HA proxy

Load balancing can be performed at various layers in the Open Systems Interconnection (OSI) Reference Model for networking. Here we offer an overview of two load balancing options at two different layers in the model.

Differences Between Layer 4 and Layer 7 Load Balancing

Layer 4 load balancing operates at the intermediate transport layer, which deals with delivery of messages with no regard to the content of the messages. Transmission Control Protocol (TCP) is the Layer 4 protocol for Hypertext Transfer Protocol (HTTP) traffic on the Internet. Layer 4 load balancers simply forward network packets to and from the upstream server without inspecting the content of the packets. They can make limited routing decisions by inspecting the first few packets in the TCP stream.

Layer 7 load balancing operates at the high-level application layer, which deals with the actual content of each message. HTTP is the predominant Layer 7 protocol for website traffic on the Internet. Layer 7 load balancers route network traffic in a much more sophisticated way than Layer 4 load balancers, particularly applicable to TCP-based traffic such as HTTP. A Layer 7 load balancer terminates the network traffic and reads the message within. It can make a load-balancing decision based on the content of the message (the URL or cookie, for example). It then makes a new TCP connection to the selected upstream server (or reuses an existing one, by means of HTTP keepalives) and writes the request to the server.

Benefits of Layer 7 Load Balancing

Layer 7 load balancing is more CPU-intensive than packet-based Layer 4 load balancing, but rarely causes degraded performance on a modern server. Layer 7 load balancing enables the load balancer to make smarter load-balancing decisions, and to apply optimizations and changes to the content (such as compression and encryption). It uses buffering to offload slow connections from the upstream servers, which improves performance.

A device that performs Layer 7 load balancing is often referred to as a reverse-proxy server.

An Example of Layer 7 Load Balancing

Let’s look at a simple example. A user visits a high-traffic website. Over the course of the user’s session, he or she might request static content such as images or video, dynamic content such as a news feed, and even transactional information such as order status. Layer 7 load balancing allows the load balancer to route a request based on information in the request itself, such as what kind of content is being requested. So now a request for an image or video can be routed to the servers that store it and are highly optimized to serve up multimedia content. Requests for transactional information such as a discounted price can be routed to the application server responsible for managing pricing. With Layer 7 load balancing, network and application architects can create a highly tuned and optimized server infrastructure or application delivery network that is both reliable and efficiently scales to meet demand.
Layer 4 load balancing is the most simplistic method of balancing traffic over a network across multiple servers. The simplicity of it means lightning fast balancing with minimal hardware. However, with that simplicity comes limitations. The biggest knock against this method of balancing is every web server must host the exact same content; otherwise, the user experience will change for every user and everytime someone accesses your content.

The figure below visualizes how a web application is balanced using layer 4. As an incoming request for your domain comes in, it lands on your balancer first. The load balancer’s job is to then forward the request to one of the web servers in the backend. If your application stores content in a database, as depicted in the figure, each web server must connect to the same database.

[root@haproxy ~]# hostname
haproxy.rafi.com
====================================================================================
[root@haproxy ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:1a:8c:8d brd ff:ff:ff:ff:ff:ff
inet 192.168.122.229/24 brd 192.168.122.255 scope global eth1
inet6 fe80::5054:ff:fe1a:8c8d/64 scope link
valid_lft forever preferred_lft forever
====================================================================================
[root@haproxy ~]# yum install haproxy
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: centos.excellmedia.net
* epel: mirror.wanxp.id
* extras: centos.excellmedia.net
* updates: centos.excellmedia.net
Resolving Dependencies
–> Running transaction check
—> Package haproxy.x86_64 0:1.5.4-3.el6 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================================================
Package Arch Version Repository Size
================================================================================================================================================
Installing:
haproxy x86_64 1.5.4-3.el6 base 792 k

Transaction Summary
================================================================================================================================================
Install 1 Package(s)

Total download size: 792 k
Installed size: 2.4 M
Is this ok [y/N]: y
Downloading Packages:
haproxy-1.5.4-3.el6.x86_64.rpm | 792 kB 00:03
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : haproxy-1.5.4-3.el6.x86_64 1/1
Verifying : haproxy-1.5.4-3.el6.x86_64 1/1

Installed:
haproxy.x86_64 0:1.5.4-3.el6

Complete!
====================================================================================
[root@haproxy ~]# cat /etc/haproxy/haproxy.cfg
#———————————————————————
# Example configuration for a possible web application. See the
# full configuration options online.
#
# http://haproxy.1wt.eu/download/1.4/doc/configuration.txt
#
#———————————————————————

#———————————————————————
# Global settings
#———————————————————————
global
# to have these messages end up in /var/log/haproxy.log you will
# need to:
#
# 1) configure syslog to accept network log events. This is done
# by adding the ‘-r’ option to the SYSLOGD_OPTIONS in
# /etc/sysconfig/syslog
#
# 2) configure local2 events to go to the /var/log/haproxy.log
# file. A line like the following can be added to
# /etc/sysconfig/syslog
#
# local2.* /var/log/haproxy.log
#
log 127.0.0.1 local2

chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy
group haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#———————————————————————
# common defaults that all the ‘listen’ and ‘backend’ sections will
# use if not designated in their block
#———————————————————————
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000

