Re: IP address ACLs
Sounds good. If I use the external file, will HAProxy reload it if the modification timestamp changes? Or do I need to explicitly send a reload signal? On Sat, Aug 15, 2015 at 3:39 AM, Baptiste bed...@gmail.com wrote: Hi, there is no performance drop of loading from a file or directly in the config file. That said, if you have multiple ACLs with the same name loading many IPs, then you'll perform as many lookups as you have ACLs... While loading content from a file would perform a single lookup. Anyway, there should not be any noticeable performance impact, since IP lookup is very quick in HAProxy (a few hundred of nano second in a tree of 1.000.000 IPs). Concerning comments, any string after a dash '#' is considered as a comment and not loaded in the ACL. Baptiste On Sat, Aug 15, 2015 at 8:28 AM, Nathan Williams nath.e.w...@gmail.com wrote: We use a file for about 40 cidr blocks, and don't have any problems with load speed. Presumably large means more than that, though. We use comments as well, but they have to be at the beginning of their own line, not tagged on after the address. On Fri, Aug 14, 2015, 9:09 PM CJ Ess zxcvbn4...@gmail.com wrote: When doing a large number of IP based ACLs in HAProxy, is it more efficient to load the ACLs from a file with the -f argument? Or is just as good to use multiple ACL statements in the cfg file? If I did use a file with the -f parameter, is it possible to put comments in the file?
Re: IP address ACLs
Hi, there is no performance drop of loading from a file or directly in the config file. That said, if you have multiple ACLs with the same name loading many IPs, then you'll perform as many lookups as you have ACLs... While loading content from a file would perform a single lookup. Anyway, there should not be any noticeable performance impact, since IP lookup is very quick in HAProxy (a few hundred of nano second in a tree of 1.000.000 IPs). Concerning comments, any string after a dash '#' is considered as a comment and not loaded in the ACL. Baptiste On Sat, Aug 15, 2015 at 8:28 AM, Nathan Williams nath.e.w...@gmail.com wrote: We use a file for about 40 cidr blocks, and don't have any problems with load speed. Presumably large means more than that, though. We use comments as well, but they have to be at the beginning of their own line, not tagged on after the address. On Fri, Aug 14, 2015, 9:09 PM CJ Ess zxcvbn4...@gmail.com wrote: When doing a large number of IP based ACLs in HAProxy, is it more efficient to load the ACLs from a file with the -f argument? Or is just as good to use multiple ACL statements in the cfg file? If I did use a file with the -f parameter, is it possible to put comments in the file?
Re: IP address ACLs
We use a file for about 40 cidr blocks, and don't have any problems with load speed. Presumably large means more than that, though. We use comments as well, but they have to be at the beginning of their own line, not tagged on after the address. On Fri, Aug 14, 2015, 9:09 PM CJ Ess zxcvbn4...@gmail.com wrote: When doing a large number of IP based ACLs in HAProxy, is it more efficient to load the ACLs from a file with the -f argument? Or is just as good to use multiple ACL statements in the cfg file? If I did use a file with the -f parameter, is it possible to put comments in the file?
