HA Proxy - Sticky sessions from IP:Port?

Hi, we use haproxy with round robin on a few servers which works amazingly well
However now we need to use it for tcp sessions from different ports

basically, gps iot devices create connections to our server via TCP
When I run a netstat, I see lots of devices sending data from same IP address but different port
here is a snap shot
These are not the same device, they are using a mobile/cell network with same IP but different ports

So I would need a configuration for HA proxy to route to different servers based on IP and PORT
All the examples I’ve seen so far just use IP, which would not work well for me as it would batch a bunch of devices to same server.
I guess it would work, but it may overload one server and under-load another (if that makes sense)

Something else i’m not sure about, some devices also send data using UDP, and these would also need to be routed to same server, not sure if this would work or if i would just have to route all UDP devices to 1 server

Any feedback, pointers and help appreciated
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
David FavorFractional CTO
Distinguished Expert 2018

This must be done at the application layer rather than HAProxy.

Take WordPress for example using a DNS round robin layer with 5 minute TTLs on A record pool.

This means...

1) Person logs into site + login works, now they have a session.

2) Person goes about work, say editing a post.

3) TTL expires (sometime between 1 second + 5 minutes, based on other site access patterns).

4) At this point, person is logged out + must login again. Also very likely some/all edits will be lost, depending on other factors.

5) Fix: Maintain all session data in database, so sessions persist, independent of request IP.

With WordPress a simple plugin can accomplish this or more complex LAMP Stack config.

Likely best to study how WordPress handles this + clone the methodology used.

https://wordpress.org/plugins/wp-session-manager/ provides one approach.
David FavorFractional CTO
Distinguished Expert 2018

Tip: If this is your first time coding this type of system, might save lots of time if you hire someone for this project.
Software Engineer
Distinguished Expert 2018
For regular webservices getting to the same server is preferred often times so not hard to find config for that use case.


Did you try balance leastconn?   That should dispatch on the number of connections to backends.
seems your use case fits that model better.
balance random  may help

If you have a stick-table type ip entry on a backend then remove that.

haproxy cannot handle UDP though.

You may be able to use iptables using a random function to dispatch to various backends...

-p udp --dport xxx -m statistic --probability 0.25 -j DNAT --to-destination server1-ip    # picks first 25%
-p udp --dport xxx -m statistic --probability 0.33 -j DNAT --to-destination server2-ip    # picks 33% of remainder (aka 2nd 25%)
-p udp --dport xxx -m statistic --probability 0.50 -j DNAT --to-destination server3-ip    # picks 50% of remainder (aka 3rd 25%)
-p udp  --dport xxx -j DNAT --to-destionation server4-ip            # all remaining packets.
(This does NOT test on backend availablity  though....).  
There is no session management etc. (UDP has no concept of session then you need to use TCP).

NGINX should support loadbalancing in recent versions
# Load balance UDP‑based DNS traffic across two servers
stream {
    upstream dns_upstreams {

    server {
        listen 53 udp;
        proxy_pass dns_upstreams;
        proxy_timeout 1s;
        proxy_responses 1;
        error_log logs/dns.log;

Open in new window

Same applies here: no retries...


Thanks, we ended up using ngix as this offered what we needed

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial