Add HAproxy stick tables to CLI

tmLWDRAwuH · August 18, 2025, 2:52pm

Hi!

On vanilla HAproxy that I run manually, I have a ssh load balanced setup with source persistence AND least-connection balancing, like this:

listen ssh
    bind <my ip>:22
    stick-table type ip size 1k expire 48h
    stick on src
    balance leastconn
    mode tcp

So I keep a stick table for 48hrs and use it for source IP persistence. If not in the table, use least-connection logic to distribute load across my two backends. Works perfectly. I’m migrating this setup to VyOS and I notice I can choose one of either, or round-robin:

admin@<hostname># set backend logins balance 
Possible completions:
   source-address       Based on hash of source IP address
   round-robin          Round robin (default)
   least-connection     Least connection

But I can’t have both, even though HAproxy supports this with the config shown above.

Feature request:
Add the stick table option to the VyOS CLI, so I can have source persistence via stick table and not hashed assignments, and combine it with least-connection balancing.

I’d love to hear how/if I can help. Thanks!

Viacheslav · August 18, 2025, 4:29pm

Create a feature request on https://vyos.dev/
Any idea for CLI?

tmLWDRAwuH · August 19, 2025, 7:07am

Thanks! I have applied for an account at vyos.dev. Will post it there when I can.

To get to my config I could see a CLI like this:

set load-balancing haproxy backend <backend> balance least-connection
set load-balancing haproxy backend <backend> mode tcp

set load-balancing haproxy backend <backend> stick-table type ip
set load-balancing haproxy backend <backend> stick-table size 1k
set load-balancing haproxy backend <backend> stick-table expire 48h
set load-balancing haproxy backend <backend> stick-on src

Resulting in config:

[edit load-balancing]
admin@l<hostname># show
 haproxy {
     backend <backend> {
         balance least-connection
         mode tcp
         stick-table {
             type ip
             size 1k
             expire 48h
         }
         stick-on src
         <rest of config...>
     }
 }

But stick tables do more than just this. My example comes from this page:

But stick tables can be used to track lots of other stuff and apply ACL’s on them. Config manual with all the options:

So implementing all of the stick-table options is a larger task. Would it be preferred to add all the options, or (at first) a selection of the most common/useful options?

system · October 18, 2025, 7:08am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.