Pass-through Failure After Upgrade

Translated
1

Note:
This topic has been translated from a Chinese forum by GPT and might contain errors.

Original topic: 升级后透传失效

| username: magongyong

[TiDB Usage Environment] Production Environment / Testing / Poc
[TiDB Version] tidb v6.5.0
[Reproduction Path] Operations performed that led to the issue
Upgraded from tidb v5.4.3 to v6.5.0

[Encountered Issue: Phenomenon and Impact]
Before the upgrade, the application server connected normally.
After the upgrade, the application connection failed, as shown in the screenshot:

Image
Image1042×159 13.3 KB

Upon investigation, it was found that the error’s connection IP is the IP of the HAProxy server, not the application server’s IP.
Before the upgrade, due to pass-through, TiDB recognized the IPs of the application servers, and since the application servers were already authorized, there were no connection issues.
After the upgrade, the connection error indicates that the IPs are from HAProxy, suggesting an issue with pass-through.
Manually granting permissions to the HAProxy server’s IP in the TiDB cluster resolved the connection issue.

[Resource Configuration]
[Attachments: Screenshots/Logs/Monitoring]

2
| username: magongyong | Original post link

I want to confirm whether this is a bug or if there have been changes in the parameters. The two places where configuration is passed through, the TiDB parameter proxy-protocol.networks and adding send-proxy in HAProxy, have there been any changes?

3
| username: tidb菜鸟一只 | Original post link

In a production environment, version 6.5 still requires caution.

4
| username: magongyong | Original post link

Currently, it’s in testing and hasn’t gone into production yet. :joy:

5
| username: Minorli-PingCAP | Original post link

I was using V5 before and upgraded to V6.5, the passthrough didn’t fail. The configuration should not have changed.

6
| username: magongyong | Original post link

Okay, thank you, we will check it ourselves.

7
| username: magongyong | Original post link

We tried another TiDB cluster environment and upgraded it online to 6.5.0. The passthrough still fails, and database accounts need to be reauthorized (adding the IP whitelist for the HAProxy server).