{"id":7331,"date":"2016-05-20T11:13:33","date_gmt":"2016-05-20T11:13:33","guid":{"rendered":"http:\/\/www.esds.co.in\/blog\/?p=7331"},"modified":"2019-01-25T09:03:48","modified_gmt":"2019-01-25T09:03:48","slug":"how-load-balancing-works","status":"publish","type":"post","link":"https:\/\/www.esds.co.in\/blog\/how-load-balancing-works\/","title":{"rendered":"Load Balancing with HAProxy for High-Availability"},"content":{"rendered":"<p><a href=\"https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2016\/05\/learn-the-art-of-load-balancing.gif\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-7340\" src=\"https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2016\/05\/learn-the-art-of-load-balancing.gif\" alt=\"learn-the-art-of-load-balancing\" width=\"600\" height=\"436\" \/><\/a><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_76 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.esds.co.in\/blog\/how-load-balancing-works\/#1_Supports_encryption_SSL\" >1) Supports encryption (SSL)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.esds.co.in\/blog\/how-load-balancing-works\/#2_Extended_support_for_IPv6_UNIX_Sockets\" >2) Extended support for IPv6 &amp; UNIX Sockets<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.esds.co.in\/blog\/how-load-balancing-works\/#3_End-to-End_HTTPS_keep-alive\" >3) End-to-End HTTPS keep-alive<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.esds.co.in\/blog\/how-load-balancing-works\/#4_HAProxy_Terminology\" >4) HAProxy Terminology<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.esds.co.in\/blog\/how-load-balancing-works\/#5_ACL_Access_Control_List\" >5) ACL (Access Control List)<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.esds.co.in\/blog\/how-load-balancing-works\/#ACL_Example\" >ACL Example:<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.esds.co.in\/blog\/how-load-balancing-works\/#6_Backend\" >6) Backend<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.esds.co.in\/blog\/how-load-balancing-works\/#7_Frontend\" >7) Frontend<\/a><\/li><\/ul><\/nav><\/div>\n\n<p style=\"text-align: justify;\">HAProxy, a popular open source application developed to implement High-Availability load balancing solution for websites that attracts massive traffic. HAProxy is well-known for its stability, reliability and performance in terms of CPU and memory usage. It is widely used by high-traffic websites such as Tumblr, Twitter, Stack Overflow, GitHub, etc\u2026<\/p>\n<p style=\"text-align: justify;\">Although, HAProxy is primarily famous for a HTTP and TCP load balancing, but the possibilities offered by this application make is like a \u201c<strong>Swiss Army Knife<\/strong>\u201d to deal with high loads on web\/databases.<\/p>\n<p style=\"text-align: justify;\">As mentioned above, HAProxy stands for High Availability Proxy and a standard choice for TCP\/HTTP Load Balancer and Proxying solution and can be run on Linux, Solaris and FreeBSD machines. The primary objective of HAProxy is to enhance the performance and consistency of a server cluster by distributing the load through several servers (for an example, web applications, databases, etc\u2026).<\/p>\n<p style=\"text-align: justify;\">In addition, reliability and performance make it a major asset in a server cluster. In this article, we will see some examples to understand how we could combine high-availability hardware and software to increase the overall performance and stability of your website.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"1_Supports_encryption_SSL\"><\/span>1) Supports encryption (SSL)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>HAProxy supports client-side SSL encryption as server side.<\/p>\n<p style=\"text-align: justify;\">To do this we can add *bind* to the standard SSL port, i.e. 443 and let HAProxy know where exactly the<a href=\"https:\/\/www.esds.co.in\/blog\/understanding-ssl-communication\/#sthash.Cdv948No.dpbs\"><strong> SSL certificates<\/strong><\/a> are:<\/p>\n<pre style=\"font-family: monospace; font-size: 0.99em; width: 90%; height: 15%; border: green 2px solid; color: yellow; background-color: #000000;\">bind: 443 ssl crt \/etc\/haproxy\/site.pem\r\nhttp mode\r\n10.0.0.1:443 server_name1  ssl verify check \r\n10.0.0.2:443 server_name2  ssl verify check<\/pre>\n<p style=\"text-align: justify;\">It manages many extensions to TLS, such as NIS, NPN \/ ALPN and OCSP, including the validation of server side certificates and client side certificates.