JiraKNOX-843

Starting 1.5.0 Knox can be configured to load-balance backend service instances as well as support sticky sessions in HA mode. Prior to this when HA was configured for Knox (using the HaProvider in Knox topology) Knox would route requests to a specific backend service, except in case of failover where Knox would pick the next backend service from the configured list. 


This approach had some limitations, Knox would only serve one backend, even when there were multiple backends available this especially was a problem for stateless services which needed even load distribution. Knox also had no support for sticky sessions.


With this release, Knox can be configured to load-balance requests for multiple backend service instances configured with HaProvider. Currently load-balancing is done in a simple round-robin fashion. This is an example of how to configure only load-balancing for an example HA service WHOAMI


      <provider>
            <role>ha</role>
            <name>HaProvider</name>
            <enabled>true</enabled>
            <param>
                <name>WHOAMI</name>
                <value>enabled=true;maxFailoverAttempts=3;failoverSleep=1000;enableLoadBalancing=true</value>
            </param>
        </provider>

        ...
        <service>
           <role>WHOAMI</role>
           <url>http://localhost:50070</url>
           <url>http://localhost:50071</url>
        </service>


Sticky sessions can be used for services such as HIVE where session state matters. Sticky sessions can be turned on by using the property enableStickySession. When sticky sessions are on Knox uses a cookie to match the client requests with the backend host, as a result cookies are required for this feature. Cookie name used for sticky session is KNOX_BACKEND-{service-name}. Sticky session cookie name can be changed by using the property stickySessionCookieName.  With sticky session turned on loadbalancing is turned on automatically.


If sticky session is turned on and there is a failover then Knox will choose a new backend and route the request to it. This can be undesirable in cases where session state is critical. Knox can be configured to not failover when sticky sessions are used by using the flag noFallback. When this flag (noFallback=true) is set, Knox will return a 502 (Bad Gateway) if a request comes with a cookie and the corresponding backend is unavailable.


Example of sticky session configuration

       <provider>
            <role>ha</role>
            <name>HaProvider</name>
            <enabled>true</enabled>
            <param>
                <name>WHOAMI</name>
                <value>enabled=true;maxFailoverAttempts=3;failoverSleep=1000;enableStickySession=true;noFallback=true</value>
            </param>
        </provider>


Summary of HaProvider properties discussed above

  1. enableStickySession - Enables sticky sessions
  2. stickySessionCookieName - Customize sticky session cookie name, default is KNOX_BACKEND-{serviceName}
  3. noFallback - when this flag is set, Knox will return a 502 (Bad Gateway) if a request comes with a cookie and the corresponding backend is unavailable.
  4. enableLoadBalancing - Enable loadbalancing, roundrobin requests to backend HA urls


  • No labels