Hi David, On Wed, Feb 24, 2010 at 06:06:26PM -0800, David Birdsong wrote: > I'm autogenerating haproxy configs on some of our front ends and > appending a growing set of IP addresses that we'll ban. Does this > scale well in haproxy? Can I expect performance to drop as the list > grows and grows or is this implemented in a way that scales pretty > horizontally?
Yes the performance will drop but not *that* much, because IP ACLs check is quite fast. Just put as many IPs per line as you can. I have plans to load IP ranges from a file and to perform dichotomic search on them (which will be even faster than tree search due to lower memory footprint). It would make it possible to load millions of IP addresses without a noticeable performance degradation. It's just not there yet. I also plan to add ACL matches for stickiness tables. That will allow us to check using ACLs if an address was already added to a table. We first have to relax the conditions in which an address can be inserted. How many IP addresses do you intend to load, and how many requests per second do you estimate ? Regards, Willy
