mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2025-01-09 15:30:17 +00:00
46b93afdb3
Released version 2.4-dev19 with the following main changes : - BUG/MINOR: hlua: Don't rely on top of the stack when using Lua buffers - BUG/MEDIUM: cli: prevent memory leak on write errors - BUG/MINOR: ssl/cli: fix a lock leak when no memory available - MINOR: debug: add a new "debug dev sym" command in expert mode - MINOR: pools/debug: slightly relax DEBUG_DONT_SHARE_POOLS - CI: Github Actions: switch to LibreSSL-3.3.3 - MINOR: srv: close all idle connections on shutdown - MINOR: connection: move session_list member in a union - MEDIUM: mux_h1: release idling frontend conns on soft-stop - MEDIUM: connection: close front idling connection on soft-stop - MINOR: tools: add functions to retrieve the address of a symbol - CLEANUP: activity: mark the profiling and task_profiling_mask __read_mostly - MINOR: activity: add a "memory" entry to "profiling" - MINOR: activity: declare the storage for memory usage statistics - MEDIUM: activity: collect memory allocator statistics with USE_MEMORY_PROFILING - MINOR: activity: clean up the show profiling io_handler a little bit - MINOR: activity: make "show profiling" support a few arguments - MINOR: activity: make "show profiling" also dump the memoery usage - MINOR: activity: add the profiling.memory global setting - BUILD: makefile: add new option USE_MEMORY_PROFILING - MINOR: channel: Rely on HTX version if appropriate in channel_may_recv() - BUG/MINOR: stream-int: Don't block reads in si_update_rx() if chn may receive - MINOR: conn-stream: Force mux to wait for read events if abortonclose is set - MEDIUM: mux-h1: Don't block reads when waiting for the other side - BUG/MEDIUM: mux-h1: Properly report client close if abortonclose option is set - REGTESTS: Add script to test abortonclose option - MINOR: mux-h1: clean up conditions to enabled and disabled splicing - MINOR: mux-h1: Subscribe for sends if output buffer is not empty in h1_snd_pipe - MINOR: mux-h1: Always subscribe for reads when splicing is disabled - MEDIUM: mux-h1: Wake H1 stream when both sides a synchronized - CLEANUP: mux-h1: rename WAIT_INPUT/WAIT_OUTPUT flags - MINOR: mux-h1: Manage processing blocking flags on the H1 stream - BUG/MINOR: stream: Decrement server current session counter on L7 retry - BUG/MINOR: config: fix uninitialized initial state in ".if" block evaluator - BUG/MINOR: config: add a missing "ELIF_TAKE" test for ".elif" condition evaluator - BUG/MINOR: config: .if/.elif should also accept negative integers - MINOR: config: centralize the ".if"/".elif" condition parser and evaluator - MINOR: config: keep up-to-date current file/line/section in the global struct - MINOR: config: support some pseudo-variables for file/line/section - BUILD: activity: do not include malloc.h - MINOR: arg: improve the error message on missing closing parenthesis - MINOR: global: export the build features string list - MINOR: global: add version comparison functions - MINOR: config: improve .if condition error reporting - MINOR: config: make cfg_eval_condition() support predicates with arguments - MINOR: config: add predicate "defined()" to conditional expression blocks - MINOR: config: add predicates "streq()" and "strneq()" to conditional expressions - MINOR: config: add predicate "feature" to detect certain built-in features - MINOR: config: add predicates "version_atleast" and "version_before" to cond blocks - BUG/MINOR: activity: use the new pointer to calculate the new size in realloc() - BUG/MINOR: stream: properly clear the previous error mask on L7 retries - MEDIUM: log: slightly refine the output format of alerts/warnings/etc - MINOR: config: add a new message directive: .diag - CLEANUP: cli/tree-wide: properly re-align the CLI commands' help messages - BUG/MINOR: stream: Reset stream final state and si error type on L7 retry - BUG/MINOR: checks: Handle synchronous connect when a tcpcheck is started - BUG/MINOR: checks: Reschedule check on observe mode only if fastinter is set - MINOR: global: define tainted flag - MINOR: cfgparse: add a new field flags in cfg_keyword - MINOR: cfgparse: implement experimental config keywords - MINOR: action: replace match_pfx by a keyword flags field - MINOR: action: implement experimental actions - MINOR: cli: set tainted when using CLI expert/experimental mode - MINOR: stats: report tainted on show info - MINOR: http_act: mark normalize-uri as experimental - BUILD: fix usage of ha_alert without format string - MINOR: proxy: define PR_CAP_LB - BUG/MINOR: server: do not report diag for peer servers with null weight - DOC: ssl: Extra files loading now works for backends too - ADDONS: make addons/ discoverable by git via .gitignore - DOC: ssl: Add information about crl-file option - MINOR: sample: improve error reporting on missing arg to strcmp() converter - DOC: management: mention that some fields may be emitted as floats - MINOR: tools: implement trimming of floating point numbers - MINOR: tools: add a float-to-ascii conversion function - MINOR: freq_ctr: add new functions to report float measurements - MINOR: stats: avoid excessive padding of float values with trailing zeroes - MINOR: stats: add the HTML conversion for float types - MINOR: stats: pass the appctx flags to stats_fill_info() - MINOR: stats: support an optional "float" option to "show info" - MINOR: stats: use tv_remain() to precisely compute the uptime - MINOR: stats: report uptime and start time as floats with subsecond resolution - MINOR: stats: make "show info" able to report rates as floats when asked - MINOR: config: mark tune.fd.edge-triggered as experimental - REORG: vars: move the "proc" scope variables out of the global struct - REORG: threads: move all_thread_mask() to thread.h - BUILD: wdt: include signal-t.h - BUILD: auth: include missing list.h - REORG: mworker: move proc_self from global to mworker - BUILD: ssl: ssl_utils requires chunk.h - BUILD: config: cfgparse-ssl.c needs tools.h - BUILD: wurfl: wurfl.c needs tools.h - BUILD: spoe: flt_spoe.c needs tools.h - BUILD: promex: service-prometheus.c needs tools.h - BUILD: resolvers: include tools.h - BUILD: config: include tools.h in cfgparse-listen.c - BUILD: htx: include tools.h in http_htx.c - BUILD: proxy: include tools.h in proxy.c - BUILD: session: include tools.h in session.c - BUILD: cache: include tools.h in cache.c - BUILD: sink: include tools.h in sink.c - BUILD: connection: include tools.h in connection.c - BUILD: server-state: include tools.h from server_state.c - BUILD: dns: include tools.h in dns.c - BUILD: payload: include tools.h in payload.c - BUILD: vars: include tools.h in vars.c - BUILD: compression: include tools.h in compression.c - BUILD: mworker: include tools.h from mworker.c - BUILD: queue: include tools.h from queue.c - BUILD: udp: include tools.h from proto_udp.c - BUILD: stick-table: include freq_ctr.h from stick_table.h - BUILD: server: include tools.h from server.c - BUILD: server: include missing proxy.h in server.c - BUILD: sink: include proxy.h in sink.c - BUILD: mworker: include proxy.h in mworker.c - BUILD: filters: include proxy.h in filters.c - BUILD: fcgi-app: include proxy.h in fcgi-app.c - BUILD: connection: move list_mux_proto() to connection.c - REORG: stick-table: uninline stktable_alloc_data_type() - REORG: stick-table: move composite address functions to stick_table.h - REORG: config: uninline warnifnotcap() and failifnotcap() - BUILD: task: remove unused includes from task.c - MINOR: task: stop including stream.h from task.c - BUILD: connection: stop including listener-t.h - BUILD: hlua: include proxy.h from hlua.c - BUILD: mux-h1: include proxy.h from mux-h1.c - BUILD: mux-fcgi: include proxy.h from mux-fcgi.c - BUILD: listener: include proxy.h from listener.c - BUILD: http-rules: include proxy.h from http_rules.c - BUILD: thread: include log.h from thread.c - BUILD: comp: include proxy.h from flt_http_comp.c - BUILD: fd: include log.h from fd.c - BUILD: config: do not include proxy.h nor errors.h anymore in cfgparse.h - BUILD: makefile: reorder object files by build time - DOC: Fix a few grammar/spelling issues and casing of HAProxy - REGTESTS: run-regtests: match both "HAProxy" and "HA-Proxy" in the version - MINOR: version: report "HAProxy" not "HA-Proxy" in the version output - DOC: remove last occurrences of "HA-Proxy" syntax - DOC: peers: fix the protocol tag name in the doc - ADMIN: netsnmp: report "HAProxy" and not "Haproxy" in output descriptions - MEDIUM: mailers: use "HAProxy" nor "HAproxy" in the subject of messages - DOC: fix a few remainig cases of "Haproxy" and "HAproxy" in doc and comments - MINOR: tools/rnd: compute the result outside of the CAS loop - BUILD: http_fetch: address a few aliasing warnings with older compilers - BUILD: ssl: define HAVE_CRYPTO_memcmp() based on the library version - BUILD: errors: include stdarg in errors.h - REGTESTS: disable inter-thread idle connection sharing on sensitive tests - MINOR: cli: make "help" support a command in argument - MINOR: cli: sort the output of the "help" keywords - CLEANUP: cli/mworker: properly align the help messages - BUILD: memprof: make the old caller pointer a const in get_prof_bin() - BUILD: compat: include malloc_np.h for USE_MEMORY_PROFILING on FreeBSD - CI: Github Actions: enable USE_QUIC=1 for BoringSSL builds - BUG/MEDIUM: quic: fix null deref on error path in qc_conn_init() - BUILD: cli: appease a null-deref warning in cli_gen_usage_msg()
84 lines
4.4 KiB
Plaintext
84 lines
4.4 KiB
Plaintext
2013/11/20 - How hashing works internally in haproxy - maddalab@gmail.com
|
|
|
|
This document describes how HAProxy implements hashing both map-based and
|
|
consistent hashing, both prior to versions 1.5 and the motivation and tests
|
|
that were done when providing additional options starting in version 2.4
|
|
|
|
A note on hashing in general, hash functions strive to have little
|
|
correlation between input and output. The heart of a hash function is its
|
|
mixing step. The behavior of the mixing step largely determines whether the
|
|
hash function is collision-resistant. Hash functions that are collision
|
|
resistant are more likely to have an even distribution of load.
