When using TCP load balancing with HAProxy, does all outbound traffic flow through the LB?
Solution 1
HAProxy (like many load balancers) generally maintain two conversations. The Proxy has a session (tcp in this case) with the client, and another session with the server. Therefore with proxies you end up seeing 2x the connections on the load balancer. Therefore all traffic flows through the load balancer.
When it comes to scaling across multiple load balancers I don't think you need to. But a practical and fairly easy way to do this is use something like keepalived with two floating IPs and round robin DNS between those two IPs. With keepalived, if one of the load balancers goes down the other would hold both IPs, so you get high availability this way. That being said, I think you will be fine with one active haproxy instance with your load.
HAProxy scales very well. An an example, the Stack Exchange network use web sockets which maintain open TCP connections. While I am posting this we have 143,000 established TCP sockets on a VMware virtual machine with no issues. The CPU usage on the VM is around 7%.
With this sort of setup with HAProxy make sure you set maxconn high enough. Here is some example HAProxy config to get you started:
frontend fe_websockets
bind 123.123.123.123:80
mode tcp
log global
option tcplog
timeout client 3600s
backlog 4096
maxconn 50000
default_backend be_nywebsockets
backend be_nywebsockets
mode tcp
option log-health-checks
option redispatch
option tcplog
balance roundrobin
server web1 10.0.0.1:1234
server web2 10.0.0.2:1234
timeout connect 1s
timeout queue 5s
timeout server 3600s
Solution 2
Yes, all traffic should normally pass through the load balancer. The requests are received by the load balancer and the responses are sent back to the load balancer which sends them back to the clients.
For choosing the right tool, I don't have much experience about the other options. I am using haproxy and it is really good and stable and can handle a large amount of traffic. Also, its ACLs capabilities are great.
Solution 3
There is a possibility to use and configure DSR (Direct Server Return) but this has nothing to do with the Loadbalancer but is configured in the tcp-stack (routing tables). We've been using this for a large video streaaming portal. Although it works it will give you significant amounts of headache regarding the complexity of routing necessary.
Thus I would not recommend to use this technique without considering use and drawbacks very thoroughly.
Maybe there are some hints to get started there:
- http://www.remsys.com/blog/configuring-dsr-on-the-alteon-load-balancers
- http://community.brocade.com/docs/DOC-1650
Have fun!
user122875
Updated on September 18, 2022Comments
-
user122875 almost 2 years
I am setting up an app to be hosted using VMs(probably amazon, but that is not set in stone) which will require both HTTP load balancing and load balancing a large number(50k or so if possible) of persistant TCP connections. The amount of data is not all that high, but updates are frequent.
Right now I am evaluating load balancers and am a bit confused about the architecture of HAProxy. If I use HAProxy to balance the TCP connections, will all the resulting traffic have to flow through the load balancer? If so, would another solution(such as LVS or even nginx_tcp_proxy_module) be a better fit?
-
DanC about 12 yearsthat 143,000 - is that still talking about the web-sockets? or is that other things too?
-
Kyle Brandt about 12 years@MarcGravell: Virtually all web sockets. Keep in mind that this is 2x though as I said in my introduction, so the web sockets servers would see a total of ~70k -
Continuation about 12 years@Kyle - Any reasons why you need web sockets and persistent TCP connections? This website doesn't seem to have any real-time features that would require that.
-
Kyle Brandt about 12 years@Continuation: There are a good amount of real time features including Inbox notifications, votes, edits, new comments / answers / questions. Not sure if they are only enabled for users with a certain rep limit off hand, if you don't see them you could inquire on meta.stackoverflow.com
-
Mxx about 12 years@KyleBrandt, why do you have 1:1 ratio of browser and server connections? Can't you keepalive a smaller fixed number of persistent connections between haproxy and servers and 'tunnel' all the requests through those?
-
Kyle Brandt about 12 years@mxx: That is usually called connection pooling (common between an app and its sql backend for example). The main advantage of that with SQL is that it can save time by bypassing connection creation and tear down. Don't see a big advantage here since these are long lived connections already. Also, wouldn't really work with generic TCP, see comments.gmane.org/gmane.comp.web.haproxy/1402
-
cutsoy over 11 yearsKinda off-topic: are your backend servers aware of the original IPs, or are they only seeing the LB's IP? -
Kyle Brandt over 11 years@TimvanElsloo: The network stack will the load balancers IPs, if you add
option forwardforHAProxy will add an HTTP header, X-Forwarded-For IIRC, with the original IP. -
cutsoy over 11 years@KyleBrandt does that work in TCP-mode too?
-
Suresh over 7 years@KyleBrandt My understanding is, tcp can have a max of 65535 ephemeral ports for tcp connection on a single interface. How is this achieved? Is your server listening on multiple IP address?
