Re: High Availability question
Thanks for the quick response Mike. Which option is it for passing the clients source IP? I haven't looked to configure anything like that. I realised my test harness was on both networks, i've now run the tests again with it just on the 10.x network while failing haproxy over a couple of times. I'm only getting a handful (out of 100 users) socket resets every time I fail it over. Looking at the routing table the source IP must be the haproxy servers as i'm unable to see the 10.x network from the backend servers. So haproxy is handling the whole request. Make sense? 2009/11/4 Michael Miller <"mm-haproxy"@aquaorange.net>: > Hi Matt, > > Sounds pretty straight forward. You don't make it clear if the HAProxy > servers are passing the client's source IP to the backends or not... > that could affect your return path routing. If your backends route out > back through the HA proxies, you might see asymmetric routing. If your > HAProxy instances are infact working as proxies (i.e. they initiate > connections to the backends themselves) then your setup should work fine! > > Regards, > Mike > > Matt wrote: >> Hi, >> >> I'm currently looking at setting up HA proxy in an Active/Active >> cluster and have the following set-up that appears to be working. >> Does anyone have any thoughts on this? or where there could be an >> issue with client -> backend traffic? >> >> Two HA Proxy servers running in a NAT type configuration, that is eth0 >> on 10.x and eth1 on 192.x range. >> Traffic comes in on two virtual IPs (managed by heartbeat/pacemaker) >> that are on the 10.x range and the backend servers are all on the >> 192.x range. >> >> In the haproxy config I have the frontends listening to all interfaces >> with *:80 and everything is in httpmode. The config is the same on >> both servers, so both haproxy load balancers balance to all backends. >> >> Could this be an issue? >> >> Failover seems to be really simple as I don't need to restart/reload >> the haproxy service as haproxy is already listening on that interface. >> >> I've run tests against both haproxy servers while failing over the >> virtual IP, and while connections to the failed haproxy get reset at >> the point of failover, new connections work fine. >> >> I was worried that there maybe some routing issues with this setup, >> anyone else done similar? >> >> Thanks, >> >> Matt >> >> >
High Availability question
Hi, I'm currently looking at setting up HA proxy in an Active/Active cluster and have the following set-up that appears to be working. Does anyone have any thoughts on this? or where there could be an issue with client -> backend traffic? Two HA Proxy servers running in a NAT type configuration, that is eth0 on 10.x and eth1 on 192.x range. Traffic comes in on two virtual IPs (managed by heartbeat/pacemaker) that are on the 10.x range and the backend servers are all on the 192.x range. In the haproxy config I have the frontends listening to all interfaces with *:80 and everything is in httpmode. The config is the same on both servers, so both haproxy load balancers balance to all backends. Could this be an issue? Failover seems to be really simple as I don't need to restart/reload the haproxy service as haproxy is already listening on that interface. I've run tests against both haproxy servers while failing over the virtual IP, and while connections to the failed haproxy get reset at the point of failover, new connections work fine. I was worried that there maybe some routing issues with this setup, anyone else done similar? Thanks, Matt
Re: Using HAProxy In Place of WCCP
On Wed, 4 Nov 2009 08:50:34 -0500, "John Lauro" wrote: > 1. In addition to mode tcp, you would also have to use transparent > mode in haproxy instead of having a firewall forward it to haproxy > (unless by firewall, he was planning on running tproxy mode on the > same box), otherwise the destination IP addresses would still be lost > when going from firewall to port 8080 on haproxy... All depends on loggin on proxies, because u could forward client ip using X-Forwarded-for and if that proxy can log it together with request that would be enougth. Ofc that req. HTTP mode Regards Mariusz -- Mariusz Gronczewski (XANi) GnuPG: 0xEA8ACE64 http://devrandom.pl signature.asc Description: PGP signature
RE: Using HAProxy In Place of WCCP
