Re: HAProxy in Amazon EC2 in peer mode
Hi, This kind of scenario is really dependent from your configuration. Basically, you want to configure HAProxy to load-balance SSL services hosted by your application servers. Persistence based on SSLID into HAProxy, sharing the stick-table between both haproxy. This may work, but be carefull with the peers section, since your LB will change their IP addresses each time they'll reboot... cheers On Tue, Feb 7, 2012 at 1:56 AM, Mir Islam mis...@mirislam.com wrote: Hi, I am thinking of the following scenario to implement in AWS. Two HAProxies with SSL stickiness, TCP pass through and in peer mode. Using Amazon ELB to do round robin load balance between the two server. Basically the idea is to create automatic failover for HA proxy servers. Theoretically it should work since both of the servers have the same session information. Am I wrong on this assumption? Thanks Mir
Re: HAProxy in Amazon EC2 in peer mode
You can also write a script that gather instances' data (using the EC2 APIs) in order to get the IPs. That way you can update the HAProxy configuration files when a change in your setup occurs. Cheers, Michele On Feb 8, 2012, at 5:33 PM, Mir Islam wrote: Right, the internal IP changes since it is on DHCP. But I was thinking of assigning static IP (EIP in Amazon term) to the HAProxies. And then refer to each other via those EIP. Here is a quick and dirty diagram of howI am thinking of implementing. Ofcourse the main cost is the static IP addresses that I have to get from Amazon.
Re: HAProxy in Amazon EC2 in peer mode
Just in case anyone was following in my effort to get HAProxy running in EC2. The peers mode will not work in EC2 because the IP address identified in the peer section must be an ip which is bound to the interface. I could not find a way to bypass it. Since the static IP assigned in EC2 are not really bound to the interfaces on the vm itself, it appears for the time being it is not possible to run in peer mode with static IP. It is possible to use the internal 10.x.x.x IP assigned by Amazon but that may change after a reboot. Oh, well I guess it is what it is. On Feb 8, 2012, at 7:33 AM, Mir Islam wrote: On Feb 8, 2012, at 2:49 AM, Baptiste wrote: Hi, This kind of scenario is really dependent from your configuration. Basically, you want to configure HAProxy to load-balance SSL services hosted by your application servers. That is correct. Persistence based on SSLID into HAProxy, sharing the stick-table between both haproxy. Right, that way any one of the pair of HAProxy server would know where to send the request from client. This may work, but be carefull with the peers section, since your LB will change their IP addresses each time they'll reboot... Right, the internal IP changes since it is on DHCP. But I was thinking of assigning static IP (EIP in Amazon term) to the HAProxies. And then refer to each other via those EIP. Here is a quick and dirty diagram of howI am thinking of implementing. Ofcourse the main cost is the static IP addresses that I have to get from Amazon. Thanks Baptiste. PastedGraphic-1.pdf cheers On Tue, Feb 7, 2012 at 1:56 AM, Mir Islam mis...@mirislam.com wrote: Hi, I am thinking of the following scenario to implement in AWS. Two HAProxies with SSL stickiness, TCP pass through and in peer mode. Using Amazon ELB to do round robin load balance between the two server. Basically the idea is to create automatic failover for HA proxy servers. Theoretically it should work since both of the servers have the same session information. Am I wrong on this assumption? Thanks Mir
Re: HAProxy in Amazon EC2 in peer mode
welcome to the cloud :) On Thu, Feb 9, 2012 at 2:26 AM, Mir Islam mis...@mirislam.com wrote: Just in case anyone was following in my effort to get HAProxy running in EC2. The peers mode will not work in EC2 because the IP address identified in the peer section must be an ip which is bound to the interface. I could not find a way to bypass it. Since the static IP assigned in EC2 are not really bound to the interfaces on the vm itself, it appears for the time being it is not possible to run in peer mode with static IP. It is possible to use the internal 10.x.x.x IP assigned by Amazon but that may change after a reboot. Oh, well I guess it is what it is. On Feb 8, 2012, at 7:33 AM, Mir Islam wrote: On Feb 8, 2012, at 2:49 AM, Baptiste wrote: Hi, This kind of scenario is really dependent from your configuration. Basically, you want to configure HAProxy to load-balance SSL services hosted by your application servers. That is correct. Persistence based on SSLID into HAProxy, sharing the stick-table between both haproxy. Right, that way any one of the pair of HAProxy server would know where to send the request from client. This may work, but be carefull with the peers section, since your LB will change their IP addresses each time they'll reboot... Right, the internal IP changes since it is on DHCP. But I was thinking of assigning static IP (EIP in Amazon term) to the HAProxies. And then refer to each other via those EIP. Here is a quick and dirty diagram of howI am thinking of implementing. Ofcourse the main cost is the static IP addresses that I have to get from Amazon. Thanks Baptiste. PastedGraphic-1.pdf cheers On Tue, Feb 7, 2012 at 1:56 AM, Mir Islam mis...