Introduction

HAProxy is free, open source software that provides a high availability load balancer and proxy server for TCP and HTTP-based applications. Its most common use is to improve the performance and reliability of a server environment by distributing the workload across multiple servers (e.g. web, application, database).

HAProxy Terminology

Before we get into the basic types of load balancing, we will talk about ACLs, backends, and frontends.

Access Control List (ACL)

In relation to load balancing, ACLs are used to test some condition and perform an action (e.g. select a server, or block a request) based on the test result. Use of ACLs allows flexible network traffic forwarding based on a variety of factors like pattern-matching and the number of connections to a backend. For example:

acl url_blog path_beg /blog

This ACL is matched if the path of a user’s request begins with /blog. This would match a request of https://frankindev.com/blog/post-url, for example.

Backend

A backend is a set of servers that receives forwarded requests. Backends are defined in the backend section of the HAProxy configuration. In its most basic form, a backend can be defined by:

• which load balance algorithm to use
• a list of server and ports

A backend can contain one or many servers in it - generally speaking, adding more servers to your backend will increase your potential load capacity by spreading the load over multiple servers.

Here is an example of a two backend configuration, web-backend and blog-backend with two web servers in each, listening on port 80:

backend web-backend
    balance roundrobin
    server web1 web1.example.com:80 check
    server web2 web2.example.com:80 check

backend blog-backend
    balance roundrobin
    mode http
    server blog1 blog1.example.com:80 check
    server blog2 blog2.example.com:80 check

Frontend

A frontend defines how requests should be forwarded to backends. Frontends are defined in the frontend section of the HAProxy configuration. Their definitions are composed of the following components:

• a set of IP addresses and a port (e.g. 127.0.0.1:8080, *:443, etc.)
• ACLs
• use_backend rules, which define which backend to use depending on which ACL conditions are matched, and/or a default_backend rule that handles every other case

A frontend can be configured to various types of network traffic.

Types of Load Balancing

No Load Balancing

Without load balancing, the user connects directly to your web server. If your single web server goes down, the user will no longer be able to access your web server. Additionally, if many users are trying to access your server simultaneously and it is unable to handle the load, they may have a slow experience or they may not be able to connect at all.

Layer 4 Load Balancing

The simplest way to load balance network traffic to multiple servers is to use layer 4 (transport layer) load balancing. Load balancing in this way will forward user traffic based on IP range and port. For example, if a request comes in for http://example.com/anything, the traffic will be forward to the backend that handles all the requests for example.com on port 80.

The user accesses the load balancer, which forwards the user’s request to the web-backend group of backend server. Whichever backend server is selected will respond directly to the user’s request. Generally, all of the servers in the web-backend should be serving identical content - otherwise the user might receive inconsistent content. Note that both web servers connect to the same database server.

Layer 7 Load Balancing

Another, more complex way to load balance network traffic is to use layer 7 (application layer) load balancing. Using layer 7 allows the load balancer to forward requests to different backend servers based on the content of the user’s request. This mode of load balancing allows you to run multiple web application servers under the same domain and port.

If a user requests example.com/blog, they are forwarded to the blog backend, which is a set of servers that run a blog application.

A snippet of the example frontend configuration would look like this:

frontend http
    bind *:80
    mode http

    acl url_blog path_beg /blog
    use_backend blog-backend if url_blog

    default_backend web-backend

This configures a frontend named http, which handles all incoming traffic on port 80.

acl url_blog path_beg /blog matches a request if the path of the user’s request begins with /blog.

use_backend blog-backend if url_blog uses the ACL to proxy the traffic to blog-backend.

default_backend web-backend specifies that all other traffic will be forwarded to web-backend.

Load Balancing Algorithms

The load balancing algorithm that is used determines which server, in a backend, will be selected when load balancing. HAProxy offers several options for algorithms. In addition to the load balancing algorithm, servers can be assigned a weight parameter to manipulate how frequently the server is selected, compared to other servers.

A few of the commonly used algorithms are as follows:

• roundrobin

  Round Robin selects servers in turns. This is the default algorithm.

• leastconn

  Selects the server with the least number of connections - it is recommended for longer sessions. Servers in the same backend are also rotated in a round-robin fashion.

• source

  This selects which server to use based on a hash of the source IP i.e. your user’s IP address. This is one method to ensure that a user will connect to the same server.

Sticky Sessions

Some applications require that a user continues to connect to the same backend server. This persistence is achieved through sticky sessions, using the appsession parameter in the backend that requires it.

Health Check

HAProxy uses health checks to determine if a backend server is available to process requests. This avoids having to manually remove a server from the backend if it becomes unavailable. The default health check is to try to establish a TCP connection to the server - it checks if the backend server is listening on the configured IP address and port.

If a server fails a health check, and therefore is unable to serve requests, it is automatically disabled in the backend - traffic will not be forwarded to it until it becomes healthy again. If all servers in a backend fail, the service will become unavailable until at least one of those backend servers becomes healthy again.

For certain types of backends, like database servers in certain situations, the default health check is insufficient to determine whether a server is still healthy.

High Availability

The layer 4 and 7 load balancing setups described before both use a load balancer to direct traffic to one of many backend servers. However, your load balancer is a single point of failure in these setups; if it goes down or gets overwhelmed with requests, it can cause high latency or downtime for your service.

A high availability (HA) setup is an infrastructure without a single point of failure. It prevents a single server failure from being a downtime event by adding redundancy to every layer of your architecture. A load balancer facilitates redundancy for the backend layer (web/app servers), but for a true high availability setup, you need to have redundant load balancers as well.

Well, this is a very basic understanding of load balancing and know of a few ways that HAProxy facilitate the load balancing needs. Now its time to get started on improving the performance and reliability of your own server environment.