#———————————————————————
# main frontend which proxys to the backends
#———————————————————————
frontend main *:5000
acl url_static path_beg -i /static /images /javascript /stylesheets
acl url_static path_end -i .jpg .gif .png .css .js

use_backend static if url_static
default_backend app

#———————————————————————
# static backend for serving up images, stylesheets and such
#———————————————————————
backend static
balance roundrobin
server static 127.0.0.1:4331 check

#———————————————————————
# round robin balancing between the various backends
#———————————————————————
backend app
balance roundrobin
server app1 127.0.0.1:5001 check
server app2 127.0.0.1:5002 check
server app3 127.0.0.1:5003 check
server app4 127.0.0.1:5004 check
===================================================================================

Change the configuration as per requirement

[root@haproxy ~]# vim /etc/haproxy/haproxy.cfg

#———————————————————————
global
log 127.0.0.1 local2 #Log configuration

chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 4000
user haproxy #Haproxy running under user and group “haproxy”
group haproxy
daemon

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

#———————————————————————
# common defaults that all the ‘listen’ and ‘backend’ sections will
# use if not designated in their block
#———————————————————————
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option forwardfor except 127.0.0.0/8
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000

#———————————————————————
#HAProxy Monitoring Config
#———————————————————————
listen haproxy3-monitoring *:8080 #Haproxy Monitoring run on port 8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats #URL for HAProxy monitoring
stats realm Haproxy\ Statistics
stats auth rafi:rafi #User and Password for login to the monitoring dashboard
stats admin if TRUE
default_backend app-main #This is optionally for monitoring backend

#———————————————————————
# FrontEnd Configuration
#———————————————————————
frontend main
bind *:80
option http-server-close
option forwardfor
default_backend app-main

#———————————————————————
# BackEnd roundrobin as balance algorithm
#———————————————————————
backend app-main
balance roundrobin #Balance algorithm
option httpchk HEAD / HTTP/1.1\r\nHost:\ localhost #Check the server application is up and healty – 200 status code
server apache1 45.56.109.180:80 check  
server apache2 45.79.151.113:80 check 
====================================================================================
[root@haproxy ~]# service haproxy status
haproxy is stopped
====================================================================================
[root@haproxy ~]# netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:59298 0.0.0.0:* LISTEN 1470/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1414/rpcbind
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1660/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1512/cupsd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1826/sendmail
tcp 0 0 :::111 :::* LISTEN 1414/rpcbind
tcp 0 0 :::55187 :::* LISTEN 1470/rpc.statd
tcp 0 0 :::22 :::* LISTEN 1660/sshd
tcp 0 0 ::1:631 :::* LISTEN 1512/cupsd
====================================================================================
[root@haproxy ~]# service haproxy start
Starting haproxy: [ OK ]
====================================================================================
[root@haproxy ~]# service haproxy status
haproxy (pid 2947) is running…
====================================================================================
[root@haproxy ~]# netstat -tlpn |grep haproxy
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN 2947/haproxy
[root@haproxy ~]# tail -n1 /etc/hosts
192.168.122.229 linuxmadeeasy.in

client-side here i am using two clients and apache installed on it

 client-1

[root@puppetserver ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 45.79.151.113 netmask 255.255.255.0 broadcast 45.79.151.255
inet6 2600:3c03::f03c:91ff:fe08:bb4e prefixlen 64 scopeid 0x0<global>
inet6 fe80::f03c:91ff:fe08:bb4e prefixlen 64 scopeid 0x20<link>
ether f2:3c:91:08:bb:4e txqueuelen 1000 (Ethernet)
RX packets 994501 bytes 282763404 (269.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 947508 bytes 192167926 (183.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@puppetserver ~]# echo “<h1>apache2.loadbalance.me</h1>” > /var/www/html/index.html

[root@puppetserver html]# service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service – The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)
[root@puppetserver html]# service httpd start
Redirecting to /bin/systemctl start httpd.service

[root@puppetserver html]# service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service – The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since Wed 2016-07-20 08:17:15 UTC; 2s ago

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Client-2

[root@puppetagent ~]# echo “<h1>apache1.loadbalance.me</h1>” > /var/www/html/index.html

[root@puppetagent ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 45.56.109.180 netmask 255.255.255.0 broadcast 45.56.109.255
inet6 2600:3c03::f03c:91ff:fe08:9852 prefixlen 64 scopeid 0x0<global>
inet6 fe80::f03c:91ff:fe08:9852 prefixlen 64 scopeid 0x20<link>
ether f2:3c:91:08:98:52 txqueuelen 1000 (Ethernet)
RX packets 1282353 bytes 375507010 (358.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1338430 bytes 273589379 (260.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

[root@puppetagent ~]# service httpd status
Redirecting to /bin/systemctl status httpd.service
● httpd.service – The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2016-07-20 08:11:28 UTC; 53min ago

checking the load-balance

Screenshot from 2016-07-20 14:44:56

Do refresh from ur client machine and check for second server communication

Screenshot from 2016-07-20 14:45:15

In url check with linuxmadeeasy:8080/stats

username:rafi :password:rafi (which we gave in configuration file)

Screenshot from 2016-07-20 15:13:44

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s