Upload
lukasz-jagiello
View
4.985
Download
2
Embed Size (px)
DESCRIPTION
Przykłady zastosowań HAProxy.
Citation preview
HAProxy – zastosowania
Łukasz Jagiełł[email protected]
Agenda
● Wstęp● Co to HAProxy ?● Zastosowania● Co nowego w wersji 1.5● Podsumowanie
Load Balancing:
● Sprzętowe rozwiązania:
F5, jetNEXUS, Cisco LD, Loadbalancer.org itd.● Sieciowe rozwiązania
(switch, router itd.)● Software
Co mamy na rynku:
● HAProxy● Pound● Pure Load Balancer● Pen● Perlbal● Coś jeszcze pewnie się znajdzie...
Co się liczy ?
● HAProxy● Pound
Co się naprawdę liczy ?
● HAProxy
Co to HAProxy
● Darmowy (GPL v2)● Szybki● HA● Load Balancing● Proxy● TCP / HTTP● Multisystemowy
Możliwości
● 1U Dual Xeon ~ 15k-30k hit/sec● Splice() syscall – 10Gbit/s● 16kb per session – 60k sesji na GB ramu● 108k HTTP req per second (record !)
Budowa:global
log 127.0.0.1 local1 notice
user nobody
[...]
default
log global
mode http
[...]
backend apache
server www.gr 10.0.0.1:80 check inter 3000 fall 2 rise 2
frontend web.example.pl 1.1.1.1:80
default_backend apache
listen web.example.pl 1.1.1.1:80
server www.gr 10.0.0.1:80 check inter 3000 fall 2 rise 2
Zastosowania - HTTPlisten webfarm 192.168.1.1:80
mode http
balance roundrobin
option httpchk HEAD /index.html HTTP/1.0
server webA 192.168.1.11:80 cookie A check
server webB 192.168.1.12:80 cookie B check port 81 inter 2000
server webC 192.168.1.13:80 cookie C check
server webD 192.168.1.14:80 cookie D check
server bkpA 192.168.1.15:80 cookie A check backup
server bkpB 192.168.1.16:80 cookie B check backup
Zastosowania - ACL● frontend frontend 0.0.0.0:80
[...]
acl blokada url_reg .*\.aspx$
block if blokada
[...]
acl static_graph url_reg .*\.(jpg|gif|png|js|css|ico|swf|htc|pdf|flv)$
use_backend varnish if static_graph
● frontend frontend-static 0.0.0.0:801
reqirep ^Host:\ (.*) Host:\ static.example.pl
default_backend nginx
Zastosowanie – ACL (2)● frontend wiadomosci24.pl 195.8.99.8:80
[...]
errorloc 500 http://blad.wiadomosci24.pl/500.html
errorloc 502 http://blad.wiadomosci24.pl/502.html
errorloc 503 http://blad.wiadomosci24.pl/503.html
acl static hdr_reg(host) -i ^(s|d|m|img|www1)\.(.*\.)?wiadomosci24.pl
acl blad hdr(host) -i blad.wiadomosci24.pl
use_backend cache if static
use_backend blad if blad
default_backend wiadomosci24
Zastosowania – ACL (3)● acl baltycki.tv hdr_reg(host) ^(www.)?baltycki.tv
redirect location http://dziennikbaltycki.pl if baltycki.tv
● backend robots_denied
option httpchk HEAD /check.txt HTTP/1.0
server robots_denied 127.0.0.1:8000 check inter 3000 fall 2 rise 2
frontend devel 192.168.0.1:80
acl robots url_reg \/robots.txt$
use_backend robots_denied if robots
default_backend www_devel
Zastosowania – hit ratio
● backend cache
stick store-request src
stick-table type ip size 200k expire 30m
server cache01 10.5.0.11:80 check inter 3000 fall 2 rise 2
server cache02 10.5.0.12:80 check inter 3000 fall 2 rise 2
server cache03 10.5.0.13:80 check inter 3000 fall 2 rise 2
Zastosowania – World IPv6 Daydefaults
log global
mode tcp
option dontlognull
[...]
