Versions Compared

Old Version 7

changes.mady.by.user Francesco Sinisi

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Sinisi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • In the reference implementation of Octavia, haproxy enforces the following ordering regarding policy actions:
    • REJECT policies take precedence over all other policies.
    • REDIRECT_TO_URL policies take precedence over REDIRECT_TO_POOL policies.
    • REDIRECT_TO_POOL policies are only evaluated after all of the above, and in the order specified by the position of the policy.
  • L7 Policies are evaluated in a specific order (as defined by the position attribute), and the first policy that matches a given request will be the one whose action is followed.
  • If no policy matches a given request, then the request is routed to the listener’s default pool, if it exists. If the listener has no default pool, then an error 503 is returned.
  • Policy position numbering starts with 1.
  • If a new policy is created with a position that matches that of an existing policy, then the new policy is inserted at the given position and the others will move down one position.
  • If a new policy is created without specifying a position, or specifying a position that is greater than the number of policies already in the list, the new policy will just be appended to the list (i.e. its position will be equal to the number of policies in the list plus one).
  • When policies are inserted, deleted, or appended to the list, the policy position values are re-ordered from 1 without skipping numbers. For example, if policy A, B, and C have position values of 1, 2 and 3 respectively, if you delete policy B from the list, policy C’s position becomes 2.

L7 Policies vs programming

Let's try to explain the concepts just presented in other terms, making a parallelism with the typical selective syntax of programming languages. A single policies, in fact, can be seen as an if cycle, where the conditions are represented by the L7 Rules, linked together only through logical ANDs.

Code Block
languagepy
titlePolicy vs If Cycle
# The single Policy is verified when all the rules that compose it are verified.

# --- Policy1 ---
if (Rule1 and Rule2 and Rule3):		// Policy logic  
	action1                         // Policy action
# --- Policy2 ---
if (Rule1):							// Policy logic  
	action2                         // Policy action
# --- Policy3 ---
if (Rule1 and Rule2):				// Policy logic  
	action3                         // Policy action

When the Listener is invoked it will have to choose which action to perform, based on the Policy associated with it. The Listener will probe the list of its Policies, following a precise order, like a Switch/Case or an else if statement.

Code Block
languagepy
titleElseIf statement
# The position of the Policy is important, because the Policies that are after the first verified Policy will be ignored.
if Policy1:			// Policy position
	action1
elif Policy2:		// Policy position
	action2
elif Policy3:		// Policy position
	action3
else:
	default pool	// If the listener has no default pool, then an error 503 is returned