|
|
|
|
The purpose of the mixing function is to spread the effect of each message
|
|
bit throughout all the bits of the internal state. Ideally every bit in the
|
|
hash state is affected by every bit in the message. And we want to do that
|
|
as quickly as possible simply for the sake of program performance. A
|
|
function is said to satisfy the strict avalanche criterion if, whenever a
|
|
single input bit is complemented (toggled between 0 and 1), each of the
|
|
output bits should change with a probability of one half for an arbitrary
|
|
selection of the remaining input bits.
|
|
|
|
To guard against a combination of hash function and input that results in
|
|
high rate of collisions, haproxy implements an avalanche algorithm on the
|
|
result of the hashing function. In all versions 1.4 and prior avalanche is
|
|
always applied when using the consistent hashing directive. It is intended
|
|
to provide quite a good distribution for little input variations. The result
|
|
is quite suited to fit over a 32-bit space with enough variations so that
|
|
a randomly picked number falls equally before any server position, which is
|
|
ideal for consistently hashed backends, a common use case for caches.
|
|
|
|
In all versions 1.4 and prior HAProxy implements the SDBM hashing function.
|
|
However tests show that alternatives to SDBM have a better cache
|
|
distribution on different hashing criteria. Additional tests involving
|
|
alternatives for hash input and an option to trigger avalanche, we found
|
|
different algorithms perform better on different criteria. DJB2 performs
|
|
well when hashing ascii text and is a good choice when hashing on host
|
|
header. Other alternatives perform better on numbers and are a good choice
|
|
when using source ip. The results also vary by use of the avalanche flag.
|
|
|
|
The results of the testing can be found under the tests folder. Here is
|
|
a summary of the discussion on the results on 1 input criteria and the
|
|
methodology used to generate the results.
|
|
|
|
A note of the setup when validating the results independently, one
|
|
would want to avoid backend server counts that may skew the results. As
|
|
an example with DJB2 avoid 33 servers. Please see the implementations of
|
|
the hashing function, which can be found in the links under references.
|
|
|
|
The following was the set up used
|
|
|
|
(a) hash-type consistent/map-based
|
|
(b) avalanche on/off
|
|
(c) balanche host(hdr)
|
|
(d) 3 criteria for inputs
|
|
- ~ 10K requests, including duplicates
|
|
- ~ 46K requests, unique requests from 1 MM requests were obtained
|
|
- ~ 250K requests, including duplicates
|
|
(e) 17 servers in backend, all servers were assigned the same weight
|
|
|
|
Result of the hashing were obtained across the server via monitoring log
|
|
files for haproxy. Population Standard deviation was used to evaluate the
|
|
efficacy of the hashing algorithm. Lower standard deviation, indicates
|
|
a better distribution of load across the backends.
|
|
|
|
On 10K requests, when using consistent hashing with avalanche on host
|
|
headers, DJB2 significantly out performs SDBM. Std dev on SDBM was 48.95
|
|
and DJB2 was 26.29. This relationship is inverted with avalanche disabled,
|
|
however DJB2 with avalanche enabled out performs SDBM with avalanche
|
|
disabled.
|
|
|
|
On map-based hashing SDBM out performs DJB2 irrespective of the avalanche
|
|
option. SDBM without avalanche is marginally better than with avalanche.
|
|
DJB2 performs significantly worse with avalanche enabled.
|
|
|
|
Summary: The results of the testing indicate that there isn't a hashing
|
|
algorithm that can be applied across all input criteria. It is necessary
|
|
to support alternatives to SDBM, which is generally the best option, with
|
|
algorithms that are better for different inputs. Avalanche is not always
|
|
applicable and may result in less smooth distribution.
|
|
|
|
References:
|
|
Mixing Functions/Avalanche: https://papa.bretmulvey.com/post/124027987928/hash-functions
|
|
Hash Functions: http://www.cse.yorku.ca/~oz/hash.html
|