How to Build High‑Availability Load Balancing with Keepalived & HAProxy

Overview

Load balancing is essential in distributed systems. This article shows how to implement software load balancing with HAProxy and achieve high availability using Keepalived.

1. Keepalived

Keepalived works at layer 4, originally for monitoring Linux Virtual Server (LVS) clusters, later adding VRRP for high availability. It runs on master and backup nodes, exchanges heartbeats, and can manage LVS load balancing and health checks. When the master fails, VRRP promotes a backup to master and transfers the virtual IP.

2. HAProxy

HAProxy is a TCP/HTTP reverse‑proxy load balancer operating at layer 4 and 7, suitable for high‑traffic web sites, supporting session persistence, health checks, and many algorithms.

3. Keepalived + HAProxy

Combining Keepalived with HAProxy provides high‑availability load balancing. Figure 1 shows the architecture.

2. Keepalived Features and Installation

2.1 Core Functions

Manage LVS load‑balancing software.

Health‑check LVS nodes.

Provide network service high availability.

2.2 High‑Availability Principle

VRRP heartbeats are sent from master to backup; loss triggers failover. The virtual IP (VIP) remains constant for clients.

2.3 Installation and Configuration

Install via yum: yum install -y keepalived Edit /etc/keepalived/keepalived.conf. The file consists of global_defs, vrrp_instance, and vrrp_script sections.

global_defs {
   notification_email { [email protected] }
   notification_email_from [email protected]
   smtp_server 127.0.0.1
   smtp_connect_timeout 60
   vrrp_mcast_group4 224.0.0.18
}

vrrp_instance R1 {
   state MASTER
   interface eth0
   virtual_router_id 50
   priority 100
   advert_int 1
   authentication {
       auth_type PASS
       auth_pass passwd
   }
   virtual_ipaddress {
       10.230.137.100
   }
   track_script {
       chk_haproxy
   }
   nopreempt
   preempt_delay 2
}

vrrp_script chk_haproxy {
   script "killall -0 haproxy"
   interval 2
   weight -2
   fall 3
   rise 1
}

Start services:

systemctl start keepalived
systemctl enable keepalived

3. HAProxy Features and Installation

3.1 Core Functions

Load balancing and session persistence.

Health checks (TCP/HTTP).

Statistics monitoring.

SSL offloading.

Header manipulation, request rewriting, ACL routing.

3.2 Load‑Balancing Algorithms

HAProxy supports round‑robin, static‑round‑robin, least‑connection, source‑hash, URI‑hash, URL‑parameter‑hash, HTTP‑header‑hash, and others.

3.3 Installation and Basic Configuration

Install via yum: yum install -y haproxy Edit /etc/haproxy/haproxy.cfg.

global
   log /dev/log local0 info
   chroot /var/lib/haproxy
   pidfile /var/run/haproxy.pid
   maxconn 4000
   user haproxy
   group haproxy
   daemon
   tune.ssl.default-dh-param 2048

defaults
   mode http
   log global
   option httplog
   option dontlognull
   option http-server-close
   option forwardfor except 127.0.0.0/8
   option redispatch
   retries 3
   timeout http-request 10s
   timeout queue 1m
   timeout connect 10s
   timeout client 1m
   timeout server 1m
   timeout http-keep-alive 10s
   timeout check 10s

frontend main
   mode http
   bind :80
   bind :443 ssl crt /etc/ssl/certs/web.pem
   redirect scheme https if !{ ssl_fc }
   default_backend nginx

backend nginx
   mode http
   balance roundrobin
   server web1 10.230.150.68:80 check
   server web2 10.230.150.69:80 check
   server web3 10.230.150.70:80 check

Session persistence can be configured with source‑hash (layer‑4) or cookie‑based (layer‑7) methods.

backend nginx
   mode tcp
   balance source
   server web1 10.230.150.68:80 check cookie web1
   server web3 10.230.150.70:80 check cookie web3

backend nginx
   mode http
   balance roundrobin
   cookie WEBSRV insert indirect nocache
   server web1 10.230.150.68:80 check cookie web1
   server web2 10.230.150.69:80 check cookie web2

Figure 2 shows the cookie header.

3.4 SSL Offloading

HAProxy can terminate SSL at the front end and forward plain HTTP to back‑ends, reducing server CPU load.

3.5 Traffic Routing

URL‑path routing example:

frontend main
   bind :80
   bind :443 ssl crt /etc/ssl/certs/web.pem
   redirect scheme https if !{ ssl_fc }
   acl is_test1 path_beg /test1
   acl is_test2 path_beg /test2
   use_backend test1 if is_test1
   use_backend test2 if is_test2
   default_backend nginx

backend test1
   balance roundrobin
   server web2 10.230.150.69:80 check

backend test2
   balance roundrobin
   server web3 10.230.150.70:80 check

Host‑header routing example:

frontend main
   acl is_test1 hdr_beg(host) www.test1.com
   acl is_test2 hdr_beg(host) www.test2.com
   use_backend test1 if is_test1
   use_backend test2 if is_test2

Figures illustrate URL‑path and domain‑based routing.

4. Summary

Software load balancing with Keepalived and HAProxy offers a low‑cost, flexible, and highly available solution compared with hardware appliances. The combination has been successfully applied in a banking PaaS platform to provide HA for control nodes, worker nodes, and image repositories, demonstrating stability, scalability, and ease of expansion.