19

I am setting up an app to be hosted using VMs(probably amazon, but that is not set in stone) which will require both HTTP load balancing and load balancing a large number(50k or so if possible) of persistant TCP connections. The amount of data is not all that high, but updates are frequent.

Right now I am evaluating load balancers and am a bit confused about the architecture of HAProxy. If I use HAProxy to balance the TCP connections, will all the resulting traffic have to flow through the load balancer? If so, would another solution(such as LVS or even nginx_tcp_proxy_module) be a better fit?

user122875
  • 209
  • 1
  • 2
  • 5

3 Answers3

34

HAProxy (like many load balancers) generally maintain two conversations. The Proxy has a session (tcp in this case) with the client, and another session with the server. Therefore with proxies you end up seeing 2x the connections on the load balancer. Therefore all traffic flows through the load balancer.

When it comes to scaling across multiple load balancers I don't think you need to. But a practical and fairly easy way to do this is use something like keepalived with two floating IPs and round robin DNS between those two IPs. With keepalived, if one of the load balancers goes down the other would hold both IPs, so you get high availability this way. That being said, I think you will be fine with one active haproxy instance with your load.

HAProxy scales very well. An an example, the Stack Exchange network use web sockets which maintain open TCP connections. While I am posting this we have 143,000 established TCP sockets on a VMware virtual machine with no issues. The CPU usage on the VM is around 7%.

With this sort of setup with HAProxy make sure you set maxconn high enough. Here is some example HAProxy config to get you started:

frontend fe_websockets
        bind 123.123.123.123:80
        mode tcp
        log global
        option tcplog
        timeout client 3600s
        backlog 4096
        maxconn 50000
        default_backend be_nywebsockets

backend be_nywebsockets
        mode  tcp
        option log-health-checks
        option redispatch
        option tcplog
        balance roundrobin
        server web1 10.0.0.1:1234
        server web2 10.0.0.2:1234
        timeout connect 1s
        timeout queue 5s
        timeout server 3600s
Kyle Brandt
  • 82,107
  • 71
  • 302
  • 444
  • that 143,000 - is that still talking about the web-sockets? or is that other things too? – Marc Gravell May 30 '12 at 13:49
  • @MarcGravell: Virtually all web sockets. Keep in mind that this is 2x though as I said in my introduction, so the web sockets servers would see a total of ~70k – Kyle Brandt May 30 '12 at 13:52
  • @Kyle - Any reasons why you need web sockets and persistent TCP connections? This website doesn't seem to have any real-time features that would require that. – Continuation Jun 02 '12 at 05:03
  • @Continuation: There are a good amount of real time features including Inbox notifications, votes, edits, new comments / answers / questions. Not sure if they are only enabled for users with a certain rep limit off hand, if you don't see them you could inquire on meta.stackoverflow.com – Kyle Brandt Jun 04 '12 at 17:28
  • @KyleBrandt, why do you have 1:1 ratio of browser and server connections? Can't you keepalive a smaller fixed number of persistent connections between haproxy and servers and 'tunnel' all the requests through those? – Mxx Jun 08 '12 at 20:53
  • @mxx: That is usually called connection pooling (common between an app and its sql backend for example). The main advantage of that with SQL is that it can save time by bypassing connection creation and tear down. Don't see a big advantage here since these are long lived connections already. Also, wouldn't really work with generic TCP, see http://comments.gmane.org/gmane.comp.web.haproxy/1402 – Kyle Brandt Jun 09 '12 at 14:12
  • Kinda off-topic: are your backend servers aware of the original IPs, or are they only seeing the LB's IP? – cutsoy Mar 05 '13 at 16:46
  • @TimvanElsloo: The network stack will the load balancers IPs, if you add `option forwardfor` HAProxy will add an HTTP header, X-Forwarded-For IIRC, with the original IP. – Kyle Brandt Mar 05 '13 at 18:29
  • 1
    @KyleBrandt does that work in TCP-mode too? – cutsoy Mar 05 '13 at 19:04
  • @KyleBrandt My understanding is, tcp can have a max of 65535 ephemeral ports for tcp connection on a single interface. How is this achieved? Is your server listening on multiple IP address? – Suresh Nov 17 '16 at 20:10
2

Yes, all traffic should normally pass through the load balancer. The requests are received by the load balancer and the responses are sent back to the load balancer which sends them back to the clients.

For choosing the right tool, I don't have much experience about the other options. I am using haproxy and it is really good and stable and can handle a large amount of traffic. Also, its ACLs capabilities are great.

Khaled
  • 35,688
  • 8
  • 69
  • 98
2

There is a possibility to use and configure DSR (Direct Server Return) but this has nothing to do with the Loadbalancer but is configured in the tcp-stack (routing tables). We've been using this for a large video streaaming portal. Although it works it will give you significant amounts of headache regarding the complexity of routing necessary.

Thus I would not recommend to use this technique without considering use and drawbacks very thoroughly.

Maybe there are some hints to get started there:

Have fun!

Andreas Balg
  • 21
  • 1