Table of contents
1. Environment kernel configuration
6. keepalived+haproxy high availability
I. Overview
HAProxy is a free load balancing software that can run on most mainstream Linux operating systems (CentOS, Ubuntu, Debian, OpenSUSE, Fedora, Kirin, Euler, UOS).
HAProxy provides two load balancing capabilities, L4 (TCP) and L7 (HTTP), with rich functions. HAProxy has performance and stability comparable to commercial load balancers.
Core functions
Load balancing: L4 and L7 modes, supporting rich load balancing algorithms such as RR/static RR/LC/IP Hash/URI Hash/URL_PARAM Hash/HTTP_HEADER Hash. Health check: supporting two health check modes, TCP and HTTP. Session
retention
: For application clusters that do not implement session sharing, session persistence SSL can be achieved through Insert Cookie/Rewrite Cookie/Prefix Cookie, and the various Hash methods mentioned above: HAProxy can
parse the HTTPS protocol, and can decrypt the request into HTTP and transmit it to the backend.
HTTP request rewriting and redirection
monitoring and statistics: HAProxy provides a web-based statistics page to display health status and traffic data. Based on this function, users can develop monitoring programs to monitor the status of HAProxy
Key Features
It adopts a single-threaded, event-driven, non-blocking model to reduce the consumption of context switching and can handle hundreds of requests within 1ms. And each session only takes up a few KB of memory.
A large number of sophisticated performance optimizations, such as O(1) complexity event checker, delayed update technology, Single-buffereing, Zero-copy forwarding, etc., these technologies allow HAProxy to occupy very low CPU resources under medium load.
HAProxy makes extensive use of the functional features of the operating system itself, allowing it to achieve extremely high performance when processing requests. Under normal circumstances, HAProxy itself only takes up 15% of the processing time, and the remaining 85% is completed at the system kernel layer.
The author of HAProxy conducted a test using version 1.4 8 years ago (2009). The processing capacity of a single HAProxy process exceeded 100,000 requests/second, and easily occupied the 10Gbps network bandwidth.
Application scenarios
In situations with high concurrency requirements
2. Installation
1. Environment kernel configuration
Optional (vim /etc/sysctl.conf)
net.ipv4.tcp_tw_reuse = 1
net.ipv4.ip_local_port_range = 1024 65023
net.ipv4.tcp_max_syn_backlog = 10240
net.ipv4.tcp_max_tw_buckets = 400000
net.ipv4.tcp_max_orphans = 60000
net.ipv4.tcp_synack_retries = 3
net.core.somaxconn = 10000
2. Compile and install
wget https://www.haproxy.org/download/1.7/src/haproxy-1.7.2.tar.gz
cd /haproxy-1.7.2/
make PREFIX=/usr/local/haproxy TARGET=linux2628
make install PREFIX=/usr/local/haproxy
3. Create configuration file
Obtain the configuration file path "/etc/haproxy/haproxy.cfg" from init.haproxy under examples in the haproxy source package
mkdir /etc/haproxy
touch /etc/haproxy/haproxy.cfg
Add system service
vim /etc/init.d/haproxy
chmod +x /etc/init.d/haproxyd
chkconfig --add /etc/init.d/haproxyAdded auto-start under runlevel 3 and 5
chkconfig haproxy --level 35 on
chkconfig --list
Configuration file
3. Start haproxy
service haproxy start
service haproxy stop
service haproxy restart | reload
systemctl daemon-reloadYou can also use systemctl to start
Configure web
Install epil-release yum install -y epil-release
Install nginx yum install -y nginx
Modify the configuration file and start echo nginx1 > /usr/share/nginx/html/index.html (web1)
echo nginx2 > /usr/share/nginx/html/index.html (web1)
systemctl start nginx
4. Scheduling algorithm
roundrobin: represents simple polling.
static-rr: indicates based on weight.
leastconn: indicates that the least connected person is processed first.
source: indicates the source IP of the request, similar to Nginx’s IP_hash mechanism.
ri: represents the URI according to the request.
rl_param: Indicates that each HTTP request is locked based on the HTTP request header.
rdp-cookie(name): Indicates that each TCP request is locked and hashed based on cookie(name).
5. Load balancing
1. Seven-layer load
Configure payload
global
daemon
maxconn 256
pidfile /var/run/haproxy/haproxy.pid
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:8080
default_backend servers
backend servers
server server1 127.0.0.1:8000 maxconn 32
server server2 127.0.0.1:8090 maxconn 32
Configure monitoring page
listen stats #Define the monitoring page
bind *:1080 #Bind port 1080
stats refresh 30s #Update monitoring data every 30 seconds
stats uri /stats #Access the uri of the monitoring page
stats realm HAProxy\ Stats #Authentication prompts for the monitoring page
stats auth admin: admin #Username and password for monitoring page
Second and fourth layer load
Configure payload
global
daemon
maxconn 256
pidfile /var/run/haproxy/haproxy.pid
defaults
mode tcp
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:8080
default_backend servers
backend servers
balance roundrobin #轮询
#balance source #保持会话
server server1 127.0.0.1:8000 maxconn 32
server server2 127.0.0.1:8090 maxconn 32
6. keepalived+haproxy high availability
haproxy configuration
(The two haproxy configurations need to be consistent)
global
daemon
maxconn 256
pidfile /var/run/haproxy/haproxy.pid
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
default_backend servers
backend servers
server server1 192.168.115.128:80 maxconn 32
server server2 192.168.115.131:80 maxconn 32
Configure keepalived
yum install -y keepalived
vim /etc/keepalived/keepalived.conf
global_defs { router_id LVS_DEVEL } #HAProxy health check configuration vrrp_script chk_haproxy { script "killall -0 haproxy" #Use killall -0 to check whether the haproxy instance exists. The performance is higher than the ps command interval 2 #Script running cycle weight 2 #The weight of each check weight value }
vrrp_instance HA_1 { state MASTER interface ens33 virtual_router_id 51 priority 100 advert_int 1 authentication { auth_type PASS auth_pass 1111 } virtual_ipaddress { 192.168.115.200 } track_script { chk_haproxy #Corresponding health check configuration } }