Day 29: HAProxy Implementation Details

HAProxy is a load balancer that can do both HTTP load balancing and TCP load balancing. We shall be using it for TCP load balancing as discussed in the previous post. In this post, we shall look into few implementation details of the load balancer and start off with how to install it:

For installation, follow this procedure:
sudo apt show haproxy
sudo add-apt-repository ppa:vbernat/haproxy-1.7
sudo apt update
sudo apt install -y haproxy
The above commands will help you install the software. Now, its time to program what we need. There are three programmable components of HAProxy - ACL, Frontend and Backend. The below diagram would give a better understanding of the same.

HAproxy load balancing 
Now, we need to configure the load balancer to act as an L4 load balancer. To do the same, we need to add code to an already existing configuration file. We can achieve the same through the below command and code:

sudo nano /etc/haproxy/haproxy.cfg

A file would be displayed, append the below code to it:

frontend http_front
   bind *:80
   stats uri /haproxy?stats
   default_backend http_back

backend http_back
   balance roundrobin
   server <server1 name> <private IP 1>:80 check
   server <server2 name> <private IP 2>:80 check
The above is an example of the code we shall be using. We can observe that the lb algorithm used in the above code is round robin. We shall be using something called source that will do IP hashing, thus ensuring that requests from one client always end up going to the same server. 

Few other properties provided by HAProxy, we shall be using sometime next week or so:
  • MaxCDN - it is essentially a CDN service that ensures that no one server is overloaded with traffic. It acts like a middle man which uses OverShield to protect HAProxy servers as a second level point of failure between clients and servers.
  • Health check - HAProxy also provides a service where programmers can come to know if any server is down. It just sends a TCP packet and waits for response on particular ports. Depending on whether the response comes back, it can be deteted if a server is alive or not.
  • stick table - additionally used to maintain the server and client mappings. We might use it in the future in our project to either maintain IP hashing or to dynamically change the IP hashing when a fail-over happens.
  • ACL - access control lists are a set of IF like conditions. If the conditions are met, we can perfoerm actions on the packets. In the future, when we implement detection algorithm on the load balancer, we can use ACL to directly drop few attack packets thus protecting our controller distributed architcture even before they can be attacked.
There are many such interesting features provided by HAProxy. Today I found these many, if I find more, will keep you updated on the same!!!
In tomorrow's post, we shall try implementing all of this on the netowrk that we have built with 8 hosts and 3 zodiac fx switches and all as mentioned in my Day 26 post.

Refer to previous and next posts here.

Author: Shravanya
Co-author: Swati

Comments

Post a Comment

Popular posts from this blog

Day 12: Master Slave SDN Controller Architecture

In the previous post, I was struggling to figure out why all controllers can install flows in all switches irrespective of the code. Well, today the mystery is getting resolved. I found this book that explains beautifully the various roles that a controller can play. The three roles are: Equal : this happens by default all the equal controllers in a network that are connected to the switch can add and delete flows from it Slave: it has a read-only limitation to the switch openflow tables Master: very similar to the switch, but only 1 master can be connected to the switch at that point of time, and no other flows can intercept the communication between switch and master. I highly recommend you go through the above link to get a better picture. Since the default role of any controller is "Equal", we couldn't really differentiate between the three controller flows yesterday. But one good news from this is that we don't really need extensive coding to assi
Read more

Day 50: Tcpreplay and tcpliveplay approach

Today we shall be exploring how to copy and redirect the OpenFlow packets to more than one controller from the load balancer. The load balancer is anyway sending the OpenFlow packets to one of the slave controllers - c1 or c2. The packets sent to these two controllers needs to be sent to master controller so the master controller can update the new flows added by c1 or c2 on the switches. This ensures synchronization between controllers. There are two implementation methods to achieve the same: Copy all packets generated from the load balancer to the controller side. Only the packets having destination IP address of c1 and c2 can be redirected to the master controller. Thus we can prevent the packets which already are reaching the master controller to be sent as duplicates Copy and redirect packets from the slave controllers - c1 and c2. We need not take care of duplicate packets reaching master controller. This will reduce the time taken to redirect packets. Since the second a
Read more

Day 10: Mininet Simulation of a basic distributed SDN controller architeture

Hi and welcome back! We have not been able to update the blog since we were busy debugging and figuring out!!! We are back to give you an in-detail explanation of how we have simulated a basic distributed SDN controller architecture. Requirement: 2 Hosts Mininet up and running Ryu controller up and running on each 1 D-link switch We have used two linux machines with Ubuntu 16.04 OS running on them.  How to install Mininet? Run the following command on a terminal to install mininet: > sudo apt-get install mininet How to install Ryu Controller? Make sure to install Ryu controller on each of the Linux machines so that they can act as a controller. Run the following commands for a successful installation of Ryu controller: > git clone git://github.com/osrg/ryu.git > cd ryu > sudo apt-get install python-dev python-pip python-setuptools   > sudo pip install . > sudo pip install webob eventlet paramiko routes Set Up the network
Read more