Deploying HAProxy for TCP and HTTP Load Distribution
HAProxy operates as a robust solution for distributing network traffic across multiple servers, functioning effective at both Layer 4 (transport) and Layer 7 (application) of the OSI model. Unlike LVS, which primarily handles Layer 4 forwarding within the kernel or user space, or Nginx which is often associated with Layer 7 proxying, HAProxy bridges both capabilities with high performance.
Core Capabilities and Use Cases
This tool is designed for high-concurrency web environments capable of sustaining over 10,000 simultaneous connections. It serves as a high-performance load balancer for TCP and HTTP protocols. In terms of architecture, HAProxy acts similarly to an LVS scheduler. To ensure high availability, deployments often utilize a master-slave configuration between two HAProxy instances.
Key functionalities include:
- Handling Layer 4 and Layer 7 traffic forwarding.
- Terminating HTTPS connections.
- Managing session persistence via cookie insertion, as native caching is not included.
- Supporting failover mechanisms through integration with tools like Keepalived.
Performance Characteristics
HAProxy is recognized for its stability and reliability. A single instance can maintain between 40,000 to 50,000 concurrent connections, processing up to 20,000 requests per second depending on the hardware. It supports various scheduling algorithms including Round Robin (rr), Weighted Round Robin (wrr), and Least Connections (leastconn), allowing for flexible traffic distribution strategies despite lacking built-in caching.
Installation and Compilation
Begin by downloading the source archive to a designated directory, such as /usr/src. Extract the contants and prepare the build environment.
cd /usr/src
tar -xf haproxy-2.0.0.tar.gz
cd haproxy-2.0.0
uname -r
Verify the kernel version before compiling. Ensure the target system specification matches or is lower than the current kernel. Compile the binary for a 64-bit architecture.
make TARGET=linux-glibc ARCH=x86_64
make install
mkdir -p /etc/haproxy
cp examples/haproxy.cfg /etc/haproxy/
Configuration Management
Edit the main configuration file to define global settings, defaults, and specific proxy sections. The following example demonstrates distinct configurations for Layer 7 HTTP and Layer 4 TCP traffic.
vim /etc/haproxy/haproxy.cfg
global
log /dev/log local0 warning
log /dev/log local1 notice
maxconn 8192
nbthread 4
# Thread count should align with CPU cores for optimal performance
defaults
mode http
option httplog
retries 2
redispatch
maxconn 4000
timeout http-request 5s
timeout queue 30s
timeout connect 5s
timeout client 30s
timeout server 30s
timeout http-keep-alive 5s
timeout check 5s
# Layer 7 HTTP Configuration
frontend http_front
bind *:8080
default_backend http_servers
option httpchk GET /health.html
backend http_servers
balance roundrobin
server app1 10.20.30.11:80 check inter 1500 fall 2 weight 1
server app2 10.20.30.12:80 check inter 1500 fall 2 weight 2
# Layer 4 TCP Configuration
listen tcp_service
bind *:3306
mode tcp
balance leastconn
server db1 10.20.30.11:3306 check inter 1500 fall 2 weight 1
server db2 10.20.30.12:3306 check inter 1500 fall 2 weight 2
In the HTTP section, the frontend listens on port 8080 and directs traffic to the backend pool. Health checks are configured to request a specific HTML file every 1.5 seconds. For the TCP section, a combined listen block handles database traffic on port 3306 using the least connections algorithm.
Service Initialization
To integrate HAProxy with the system service manager, copy the initialization script and configure permissions.
cd /usr/src/haproxy-2.0.0/examples
cp haproxy.init /etc/init.d/haproxy
chmod +x /etc/init.d/haproxy
chkconfig --add haproxy
ln -s /usr/local/sbin/haproxy /usr/sbin/haproxy
Once configured, enable and start the service using the system controller.
systemctl enable haproxy
systemctl start haproxy