<\/p>\n<pre style=\"font-family: monospace; font-size: 0.99em; width: 90%; height: 5%; border: green 2px solid; color: yellow; background-color: #000000;\">Bind 192.168.10.1:443 ssl ca .\/server.pem crt-file .\/ca.crt verify required<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"2_Extended_support_for_IPv6_UNIX_Sockets\"><\/span><strong>2) Extended support for IPv6 &amp; UNIX Sockets<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>It is possible to use either IPv4 or IPv6 or the socket UNIX client side as server side:<\/p>\n<pre style=\"font-family: monospace; font-size: 0.99em; width: 90%; height: 15%; border: green 2px solid; color: yellow; background-color: #000000;\">listen mysql_proxy\r\n\/var\/tmp\/mysql.sock bind mysql user guide 666 \r\nfashion tcp\r\noption mysql-check user haproxy post-41\r\nmysql server check 192.168.10.100:3306 maxconn 200\r\nserver mysql_slave fe80: 482: a200 :: Coffee: e8ff: FE65: a: 3306 check backup\r\n<\/pre>\n<h3><span class=\"ez-toc-section\" id=\"3_End-to-End_HTTPS_keep-alive\"><\/span><strong>3) End-to-End HTTPS keep-alive<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\">The keep-alive is to successively pass multiple HTTP requests in the same TCP request. In general, a full web architecture, somewhat there are several services with special roles. For example, authentication service, service for dynamic content, another for static resources, etc\u2026<\/p>\n<p style=\"text-align: justify;\">The main purpose is HAProxy must inspect each request to determine what service to send. So far, the keep-alive from start to finish did not allow the inspection of the first query and therefore several times administrators spent hours wondering why such a request did not come to the right place.<\/p>\n<p>This why the option *<strong>http-server-close<\/strong>* is present to the keep-alive (client-side only), and often used. This problem is now solved.<\/p>\n<p style=\"text-align: justify;\">In addition to the overhead network, the keep-alive server side is important because some web servers do not use a chunk if it is turned off (though, this problem is managed by the option *<strong>http-pretend-keepalive<\/strong>*).<\/p>\n<h3><span class=\"ez-toc-section\" id=\"4_HAProxy_Terminology\"><\/span><strong>4) HAProxy Terminology<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\">While talking about load balancing and Proxying it is essential to first understand some key terms and models. Hence, we will discuss all those commonly used terms to make your journey easy. However, before the leap into the basic types of load balancing, first, we will see ACLs, backends, and frontends.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"5_ACL_Access_Control_List\"><\/span><strong>5) ACL (Access Control List)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\">In relation to load balancing, ACLs are primarily used to test a number of settings and execute an action such as server selection or blocking a request) on the basis of the test result. Using ACL also allows flexible network traffic forwarding constructed on various factors such as equivalent configuration and the number of connections to a backend.<\/p>\n<h4><span class=\"ez-toc-section\" id=\"ACL_Example\"><\/span><strong>ACL Example:<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h4>\n<pre style=\"font-family: monospace; font-size: 0.99em; width: 99%; height: 5%; border: green 2px solid; color: yellow; background-color: #000000;\">acl url_blog path_beg \/blog<\/pre>\n<p style=\"text-align: justify;\">For example, if the path of a user\u2019s request starts with \/blog that means this ACL is matched. This would also equal a request of http:\/\/domain.com\/blog\/blog-post-1.<\/p>\n<p style=\"text-align: justify;\">In addition, a direct consequence of improved catch opportunities is that it is now possible to create access control lists (ACLs) on all catchable data.