Re: haproxy work on my local lan but not from the itnternet

From: Guillaume Bourque <>
Date: Thu, 13 Mar 2008 01:36:47 -0400

Willy Tarreau a écrit :
> On Wed, Mar 12, 2008 at 11:59:47PM -0400, Guillaume Bourque wrote:
>> Hi Willy,
>> I found it ;-)
> fine.
>> There ware a routing problem on my Firewall / NAT box. So answer ( tcp
>> ack) from the dispatcher never when back to the client on the internet.
> yes, that's what appears in your trace :-)
>> Now I will try to test the HA setup that if I loose de MASTER dispatcher
>> I dont loose my open connections.
> Clearly speaking, if you need this, you're using the wrong tool. It is
> simple, haproxy uses the OS (linux here) to manage the sockets, and the
> OS does not support socket migration to another system. Even if it would,
> haproxy would not be able to do this anyway because the internal states
> and buffers would have to be synchronized for every single packet.
> For such a usage, you need a "dumb" load balancer (which works at packet
> level, which probably does not need to see an ACK at all to establish a
> session, and which would not maintain buffers). LVS would be fine for this
> I think.

Hello Willy

I tried lvs but I did not found clear instruction on how to implement it with iptables all doc were pointing toward ipchains or saying that I need to masq traffic but no concrete examples like you have in your site. So after 3-4 hours playing with lvs I went to haproxy

As you say, my client apps ( windows RDP or TS client ) will reconnect itself to the TS server if my MASTER haproxy ever died. The TS server will re-establish the same session, so the user should end up in the same session ( that's what I saw in my lab )

I will probably stick with haproxy since when I will want to proxy httpd traffic in ha I will alredy have a tool for it !

1 more question, since I'm balancing on source adresse and that my 2 haproxy have the same config, 1 source ip should alway end up on the same real server either from haproxy1 or haproxy2 ?

Thanks for your help If I can help my turn I'll be happy to do so.


> However, check your client. I think that even if you close the TCP session
> between it and the server, it is able to re-establish a new one without
> loosing the user's session on the server. Most tools designed to work over
> the internet work like this today (browsers, ssl vpns, ...). To try this,
> simply restart haproxy while you have an open connection, and see if your
> client loses its session or if it's able to reconnect.
> Regards,
> Willy

Guillaume Bourque, B.Sc.,
consultant, infrastructures technologiques
Logisoft Technologies inc.
514 576-7638
Received on 2008/03/13 06:36

This archive was generated by hypermail 2.2.0 : 2008/03/13 06:45 CET