@mirislam.com wrote: Hi, I am thinking of the following scenario to implement in AWS. Two HAProxies with SSL stickiness, TCP pass through and in peer mode. Using Amazon ELB to do round robin load balance between the two server. Basically the idea is to create automatic failover for HA proxy servers. Theoretically it should work since both of the servers have the same session information. Am I wrong on this assumption? Thanks Mir
Re: haproxy at amazon
On Tuesday 20 of September 2011 02:02:27 Dean Hiller wrote: We are running haproxy at amazon and running some load tests and seem to be hitting some bottleneck between haproxy and webservers or haproxy itself. How can you tell when haproxy is maxed out? Will cpu hit 100% or is it some other characteristic? our cpu is 4% and I only have 10 webservers and 10 clients, and my 10 clients generate about 1000 requests/second each on a socket and each one is stateless independent of the other, no session is saved at all. If you configure it correctly (haproxy bound to some specific core, network interrupts to some other core sharing L2 cache with haproxy core), you should see 100% on haproxy core (70% system, 30% user if running in L7 with few acls and rewrites) and around 25% on core servicing network interrupts. In full http tunneling mode you should see both cores saturated ad 100%. You should check traffic on your haproxy host both ways using tcpdump. Regards, Brane
Re: haproxy and amazon
Hi Julien, On Fri, Jun 24, 2011 at 07:57:00AM -0400, Julien Vehent wrote: On Thu, 23 Jun 2011 16:16:59 +0200, Baptiste wrote: Hi gents, I'm looking for people who use haproxy on an amazon server. I'm more interested by the number of hit/s you could get. Compared to our multi-tomcat-jboss-ultra-threaded-and-locked application (that doesn't seem to like EC2 too much), Haproxy is running like a charm up there. As of hit/s, well, I've never managed to saturate haproxy before saturating everything else in the chain, so I can't tell you. My (limited) experience of EC2 showed me that the bottleneck are essentially a limited number of CPU (although quite beefy and not applicable to haproxy), the EBS storage (also not applicable) and, if you're not in a VPC, the network. If you have issues with the latest, try running in a VPC, it seems that we are reaching between 1 and 1.5 gbps between instances in that env. From what I observed a few years ago, the limiting factor was not much the data rate but the packet rate. At that time it was hard, maybe impossible, to get more than 4-6k connections per second. It is possible that things have improved a bit since though. Still that's very low compared to real hardware, as a 7-Watt Atom CPU performs equally. Cheers, Willy
Re: haproxy and amazon
On Thu, 23 Jun 2011 16:16:59 +0200, Baptiste wrote: Hi gents, I'm looking for people who use haproxy on an amazon server. I'm more interested by the number of hit/s you could get. Compared to our multi-tomcat-jboss-ultra-threaded-and-locked application (that doesn't seem to like EC2 too much), Haproxy is running like a charm up there. As of hit/s, well, I've never managed to saturate haproxy before saturating everything else in the chain, so I can't tell you. My (limited) experience of EC2 showed me that the bottleneck are essentially a limited number of CPU (although quite beefy and not applicable to haproxy), the EBS storage (also not applicable) and, if you're not in a VPC, the network. If you have issues with the latest, try running in a VPC, it seems that we are reaching between 1 and 1.5 gbps between instances in that env. Julien
Re: haproxy and amazon
On Thu, 23 Jun 2011 16:16:59 +0200, Baptiste wrote: Hi gents, I'm looking for people who use haproxy on an amazon server. I'm more interested by the number of hit/s you could get. Compared to our multi-tomcat-jboss-ultra-threaded-and-locked application (that doesn't seem to like EC2 too much), Haproxy is running like a charm up there. As of hit/s, well, I've never managed to saturate haproxy before saturating everything else in the chain, so I can't tell you. My (limited) experience of EC2 showed me that the bottleneck are essentially a limited number of CPU (although quite beefy and not applicable to haproxy), the EBS storage (also not applicable) and, if you're not in a VPC, the network. If you have issues with the latest, try running in a VPC, it seems that we are reaching between 1 and 1.5 gbps between instances in that env. Julien
Re: haproxy and amazon
Hi Malcolm and Julien Thanks a lot for your answers. Very appreciated :) cheers