<\/p>\n<pre style=\"font-family: monospace; font-size: 0.99em; width: 99%; height: 5%; border: green 2px solid; color: yellow; background-color: #000000;\">acl hello payload (0.6) -m bin 48656c6c6f0a<\/pre>\n<p><strong>We can also use variables:<\/strong><\/p>\n<pre style=\"font-family: monospace; font-size: 0.99em; width: 99%; height: 5%; border: green 2px solid; color: yellow; background-color: #000000;\">http-request redirect code 301 rental www.% [HDR (host)]% [req.uri] \\\r\nUNLESS {hdr_beg (host) -i www}\r\n<\/pre>\n<p>For more information on ACL procedure, access HAProxy Configuration Manual &#8211; http:\/\/cbonte.github.io\/haproxy-dconv\/index.html<\/p>\n<h3><span class=\"ez-toc-section\" id=\"6_Backend\"><\/span>6) Backend<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p style=\"text-align: justify;\">A server cluster that receives forwarded requests. It is well-defined in the particular section of configuration, which is normally called as \u201cbackend section\u201d. Basically, it can be defined by:<\/p>\n<ul>\n<li>Which load balancing algorithm to use<\/li>\n<li>List of server and ports<\/li>\n<\/ul>\n<p style=\"text-align: justify;\">It can contain one or more servers and you can also add more to increase the capacity of load distribution across multiple servers. Through this way it is also possible to improve reliability as in the case of a number of servers suddenly becomes no longer available.<\/p>\n<p style=\"text-align: justify;\">To understand this in a better way, here will take an example of two configurations. Each one contains two servers and both listening on port 80:<\/p>\n<pre style=\"font-family: monospace; font-size: 0.99em; width: 99%; height: 5%; border: green 2px solid; color: yellow; background-color: #000000;\">backend web-backend\r\nloadbalance roundrobin\r\nserver server_name1 server_name1.domain.com:80 check\r\nserver server_name2 server_name2.domain.com:80 check\r\n<\/pre>\n<pre style=\"font-family: monospace; font-size: 0.99em; width: 99%; height: 5%; border: green 2px solid; color: yellow; background-color: #000000;\">backend blog-backend\r\nloadbalance roundrobin\r\nmode http\r\nserver db1 db1.domain.com:80 check\r\nserver db1 db2.yourdomain.com:80 check\r\n<\/pre>\n<p>The check states that the health checks should be done on backend servers.<\/p>\n<p><strong>The mode http states that layer 7 load-balancing will be used. We will see more details of Load balancing types in next phase of article\u2026<\/strong><\/p>\n<h3><span class=\"ez-toc-section\" id=\"7_Frontend\"><\/span><strong>7) Frontend<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Describes in which way requests need to be forwarded. They are defined by:<\/p>\n<ul>\n<li>A set of IP and a Port<\/li>\n<li>Access Control Lists<\/li>\n<li>Use_backend rules (what backend to use)<\/li>\n<\/ul>\n<p>In addition, it can also be formed for various types of network traffic that we will see in the next part\u2026<\/p>\n<p>Reference: https:\/\/github.com\/joyeecheung\/my-tech-diary\/blob\/master\/2015\/09\/2015-09-09.md<\/p>\n","protected":false},"excerpt":{"rendered":"<p>HAProxy is primarily famous for a HTTP and TCP load balancing, but the possibilities offered by this application make is like a \u201cSwiss Army Knife\u201d to deal with high loads on web\/databases. Let&#8217;s dig deeper in this subject&#8230;<\/p>\n","protected":false},"author":26,"featured_media":7352,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1559],"tags":[1473,1470,1471,1472],"class_list":["post-7331","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-leaders-talk","tag-high-availability","tag-how-load-balancer-works","tag-how-load-balancing-works","tag-load-balancing-with-haproxy"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/7331","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/comments?post=7331"}],"version-history":[{"count":17,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/7331\/revisions"}],"predecessor-version":[{"id":8821,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/7331\/revisions\/8821"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media\/7352"}],"wp:attachment":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media?parent=7331"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/categories?post=7331"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/tags?post=7331"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}