How to Build High‑Availability Load Balancing with Keepalived and HAProxy

Load balancing is a critical component of distributed systems, and this article demonstrates how to implement a high‑availability solution using the open‑source software HAProxy for load balancing and Keepalived for failover.

Overview

Software load balancing distributes front‑end IP traffic to multiple backend servers. Keepalived provides both load balancing and high availability, while HAProxy offers high‑performance TCP/HTTP reverse proxy and load‑balancing capabilities.

Keepalived

Keepalived operates at the transport layer (Layer 4) and was originally designed to monitor Linux Virtual Server (LVS) clusters. It uses the VRRP protocol to achieve high availability, allowing a master and backup server to exchange heartbeats and automatically promote a backup to master when needed.

yum install -y keepalived

vi /etc/keepalived/keepalived.conf

The configuration file consists of three main sections: global definitions, VRRP instance definitions, and script definitions.

global_defs {
    notification_email {
        [email protected]
    }
    notification_email_from [email protected]
    smtp_server 127.0.0.1
    smtp_connect_timeout 60
    vrrp_mcast_group4 224.0.0.18
}

vrrp_instance R1 {
    state MASTER
    interface eth0
    virtual_router_id 50
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass passwd
    }
    virtual_ipaddress {
        10.230.137.100
    }
    track_script {
        chk_haproxy
    }
    nopreempt
    preempt_delay 2
}

vrrp_script chk_haproxy {
    script "killall -0 haproxy"
    interval 2
    weight -2
    fall 3
    rise 1
}

After editing, start and enable the service:

systemctl start keepalived

systemctl enable keepalived

HAProxy

HAProxy is a TCP/HTTP reverse‑proxy load balancer that works at both Layer 4 and Layer 7. It supports session persistence, health checks, statistics, SSL offloading, and various traffic‑routing features.

yum install -y haproxy

vi /etc/haproxy/haproxy.cfg

Key configuration sections include:

global
    log /dev/log local0 info
    chroot /var/lib/haproxy
    pidfile /var/run/haproxy.pid
    maxconn 4000
    user haproxy
    group haproxy
    daemon

defaults
    mode http
    log global
    option httplog
    option dontlognull
    option http-server-close
    option forwardfor except 127.0.0.0/8
    option redispatch
    retries 3
    timeout http-request 10s
    timeout queue 1m
    timeout connect 10s
    timeout client 1m
    timeout server 1m
    timeout http-keep-alive 10s
    timeout check 10s

frontend main
    mode http
    bind :80
    default_backend nginx

backend nginx
    mode http
    balance roundrobin
    server web1 host1:80 check
    server web2 host2:80 check

HAProxy also supports session persistence via source‑address hashing (Layer 4) or cookie‑based persistence (Layer 7), SSL termination, and advanced traffic routing based on URL paths or HTTP headers.

# Example of URL‑based routing
frontend main
    bind :80
    acl is_test1 path_beg /test1
    acl is_test2 path_beg /test2
    use_backend test1 if is_test1
    use_backend test2 if is_test2
    default_backend nginx

backend test1
    balance roundrobin
    server web2 10.230.150.69:80 check

backend test2
    balance roundrobin
    server web3 10.230.150.70:80 check

SSL offloading is achieved by adding SSL parameters to the global section and binding port 443 in the frontend:

global
    tune.ssl.default-dh-param 2048

frontend main
    bind :80
    bind :443 ssl crt /etc/ssl/certs/web.pem
    redirect scheme https if !{ ssl_fc }
    default_backend nginx

Conclusion

Software load balancing with Keepalived and HAProxy provides a cost‑effective, flexible, and highly available solution compared to hardware appliances. The combination allows rapid deployment, easy scaling, and fine‑grained control over traffic distribution, making it suitable for cloud‑native and on‑premises environments.