How to Build High‑Availability Load Balancing with Keepalived & HAProxy

Overview

Load balancing is a critical component of distributed systems. By using the open‑source software HAProxy for high‑performance TCP/HTTP reverse proxy and Keepalived for high‑availability (HA) via VRRP, you can quickly deploy a resilient load‑balancing architecture.

1. Keepalived

Keepalived operates at the transport layer (Layer 4) and was originally designed to monitor Linux Virtual Server (LVS) clusters. It now includes VRRP to provide HA, allowing it to manage LVS, Nginx, HAProxy, and other services.

Key features include:

Management of LVS load‑balancing software

Health‑checking of LVS nodes

Network service HA with master/backup failover

1.1 High‑Availability Principle

Master nodes broadcast heartbeat messages via VRRP. If the master fails, the backup detects the missing heartbeat and takes over the virtual IP (VIP), ensuring transparent service continuity.

1.2 Installation

On CentOS, install with: yum install -y keepalived Configuration is stored in /etc/keepalived/keepalived.conf and consists of three sections: global definitions, VRRP instance definitions, and scripts.

1.3 Example Configuration

global_defs {</code>
<code>    notification_email { [email protected] }</code>
<code>    notification_email_from [email protected]</code>
<code>    smtp_server 127.0.0.1</code>
<code>    smtp_connect_timeout 60</code>
<code>    vrrp_mcast_group4 224.0.0.18</code>
<code>}</code>
<code>vrrp_instance R1 {</code>
<code>    state MASTER</code>
<code>    interface eth0</code>
<code>    virtual_router_id 50</code>
<code>    priority 100</code>
<code>    advert_int 1</code>
<code>    authentication {</code>
<code>        auth_type PASS</code>
<code>        auth_pass passwd</code>
<code>    }</code>
<code>    virtual_ipaddress { 10.230.137.100 }</code>
<code>    track_script { chk_haproxy }</code>
<code>    nopreempt</code>
<code>    preempt_delay 2</code>
<code>}</code>
<code>vrrp_script chk_haproxy {</code>
<code>    script "killall -0 haproxy"</code>
<code>    interval 2</code>
<code>    weight -2</code>
<code>    fall 3</code>
<code>    rise 1</code>
<code>}

Start and enable the service:

systemctl start keepalived</code>
<code>systemctl enable keepalived

2. HAProxy

HAProxy provides high‑performance TCP/HTTP reverse proxy and load balancing. It supports session persistence, health checks, statistics, SSL termination, and extensive traffic routing.

2.1 Core Features

Load balancing & session persistence

TCP/HTTP health checks

Statistics and monitoring

SSL offloading

Header manipulation, request rewriting, ACL‑based routing

2.2 Scheduling Algorithms

HAProxy supports various algorithms such as round‑robin, static‑round‑robin, least‑connection, source‑hash, URI‑hash, URL‑parameter‑hash, and HTTP‑header‑hash.

2.3 Installation

On CentOS, install with: yum install -y haproxy Configuration file is /etc/haproxy/haproxy.cfg. A minimal example:

global</code>
<code>    log /dev/log local0 info</code>
<code>    chroot /var/lib/haproxy</code>
<code>    pidfile /var/run/haproxy.pid</code>
<code>    maxconn 4000</code>
<code>    user haproxy</code>
<code>    group haproxy</code>
<code>    daemon</code>
<code>defaults</code>
<code>    mode http</code>
<code>    log global</code>
<code>    option httplog</code>
<code>    option dontlognull</code>
<code>    option http-server-close</code>
<code>    option forwardfor except 127.0.0.0/8</code>
<code>    option redispatch</code>
<code>    retries 3</code>
<code>    timeout http-request 10s</code>
<code>    timeout queue 1m</code>
<code>    timeout connect 10s</code>
<code>    timeout client 1m</code>
<code>    timeout server 1m</code>
<code>    timeout http-keep-alive 10s</code>
<code>    timeout check 10s</code>
<code>frontend main</code>
<code>    mode http</code>
<code>    bind :80</code>
<code>    default_backend nginx</code>
<code>backend nginx</code>
<code>    mode http</code>
<code>    balance roundrobin</code>
<code>    server web1 10.230.150.68:80 check</code>
<code>    server web2 10.230.150.69:80 check

Start and enable HAProxy:

systemctl start haproxy</code>
<code>systemctl enable haproxy

2.4 Session Persistence

Four‑layer persistence uses source‑hash; seven‑layer persistence uses cookies. Example for cookie‑based persistence:

backend nginx</code>
<code>    mode http</code>
<code>    balance roundrobin</code>
<code>    cookie WEBSRV insert indirect nocache</code>
<code>    server web1 10.230.150.68:80 check cookie web1</code>
<code>    server web3 10.230.150.70:80 check cookie web3

2.5 SSL Offloading

Add SSL parameters to the global section and bind port 443 in the frontend:

global</code>
<code>    tune.ssl.default-dh-param 2048</code>
<code>frontend main</code>
<code>    bind :80</code>
<code>    bind :443 ssl crt /etc/ssl/certs/web.pem</code>
<code>    redirect scheme https if !{ ssl_fc }</code>
<code>    default_backend nginx

2.6 Traffic Routing

Route based on URL path:

frontend main</code>
<code>    acl is_test1 path_beg /test1</code>
<code>    acl is_test2 path_beg /test2</code>
<code>    use_backend test1 if is_test1</code>
<code>    use_backend test2 if is_test2</code>
<code>    default_backend nginx</code>
<code>backend test1</code>
<code>    server web2 10.230.150.69:80 check</code>
<code>backend test2</code>
<code>    server web3 10.230.150.70:80 check

Route based on HTTP header (Host):

frontend main</code>
<code>    acl is_test1 hdr_beg(host) www.test1.com</code>
<code>    acl is_test2 hdr_beg(host) www.test2.com</code>
<code>    use_backend test1 if is_test1</code>
<code>    use_backend test2 if is_test2</code>
<code>    default_backend nginx

3. Summary

Software load balancing with Keepalived + HAProxy offers a cost‑effective, flexible, and highly available solution compared with hardware appliances. It integrates seamlessly into Linux environments, supports health checks, session persistence, SSL termination, and fine‑grained traffic routing, making it suitable for medium‑scale to large‑scale services.