HAProxy Load Balancing in Exchange 2016 - New Information


#1

Teams,
Microsoft has now released Exchange 2016, we know from previous setups that 2013 can be done with great results, but 2016 introduces a new “Health Monitoring”. Exchange 2016 includes a built-in monitoring solution, known as [Managed Availability].

We know… Since session affinity is not used by the HAProxy load balancer, this means that the load balancer has no knowledge of the target URL or request content. All the load balancer uses is layer 4 information, the IP address and the protocol/port (TCP 443)

According to Microsoft, Managed Availability includes an offline responder. When the offline responder is invoked, the affected protocol (or server) is removed from service.

URL: https://blogs.technet.microsoft.com/exchange/2015/10/08/load-balancing-in-exchange-2016/

My Question, that this forum will get a lot of…
If the load balancer did not utilize the healthcheck.htm in 2016 health probe, then the load balancer would have no knowledge of Exchange’s Managed Availability’s removal of (or adding back) a server from the applicable load balancing pool.

So, the end result is that the load balancer would have one view of the world, while Managed Availability (Exchange) would have another view of the world. In this situation, the load balancer could direct requests to a Mailbox server that Managed Availability has marked down, which would result in a negative (or broken) user experience. This is why the recommendation exists to utilize healthcheck.htm in the load balancing health probes.

Can HAProxy accommodate this in it’s config file?

Here’s what I have so far


global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon


defaults
option dontlognull # Do not log connections with no requests
option redispatch # Try another server in case of connection failure
option contstats # Enable continuous traffic statistics updates
retries 3 # Try to connect up to 3 times in case of failure
timeout connect 5s # 5 seconds max to connect or to stay in queue
timeout http-keep-alive 1s # 1 second max for the client to post next request
timeout http-request 15s # 15 seconds max for the client to send a request
timeout queue 30s # 30 seconds max queued on load balancer
timeout tarpit 1m # tarpit hold tim
backlog 10000 # Size of SYN backlog queue
balance roundrobin # load balancing algorithm
mode tcp # protocol analyzer
option tcplog # log format
log global # log activation
timeout client 300s # client inactivity timeout
timeout server 300s # server inactivity timeout
default-server inter 3s rise 2 fall 3 # default check parameters


frontend Exchange_FrontEnd_HTTP
bind 192.168.201.15:80 name web
maxconn 10000
default_backend Exchange_BackEnd_HTTP

backend Exchange_BackEnd_HTTP
server SRV-EX01 192.168.201.235:80 maxconn 10000 check
server SRV-EX02 192.168.201.230:80 maxconn 10000 check backup

frontend Exchange_FrontEnd_SSL
bind 192.168.201.15:443 name ssl
maxconn 10000
default_backend Exchange_BackEnd_SSL

backend Exchange_BackEnd_SSL
server SRV-EX01 192.168.201.235:443 maxconn 10000 check
server SRV-EX02 192.168.201.230:443 maxconn 10000 check backup

frontend Exchange_FrontEnd_SMTP25
bind 192.168.201.15:25 name smtp
maxconn 10000
default_backend Exchange_BackEnd_SMTP25

backend Exchange_BackEnd_SMTP25
server SRV-EX01 192.168.201.235:25 maxconn 10000 check
server SRV-EX02 192.168.201.230:25 maxconn 10000 check backup

frontend Exchange_FrontEnd_SMTP_Secure
bind 192.168.201.15:465 name smtpssl
maxconn 10000
default_backend Exchange_BackEnd_SMTP_Secure

backend Exchange_BackEnd_SMTP_Secure
server SRV-EX01 192.168.201.235:465 maxconn 10000 check
server SRV-EX02 192.168.201.230:465 maxconn 10000 check backup

frontend Exchange_FrontEnd_IMAP
bind 192.168.201.15:143 name imap
maxconn 10000
default_backend Exchange_BackEnd_IMAP

backend Exchange_BackEnd_IMAP
server SRV-EX01 192.168.201.235:143 maxconn 10000 check
server SRV-EX02 192.168.201.230:143 maxconn 10000 check backup

frontend Exchange_FrontEnd_IMAP_Secure
bind 192.168.201.15:993 name imapssl
maxconn 10000
default_backend Exchange_BackEnd_IMAP_Secure

backend Exchange_BackEnd_IMAP_Secure
server SRV-EX01 192.168.201.235:993 maxconn 10000 check
server SRV-EX02 192.168.201.230:993 maxconn 10000 check backup

# frontend Exchange_FrontEnd_POP3
# bind 192.168.201.15:110 name pop3
# maxconn 10000
# default_backend Exchange_BackEnd_POP3

# backend Exchange_BackEnd_POP3
# server SRV-EX01 192.168.201.235:110 maxconn 10000 check
# server SRV-EX02 192.168.201.230:110 maxconn 10000 check backup

# frontend Exchange_FrontEnd_POP3_Secure
# bind 192.168.201.15:995 name pop3ssl
# maxconn 10000
# default_backend Exchange_BackEnd_POP3_Secure

# backend Exchange_BackEnd_POP3_Secure
# server SRV-EX01 192.168.201.235:995 maxconn 10000 check
# server SRV-EX02 192.168.201.230:995 maxconn 10000 check backup


#This is the virtual URL/Port to access the stats page

listen stats 192.168.201.15:4711
mode http
balance
timeout client 5000
timeout connect 4000
timeout server 30000
stats enable
stats hide-version
stats uri /

**#This allows you to take down and bring up back end servers. **
**#This will produce an error on older versions of HAProxy. **
**# stats admin if TRUE**