I would like to create a redundant HAProxy configuration with:
- Keepalived - for determining which HA Proxy is active
- HAProxy - for doing load balancing and failover
I will be using a cloud service provider and their VPSs
- Each VPS has its own, public IP address
- The provider has a “failover IP” that can be purchased
The issue I’ve encountered previously with using VRRP on a service level (as opposed to just a Layer 3 technology), is that the destination and reply IP addresses are different. For example, when I considered only using Keepalived for load-balancing and failover, I encountered the problem:
- Clients would make a connection to the servers using the virtual failover IP
- Responses from the server would be sent from the server’s physical IP address, and not from the virtual failover IP
- The destination and response IP addresses would not match
Load-balancers, like HA Proxy, deal with this problem to an extent, by essentially NATing the traffic, such that the traffic from the servers appear to be sent to/from the Load-balancer’s IP address.
- Instead of replies originating from the server’s physical IP address, the replies are NATed to the load-balancer’s IP address
However, I foresee the same problem, if I try to use a virtual failover IP with a pair of HA Proxys running keepalived. That is,
- Traffic would be sent to the Virtual IP as the destination IP
- Traffic response would be sent from the HA Proxy’s IP address, not from the Virtual IP
Does HA Proxy have a solution to this?
Can I configure HA Proxy to reply with the virtual IP?
4 posts - 3 participants