1. Introduction to HAProxy
HAProxy provides high availability, load balancing and proxy based on TCP and HTTP applications, supports virtual hosting, it is a free, fast and reliable solution. HAProxy is especially useful for heavily loaded web sites that often require session persistence or Layer 7 processing. HAProxy runs on current hardware and can fully support tens of thousands of concurrent connections. And its mode of operation makes it easy and secure to integrate into your current architecture, while protecting your web server from being exposed to the network.
HAProxy implements an event-driven, single-process model that supports a very large number of concurrent connections. A multi-process or multi-threaded model is limited by memory constraints, system scheduler constraints, and ubiquitous locks, and can rarely handle thousands of concurrent connections. The event-driven model does not have these problems because it implements all these tasks in User-Space with better resource and time management. The downside of this model is that these programs typically scale less well on multi-core systems. That's why they have to optimize to make more work per CPU time slice (Cycle).
HAProxy is a proxy software that provides high availability, load balancing and applications based on TCP (Layer 4) and HTTP (Layer 7). Proxy Solutions.
(1) It is free and open source, and the stability is also very good. This can be seen from some small projects I have done. Haproxy also runs well, and its stability can be comparable to that of the hardware-level F5;
(2) According to official documents, HAProxy can run at full 10Gbps-New benchmark of HAProxy at 10 Gbps using Myricom's 10GbE NICs (Myri-10G PCI-Express), which is quite amazing as a software-level load balancer;
(3) HAProxy supports connection rejection: Because the overhead of maintaining a connection open is very low, sometimes we need to limit attack worms (attack bots), that is to say, limit their connection opening to limit their harm. This has been developed for a website that was caught in a small DDoS attack and has saved many sites, an advantage that other load balancers don't have.
(4) HAProxy supports fully transparent proxy (already has the typical characteristics of hardware firewall): you can use the client IP address or any other address to connect to the backend server. This feature is only available after the Linux 2.4/2.6 kernel is patched with cttproxy Use. This feature also makes it possible to handle some traffic for a particular server without changing the server's address.
(5) HAProxy is more than the online Mysql cluster environment, we often use it as MySQL (read) load balancing;
(6) It comes with a powerful page for monitoring server status. In the actual environment, we combine Nagios to send email or SMS alarms. This is one of the reasons why I like it very much;
(7) HAProxy supports virtual hosts. Many friends say that it is wrong that it does not support virtual hosts. We know through testing that HAProxy supports virtual hosts.
HAProxy is especially suitable for those heavily loaded web sites that usually require session persistence or Layer 7 processing. HAProxy runs on current hardware and can fully support tens of thousands of concurrent connections. And its mode of operation makes it easy and secure to integrate into your current architecture, while protecting your web server from being exposed to the network.
2. Three ways to configure HAProxy Session affinity
There are three ways that haproxy load balancing maintains client and server session affinity:
1 User IP identification
haproxy assigns the user IP to a fixed real server after hash calculation (similar to nginx's IP hash instruction)
Configuration command balance source
2 cookie recognition
haproxy inserts (or adds a prefix) the server cookie ID of the backend defined by haproxy into the cookie sent by the WEB server to the client.
Configuration directive example cookie SESSION_COOKIE insert indirect nocache
Using firebug, you can observe that the cookie in the user's request header contains something like "Cookie jsessionid=0bc588656ca05ecf7588c65f9be214f5; SESSION_COOKIE=app1" SESSION_COOKIE=app1 is the content added by haproxy
3 session identification
haproxy stores the session generated by the back-end server and the identity of the back-end server in a table in haproxy. This table is first queried when the client requests.
Configuration command example appsession JSESSIONID len 64 timeout 5h request-learn
Configuration example:
#vi /usr/local/haproxy/haproxy.cfg
backend COOKIE_srv
mode http
cookie SESSION_COOKIE insert indirect nocache
server REALsrv_70 184.82.239.70:80 cookie 11 check inter 1500 rise 3 fall 3 weight 1
server REALsrv_120 220.162.237.120:80 cookie 12 check inter 1500 rise 3 fall 3 weight 1
backend SOURCE_srv
mode http
balance source
server REALsrv_70 184.82.239.70:80 cookie 11 check inter 1500 rise 3 fall 3 weight 1
server REALsrv_120 220.162.237.120:80 cookie 12 check inter 1500 rise 3 fall 3 weight 1
backend APPSESSION_srv
mode http
appsession JSESSIONID len 64 timeout 5h request-learn
server REALsrv_70 184.82.239.70:80 cookie 11 check inter 1500 rise 3 fall 3 weight 1
server REALsrv_120 220.162.237.120:80 cookie 12 check inter 1500 rise 3 fall 3 weight 1[2]