I have HAPROXY on pfsense and have the following issue:
I load balance 443 over 2 web servers using round robin. but i have the following issue:
when the guys doing API calls, the first call ALWAYS fails '(timeout) but the second works!
I have no idea why. could someone help?
1:1 NAT ------------
External: EXT_IP_A
Internal: INT_SRV_A
Interface: lan/optX
Description: “Service A”
- Outbound NAT is automatic.
- NAT reflection:
-
enablebinatreflection=yes -
enablenatreflectionhelper=yes -
disablenatreflection=yes
-
VIP_A: EXT_IP_A/32 (CARP) – “Service A VIP”
mode = carp
advskew = 0advbase = 1frontend FE_SERVICE_A_443
bind EXT_IP_A:443
mode tcp
default_backend BE_SERVICE_A_443
backend BE_SERVICE_A_443
balance roundrobin
mode tcp
option tcp-check
server srv1 INT_SRV_A1:443 check
server srv2 INT_SRV_A2:443 check
stick-table type ip size 50k expire 1h
stick on src
transparent_clientip = yes
transparent_interface = opt2|opt3|lan
Environment:
- pfSense with HAProxy package
- Several CARP VIPs terminating TCP/443
- Frontends bind VIPs directly
- Backends are internal servers (multiple nodes) with TCP/443
- Mode: tcp
- transparent_clientip = yes
- stick-table enabled (source IP)
- Health checks: TCP or HTTP GET /api/v1/healthcheck
- 1:1 NAT is used for inbound traffic (multiple EXT_IP → INT_IP mappings)
where could my issue be
1 post - 1 participant