0

I use Haproxy as a load balancer to stream SSH connections to the backend servers. To avoid Haproxy being a single point of failure, I have two Haproxies which are monitored via Keepalived and work together as a proxy cluster as shown below.

enter image description here

If the primary Haproxy is down, the virtual IP will automatically bind to the second proxy and new connections will be served via the secondary proxy. However, my previously active connections which were flowing via the primary Haproxy are lost now.

In the case of a planned outage for the primary HAproxy host, is there a way, I can drain the connections in the primary Haproxy and simultaneously start accepting the new connections in the secondary Haproxy? Any other tools or proxies with the above capabilities should also work for me.

Currently, my Haproxy hosts are VMs. Wondering, if I move this to a Kubernetes cluster, I can drain one pod while the other pods serve connections.

Dipu H
  • 2,372
  • 15
  • 24

1 Answers1

0

In HAproxy there is an api called the Runtime API. It is embedded inside the load balancer and requires no other packages. It lets you configure some aspects of the load balancer at runtime without needing to reload the service. Changes are kept in memory only until the next reload or restart and are not saved to the configuration file on disk. Use this feature to make on-the-fly changes, such as enabling and disabling servers or adding entries to map files in memory.(Source: Runtime API).

Using runtime API you can monitor the starts, rate limit the connections, set the max connection count on a server and also drain the network from servers and proxies, for more information go through this documentation.

Kranthiveer Dontineni
  • 1,056
  • 1
  • 10
  • I don't have a problem reloading haproxy if there is a configuration change. The concern is only when the primary proxy host needs to be rebooted for planned activities like, OS kernel upgrade. – Dipu H Jan 17 '23 at 02:42
  • Like I mentioned in the second paragraph(which I spliced now for your convenience), you can drain your connections on the primary HAproxy node using runtime API and then perform planned maintenance. Meanwhile from new connections populating on your primary node you can limit the connections count using the same api. – Kranthiveer Dontineni Jan 17 '23 at 03:53
  • Thanks for writing back. Even if I find one option to drain the primary haproxy, my DNS will still be pointing to the primary haproxy until it fails and falls to the secondary haproxy. If we are draining the primary, the secondary haproxy should be able to start accepting the new connections simultaneously. How do I perform both operations simultaneously with DNS being assigned to one virtual IP? My connection type is SSH each lasts from 3-5 minutes. – Dipu H Jan 17 '23 at 23:47