to your normal stick tables and .aggr to the aggregated ones.

There are no mandatory names, but the labels you choose must match the from line in your Stick Table Aggregator configuration file.

The table below describes the ways you can set the from line and how you would name your uncombined and aggregated tables:

from .uncombined to .aggr

from any to .aggr

from .cpu,.proc to .aggr

from .uncombined to .aggr accept-no-suffix

Start the Stick Table Aggregator service with systemctl:

$ sudo systemctl start hapee-extras-stktagg

Enable the HAProxy Enterprise Runtime API.

You can use the Runtime API to display the stick tables metrics, locally through a Unix domain socket, or remotely through an IP address and port.

global
  stats socket /var/run/hapee-2.7/hapee-lb.sock

global
  stats socket ipv4@192.168.56.101:9999 level admin

Make the HAProxy Enterprise node operate at layer 4 or 7.

In our example, we will track the HTTP request rate, so we make HAProxy Enterprise act as a layer 7 proxy.

defaults
  mode http

Declare the current HAProxy Enterprise node and the Stick Table Aggregator in the peers section.

In an active-active cluster, no HAProxy Enterprise node should be aware of other nodes, to avoid peer nodes overwriting each other's stick tables.

Define a stick table counter in a frontend section.

The new http-request directive states that we want to store the sc0 sticky counter in the stick table we specify with the table parameter.

We specify the mypeers/mytable.uncombined stick table, i.e, in the mytable.uncombined stick table defined in the mypeers peers section.

# Demo frontend that returns HTTP 200 OK responses
frontend fe_main
  bind *:80
  http-request track-sc0 src table mypeers/mytable.uncombined
  http-request deny deny_status 200

The bind directive assigns a listener to all IP addresses on the server on port 80. We'll use the directive's ssl and crt arguments later on to encrypt traffic between HAProxy Enterprise nodes and the aggregator.

In this example, the stick table will track IP addresses and the corresponding HTTP request rates over the last hour.

The last line of the snippet is meant just for testing: we deny access but return status 200 OK.

Declare stick tables mytable.uncombined and mytable.aggr in the peers section on all HAProxy Enterprise nodes:

peers mypeers
  server hapee1
  server aggr1 192.168.56.111:11111
  table  mytable.uncombined type ip size 100 expire 1h store http_req_rate(1h)
  table  mytable.aggr       type ip size 100 expire 1h store http_req_rate(1h)

peers mypeers
  server hapee2
  server aggr1 192.168.56.111:11111
  table  mytable.uncombined type ip size 100 expire 1h store http_req_rate(1h)
  table  mytable.aggr       type ip size 100 expire 1h store http_req_rate(1h)