HAProxy on back-end or front-end with private floating IP


Hello! We are setting up some different implementations of mail cluster and have some question related to HAProxy. Our cluster has 3 backend nodes with normal mail services. Currently there is a private floating IP between HAProxy on 2 frontend nodes. The traffic from applications (which are on backend servers) is handled by HAProxys (on frontend nodes) through floating IP and distributed back to backend servers. This is just for applications and works very well. Public traffic is handled by public floating IP.
Now I have a question. Would it be better to put HAProxy on every backend node and change the backend service ports to different value than default. Then bind HAProxy to default service ports and proxy traffic to changed backend port. By default traffic would go to localhost, but fail-over to other 2 backend nodes.
We have this implementation for Percona cluster, 3 nodes with MySQL and HAProxy installed. MySQL default port set to 3307 and HAProxy bind to 3306. Then by default redirect to local mysql service, and backup to other 2. This is working very well for some years now.
We would do this for all mail services, moving default backend port +1 and giving default port to HAProxy.

Is far as I see, there is less roundtrip for the traffic, because we go localhost by default. If there are more app servers than private floating IP is more optimized, than putting HAProxy on every app server. But are there any other concerns with running HAProxy on backend nodes and handle traffic between nodes in case of localhost failure? Would this implementation be better then the floating private IP?
Pros and cons in your opinion would be really appreciated.

Thank you very much,


I have no idea. This seems like a very strange thing to do. Let the load-balancer load-balance and the backend handle the application. Since this works very well for you, why change this setup? Why mix roles and over complicate your setup?


Because sometimes private floating IP is not available or we want to do multiple DC and cannot go that implementation path. That’s why I asked if the other way would be OK also, because it would be possible to implement it when floating IP is not available. It would not be so complicated implementation, we already have something similar for MySQL service and it’s working OK.

Thank you very much!


If would avoid this setup for the reasons mentioned. You no longer have a clear load balancing layer. YMMV.