HAProxy Review

Multiple algorithms load-balance HTTP and TCP requests


What is our primary use case?

We have the following use-cases for HAProxy:

  1. To load-balance dozens of Apache 2.4 Servers mod_proxy. (Internal load-balance Tomcat, Jetty, JBoss app containers, using TCP load-balancing).
  2. To load-balance hundreds of MySQL and PostgreSQL databases using TCP load-balancing. We manage inventory of these through Ansible automation.
  3. To provide a layer of security (username/passwd) authentication for legacy back-end Web apps that may not have username/passwd implemented yet. Some financial Web apps were created over 15 years ago and focused on reports, files, logs, and market share stats and were written in Perl. We also had a very old Kibana interface to visualize those logs. Such Web apps required HAProxy to tunnel the requests with un/pw authentication.
  4. To redirect traffic internally based on /URL to the relevant services (DNS nameserver) and as a gateway to tunnel traffic to customers who explicitly require reverse-IP authentication. The DNS nameserver was a trendsetter that we learned quickly and now cannot live without.

How has it helped my organization?

As our traffic began increasing nine years ago, we desperately needed to load-balance TCP requests (for DBs). We originally used round robin on an array[] which stored the IPs of half a dozen DBs. But with HAProxy, we didn't need to maintain such complexity. We later exploited many more features.

What is most valuable?

The most important features would be the load-balancing of HTTP and TCP requests, according to multiple LB algorithms (busyness, weighted-busyness, round robin, traffic, etc). 

Another important feature that we cannot live without is the username/passwd authentication for legacy systems that had none.

What needs improvement?

The web stats UI, which provides the status of the health and numbers, could greatly benefit from having a RESTful interface to control the load-balanced nodes. Although there is a hack around the UI (by issuing a POST request to HAProxy with parameters), a RESTful interface would greatly improve the automation process (through Chef and Ansible).

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

I have deployed over 50 instances of HAProxy over the past 15 years and never encountered any stability issues. Most HAProxy instances have continuously run for over two years until the server required a kernel upgrade.

What other advice do I have?

I have used it for over 10 years. I started using it as a Web application (Tomcat, Apache, JBoss) load-balancer when it had a few stable releases. When I first start using it, HAProxy was primarily used to load-balance HTTP requests. Since we are a B2B company that deals primarily with hotel inventory, IP authentication was a must. Therefore, our customers had single end-points to send and receive RESTful requests. To make this viable, we had to use a central server as a proxy to tunnel out the requests. We will continue to use HAProxy as our entry-point and exit-point of the system.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email