frontend www.gratka.pl 195.8.99.42:80,2a02:1320:ffff:0:195:8:99:42:80
[...]
default_backend www
listen ipv6proxy443 2A02:1320:FFFF:FFFF::1:443
mode tcp
server ipv4server443 10.0.0.1:443
Zastosowania - HTTPS● Stunnel:
[https]
accept = 443
connect = 127.0.0.1:4443
TIMEOUTclose = 0
● HAProxy:
frontend ssl-frontend 0.0.0.0:4443
reqadd SSL:\ on
default_backend www-backend
* Pound ma wbudowaną obsługę SSL
Zastosowania - SMTP● listen smtp :25
mode tcp
maxconn 500
option tcplog
balance roundrobin
server smtp1 xx.xx.xx.xx:25 check inter 10000
server smtp2 xx.xx.xx.xx:25 check inter 10000
Zastosowania - MySQL# DB write cluster
# Failure scenarios:
# - replication 'up' on db01 & db02 = writes to db01
# - replication 'down' on db02 = writes to db01
# - replication 'down' on db01 = writes to db02
# - replication 'down' on db01 & db02 = go nowhere, split-brain, cluster FAIL!
# - mysql 'down' on db02 = writes to db01_backup
# - mysql 'down' on db01 = writes to db02_backup
# - mysql 'down' on db01 & db02 = go nowhere, cluster FAIL!
Zastosowanie – MySQL (2)backend cluster_db_write
# - max 1 db server available at all times
# - db01 is preferred (top of list)
# - db_backups set their 'up' or 'down' based on results from monitor_dbs
mode tcp
option tcpka
balance roundrobin
option httpchk GET /dbs
server db01 172.16.0.60:3306 weight 1 check port 9201 inter 1s rise 2 fall 1
server db02 172.16.0.61:3306 weight 1 check port 9201 inter 1s rise 2 fall 1 backup
server db01_backup 172.16.0.60:3306 weight 1 check port 9301 inter 1s rise 2 fall 2 addr 127.0.0.1 backup
server db02_backup 172.16.0.61:3306 weight 1 check port 9302 inter 1s rise 2 fall 2 addr 127.0.0.1 backup
Zastosowanie – SSH/SSL● listen ssl :443
tcp-request inspect-delay 2s
acl is_ssl req_ssl_ver 2:3.1
tcp-request content accept if is_ssl
use_backend ssh if !is_ssl
server www-ssl :444
timeout client 2h
backend ssh
mode tcp
server ssh :22
timeout server 2h
Co nowego w 1.5● frontend a
bind ...
stick-table type ip size 200k expire 2m store conn_cur
acl source_is_abuser sc1_conn_cur gt 2
tcp-request connection track-sc1 src if ! source_is_abuser
use_backend slow if source_is_abuser
default_backend fast
backend slow
server a ... maxconn 1 check
server b ... maxconn 1 check
backend fast
server a ... maxconn 10 check
server b ... maxconn 10 check
Co nowego w 1.5 (2)● listen ssh
bind :22
mode tcp
maxconn 100
stick-table type ip size 20 expire 10s store conn_cnt
tcp-request content reject if { src_update_count gt 3 }
server local 127.0.0.1:22
● 3 połączenia SSH na 10sec
Co nowego w 1.5 (3)● peers mypeers
peer haproxy1 192.168.0.1:1024
peer haproxy2 192.168.0.2:1024
peer haproxy3 10.2.0.1:1024
backend mybackend
mode tcp
balance roundrobin
stick-table type ip size 20k peers mypeers
stick on src
server srv1 192.168.0.30:80
server srv2 192.168.0.31:80
Podsumowanie
● Wydajna● Konfigurowalna● Dobra dokumentacja● Easy -> Hard● Wieloplatformowa aplikacja● Doskonałe porfolio użytkowników
Gdzie szukać pomocy ?
● Dokumentacja:
http://haproxy.1wt.eu/download/1.4/doc/
● Lista Dyskusyjna: http://www.formilux.org/archives/haproxy/
Pytania?