Introduction to the tens of millions of concurrent HAproxy balanced load systems

HAProxy provides high availability, load balancing, and proxy for TCP and HTTP applications, supporting virtual hosts, which is a free, fast and reliable solution. According to official data, its highest limit supports 10G concurrency.

HAProxy is especially useful for those highly loaded web sites that typically require session persistence or seven layers of processing. HAProxy runs on current hardware and can support tens of thousands of concurrent connections. And its mode of operation makes it easy and safe to integrate into your current architecture while protecting your web server from exposure to the network.

4 which is supported from the network layer to the layer 7 switching, i.e., to cover all the TCP protocol. That is to say, Haproxy even supports the balanced load of Mysql. .

If you can implement the WEB balanced load in the proxy reverse proxy mode, there are many such products. Including Nginx, ApacheProxy, lighttpd, Cheroke, etc.

But to be clear, Haproxy is not an Http server. All of the products mentioned above with a reverse proxy equalization load are all WEB servers. Simply put, they can provide static (html, jpg, gif..) or dynamic (php, cgi..) file transfers and processing. Haproxy is only, and is specifically an application agent for balancing loads. It does not provide http services by itself.

but its configuration is simple, has a very good server health checks as well as a special monitoring system status page, when its agents back-end server fails, HAProxy automatically removed the server failure The server is automatically added after recovery. Since version 1.3, frontend, backend, frontend have been introduced to match rules based on the contents of any HTTP request header, and then the request is directed to the relevant backend.

In addition, version 1.3 is an active development version that supports the following new features:

Content Exchange: You can select a set of servers, such as requests, based on any part of the request. URIs, Host headers, cookies, and anything else. Of course, there are more needs for this feature for statically separated sites.

Fully Transparent Proxy: You can use the client IP address or any other address to connect to the backend server. This feature is only available after the cctproxy patch has been applied to the Linux 2.4/2.6 kernel. This feature also makes it available for some It is possible for a special server to handle part of the traffic without modifying the address of the server.

Tree-based faster scheduler: Versions above 1.2.16 require all timeouts to be set to the same value to support tens of thousands of full-speed connections. This feature has been ported to 1.2.17.

Kernel TCP splicing: Avoids kernel-to-user and then user-to-kernel data copying, increasing throughput while reducing CPU usage. Haproxy 1.3 supports Linux L7SW to meet Gbps throughput on commodity hardware Demand.

Connection Rejection: Because the overhead of maintaining the opening of a connection is very low, sometimes we need to limit the attack bots, which means limiting their connections to open and thus limiting their harm. This has been developed for a site that is stuck in a small DDoS attack and has saved many sites.

Subtle heading: Makes writing header-based rules simpler and handles certain parts of the URI.

Fast and Reliable Head Processing: Using a full RFC2616 compatible integrity check, it takes less than 2ms to analyze and index all of the general requests.

Modular design: Allow more people to join this project, debugging is also very simple. Poller has been separated, has made their development a lot easier. HTTP has been separated from TCP, so add a new seven Layer properties become very simple. Other subsystems will be modular soon.

Speculative I/O Processing: Try to read data from a socket before it is ready. The poller only speculates which ones may be ready and not, try to guess, and if successful, some expensive system calls can be saved. These system calls are called if they fail. The known use of Linux epoll() has been a net increase of at least 10%.

ACLs : Use any combination of arbitrary rules as the execution condition of an action.

TCP Protocol Check: Combine ACLs to check for any part of the request and then forward it. This allows for protocol verification to be performed instead of blind forwarding. For example, allow SSL but reject SSH.

More load balancing algorithms: Dynamic Round Robin, Weighted Source Hash, Weighted URL Hash, and Weighted Parameter Hash Already implemented. Other algorithms such as Weighted Measured Response Time will also be implemented soon.