High Availability Load Balancing with HAProxy on FreeBSD
To achieve high availability load balancing with HAProxy on FreeBSD you can use a CARP to setup backup node and using that configuration to avoid SPOF.
To achieve high availability load balancing with HAProxy on FreeBSD you can use Common Address Redundancy Protocol (CARP) to setup backup node and using that configuration avoid single point of failure (SPOF). Basic idea about CARP is that CARP allows multiple hosts to share the same IP address. It is a free, non patent-encumbered alternative to Cisco’s HSRP. It is mostly implemented in BSD operating systems. This is pretty useful for load balancing. I tested it with almost the same configuration that will be described here with JMeter running and it performed really well without failed requests when I shutdown master node. CARP can be added to FreeBSD system rebuilding the kernel or just loading the if_carp.ko module at boot time which I will use here. At the end you will get something like this:
All traffic will be automatically forwarded to backup node only if master is unavailable and again forwarded to master once it’s available. So with this setup you will get high availability. First I will show how to install HAProxy on both servers. As we are using FreeBSD that will be done through ports, so first step is to update port collection. If you are new with FreeBSD that can be done like this:
cd ~ cp /usr/share/examples/cvsup/ports-supfile . sed -i -e "s@CHANGE_THIS@cvsup8@g" ports-supfile csup -L 2 ports-supfile
When port collection is updated you can go forward and install HAProxy:
cd /usr/ports/net/haproxy make install clean echo 'haproxy_enable="YES"' >> /etc/rc.conf pw useradd haproxy
Next step is HAProxy configuration. Configuration file can be found here: /usr/local/etc/haproxy.conf. In this example I will use basic HTTP load balancing with two web servers:
global maxconn 2048 user haproxy group haproxy daemon defaults mode http timeout connect 5000ms timeout client 50000ms timeout server 50000ms listen http-in bind *:80 balance roundrobin server web0 192.168.100.200:80 maxconn 1024 check server web1 192.168.100.201:80 maxconn 1024 check
To check if it works you can start it and try to browse your HAProxy IP address:
Above configuration and all steps are the same on both load balancing nodes, so just repeat all of this on backup node. When all is prepared it’s time to enable CARP kernel module (both nodes):
echo 'if_carp_load="YES"' >> /boot/loader.conf
Next on the master node bellow configuration options needs to be added to: /etc/rc.conf file:
cloned_interfaces="carp0" ifconfig_carp0="vhid 1 advskew 100 pass techbar 192.168.100.210/24"
IP address used here will be shared between both HAProxy nodes and that will be access point to HTTP requests. Also by manipulating “advskew”, the master CARP host can be chosen. The higher the number, the less preferred the host will be when choosing a master. The default is 0. Acceptable values are from 0 to 254. It is very important that the passwords, specified by the pass option are identical.
Also here is configuration for backup node:
cloned_interfaces="carp0" ifconfig_carp0="vhid 1 advskew 200 pass techbar 192.168.100.210/24"
As you see configuration is basically the same, just advskew is different. Now you just need to reboot the system and check if everything works as expected. For testing you can shutdown master and try to access to the shared IP address.
This example shows how CARP can be used for load balancing, but it can be used for anything else, like firewalls or something. Basically whenever you need high availability. If you have any questions or problems during setup just post a comment.