Proxy protocol support for logstash? (ELB and HAProxy for inbound failover)


(Nathan Neulinger) #1

Is there any way to get proxy protocol support for logstash so that the indexer can see the originating IP/host for the connections if you have logstash sitting behind ELB or HAProxy?


(Magnus Bäck) #2

Which inbound protocol(s)?


(Nathan Neulinger) #3

It would technically be for anything TCP based since the protocol (version 1 at least) is just a single line header added to the start of any tcp stream.

For my particular need, having it for the 'tcp', 'log4j', and 'syslog' inputs would cover everything I'm using.

A common use case would be a few logstash forwarders sitting behind an haproxy or Amazon ELB load balancer for failover handling.

From http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt :

`
The maximum line lengths the receiver must support including the CRLF are :

  • TCP/IPv4 :
    "PROXY TCP4 255.255.255.255 255.255.255.255 65535 65535\r\n"
    => 5 + 1 + 4 + 1 + 15 + 1 + 15 + 1 + 5 + 1 + 5 + 2 = 56 chars

  • TCP/IPv6 :
    "PROXY TCP6 ffff:f...f:ffff ffff:f...f:ffff 65535 65535\r\n"
    => 5 + 1 + 4 + 1 + 39 + 1 + 39 + 1 + 5 + 1 + 5 + 2 = 104 chars

  • unknown connection (short form) :
    "PROXY UNKNOWN\r\n"
    => 5 + 1 + 7 + 2 = 15 chars

  • worst case (optional fields set to 0xff) :
    "PROXY UNKNOWN ffff:f...f:ffff ffff:f...f:ffff 65535 65535\r\n"
    => 5 + 1 + 7 + 1 + 39 + 1 + 39 + 1 + 5 + 1 + 5 + 2 = 107 chars
    `


(Nathan Neulinger) #4

Note - Amazon only does Proxy protocol v1. HAProxy supports v1 or v2. v2 is a more complex binary format. Support for v1 would be sufficient for now, but keep option for protocol version in mind when implementing configuration syntax.


(Magnus Bäck) #5

Okay. Sounds like something reasonable to support. I suggest filing an issue at https://github.com/elastic/logstash/issues since it should be included in a core library. I wouldn't assume the team picks up feature requests from here.


(Nathan Neulinger) #6

Submitted


(system) #7