HA proxy Backend serves Downs

Help!
1

Hi everyone

I have a HA proxy with 02 interfaces management and workload network, backend by a VMware Tanzu Clusters of 03 Nodes

So when I don’t add the default Route to the workload Network the HAproxy j it forward traffic to the backend serves and I can reach the WEB VIP address for my backed servers if I am in the same Network (workload) from client — HA ------Backend

But when I add a default route on the HAproxy to reach the Workload interface from outside, I could ping the VIP address from management LAN but no VIP Backend servers Web pages but it seems that like the HAproxy doesn’t forward the request to the backend server , and it says that No Server Available!!
Despite the backend server are available and web service is up on ports 443 and H proxy is listening on the VIP:0443 as I already reached them in the first scenario

below is the log from the HA proxy for scenario 02

Could anyone hele on the root cause of this problems, ?

root@haproxy [ ~ ]# /usr/sbin/haproxy -f /etc/haproxy/haproxy.cfg
Proxy domain-c8:8830b39a-f678-40ad-bc2b-26fd07b79112-kube-system-kube-apiserver-lb-svc started.
Proxy domain-c8:8830b39a-f678-40ad-bc2b-26fd07b79112-vmware-system-csi-vsphere-csi-controller started.
Proxy domain-c8:8830b39a-f678-40ad-bc2b-26fd07b79112-kube-system-kube-apiserver-lb-svc-kube-apiserver started.
Proxy domain-c8:8830b39a-f678-40ad-bc2b-26fd07b79112-kube-system-kube-apiserver-lb-svc-nginx started.
Proxy domain-c8:8830b39a-f678-40ad-bc2b-26fd07b79112-vmware-system-csi-vsphere-csi-controller-ctlr started.
Proxy domain-c8:8830b39a-f678-40ad-bc2b-26fd07b79112-vmware-system-csi-vsphere-csi-controller-syncer started.

[NOTICE] 308/183151 (14115) : New worker #1 (14116) forked

[WARNING] 308/183153 (14116) : Server domain-c8:8830b39a-f678-40ad-bc2b-26fd07b79112-kube-system-kube-apiserver-lb-svc-kube-apiserver/domain-c8:8830b39a-f678-40ad-bc2b-26fd07b79112-kube-system-kube-apiserver-lb-svc-192.168.231.201:6443 is DOWN,
reason: Layer4 timeout, info: " at initial connection step of tcp-check", check duration: 2002ms. 2 active and 0 backup servers left. 0 sessions active, 0 requeued, 0 remaining in queue.

2

Sounds like you need help to setup routing; this is not directly related to haproxy.

Not sure if you will find the what you are looking for in this forum.

3

Hi
Thanks for reply , Yes you are right I confirm that it is a Routing issue between the HAproxy and VMware Tanzu Supervisor cluster Workload Network , I used to add static route to my workstation in order to access to the VIP on the Haproxy Load balancer.

here are a poste that explain the case of Asymetric Routing in case of someone has the same Issue like me