1. In addition to mode tcp, you would also have to use transparent mode in haproxy instead of having a firewall forward it to haproxy (unless by firewall, he was planning on running tproxy mode on the same box), otherwise the destination IP addresses would still be lost when going from firewall to port 8080 on haproxy... 2. Last I tried, logging in haproxy didn't keep track of all the IP and port numbers required to piece the streams back together to original source from a final destination, so not really as-is... but that would be a relatively easy change... and also assumes you have full logging in the firewall that forwards to haproxy... and can easily merge the two logs... From: XANi [mailto:xani...@gmail.com] Sent: Wednesday, November 04, 2009 8:30 AM To: John Lauro Cc: 'Dave'; haproxy@formilux.org Subject: Re: Using HAProxy In Place of WCCP On Wed, 4 Nov 2009 06:58:32 -0500, "John Lauro" wrote: > I see two potential issues (which may or may not be important for > you). > > > > 1. Non http 1.1 clients may have trouble (ie: they don't send > the host on the URL request, or if they are not really http but using > port 80). Yeah, for that to work you would have to use TCP mode so no tricks like hashing by URL to improve cache hit rate > 2. Back tracking if you get a complaint from some website (ie: > RIAA complaint) is going to be near impossible of determining who > accessed whatever. Wouldn't loggin in haproxy solve that ? Regards Mariusz
Re: Using HAProxy In Place of WCCP
On Wed, 4 Nov 2009 06:58:32 -0500, "John Lauro" wrote: > I see two potential issues (which may or may not be important for > you). > > > > 1. Non http 1.1 clients may have trouble (ie: they don't send > the host on the URL request, or if they are not really http but using > port 80). Yeah, for that to work you would have to use TCP mode so no tricks like hashing by URL to improve cache hit rate > 2. Back tracking if you get a complaint from some website (ie: > RIAA complaint) is going to be near impossible of determining who > accessed whatever. Wouldn't loggin in haproxy solve that ? Regards Mariusz signature.asc Description: PGP signature
RE: Using HAProxy In Place of WCCP
I see two potential issues (which may or may not be important for you). 1. Non http 1.1 clients may have trouble (ie: they don't send the host on the URL request, or if they are not really http but using port 80). 2. Back tracking if you get a complaint from some website (ie: RIAA complaint) is going to be near impossible of determining who accessed whatever. From: d...@opteqint.net [mailto:d...@opteqint.net] On Behalf Of Dave Sent: Wednesday, November 04, 2009 6:13 AM To: haproxy@formilux.org Subject: Using HAProxy In Place of WCCP Hi all, I'm busy investigating using HAProxy to balance traffic to a cache farm, in an environment which doesn't have WCCP. Are there any issues with attempting to use HAProxy to intercept internet traffic, and redirect it to a farm of caches as opposed to the default usage of HAProxy? My anticapted setup would be use to have a listen group on say port 8080, redirect port 80 traffic using a firewall to HAProxy and have it then send that HTTP traffic to a farm of cache devices. It seems like this should be pretty simple to setup, using the same type of setup you would use for just balancing a group of http servers? Is anyone using this or have you heard of it being used in such a way - I don't currently see any issues? Thanks in advance for your help Dave No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.424 / Virus Database: 270.14.29/2455 - Release Date: 11/03/09 19:38:00
Using HAProxy In Place of WCCP
Hi all, I'm busy investigating using HAProxy to balance traffic to a cache farm, in an environment which doesn't have WCCP. Are there any issues with attempting to use HAProxy to intercept internet traffic, and redirect it to a farm of caches as opposed to the default usage of HAProxy? My anticapted setup would be use to have a listen group on say port 8080, redirect port 80 traffic using a firewall to HAProxy and have it then send that HTTP traffic to a farm of cache devices. It seems like this should be pretty simple to setup, using the same type of setup you would use for just balancing a group of http servers? Is anyone using this or have you heard of it being used in such a way - I don't currently see any issues? Thanks in advance for your help Dave
Re: Mysql persistent tcp balance problem.
try http://linux.die.net/man/8/conntrackd