Multiple network HAproxy setup

Help!
1

Hello team,

I wan to configure a HAproxy setup using 3 networks. Currently i am using openstack and i havse already configured 3 networks on the heat template.

The desired config is as per below -

  1. OAM Network so i can only ssh into the node
  2. Network 1 which refers to incoming imap traffic(front end)
  3. Network 2 aiming for my back end.

So the idea is to be fed from Network 1 and push this traffic to another configured existing such as Network 2 which backend is put on.

Visio:

Incomming Traffic Network (10.10.100.XXX) -> HAproxy -> Backend Network (10.10.200.XXX).

Thanks

2

That sounds fairly simple, what is the question?

If it’s can my real servers be in a different network to the frontend IP then the answer is sure.

Just configure the server hosting HAProxy for all required networks and then configure HAProxy as such, all should be good. If I’m misunderstanding let me know what you need and I’ll be happy to help if it’s within my ability.

3

Hello Aaron

The question is related to multiple backends setup. I do have a smart resolution DNS configured so all FE and BE are reachable and resolved but i am facing issues with the .cfg file.

The topology as mentioned on previous email is as per below -

i have a FE which is serving IMAP traffic to HAProxy and 3 back-ends which are load balances to hide the network after it ans as well to have a traffic distribution.

May i share my config as well so we can troubleshoot it on it?

Thank you

4

That would be great, happy to assist where I can.

5

global
log 127.0.0.1 local2 info #emerg alert crit err warning notice info debug

maxsslconn 90096
tune.ssl.default-dh-param 2048
chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     12500
user        haproxy
group       haproxy
daemon
ssl-default-bind-ciphers HIGH:MEDIUM:!aNULL:+SHA1:!MD5:!RC4:!SSLv2:!ADH:!EDH
ssl-default-bind-options no-sslv3 #force-tlsv10
stats socket /var/run/haproxy.sock mode 600 level admin
stats timeout 2m
#stats socket ipv4@192.168.0.1:9999 level admin

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

resolvers mydns
nameserver dns1 XX.XX.XX.XX:53
nameserver dns2 XX.XX.XX.XX:53
resolve_retries 3
timeout retry 1s
hold valid 60s

defaults
mode http
log global
option httplog
default-server init-addr none
option forwardfor except 127.0.0.0/8
option redispatch
retries 5
timeout http-request 5s
timeout queue 30s
timeout connect 5s
timeout client 5s
timeout server 5s
timeout http-keep-alive 5s
timeout check 5s
maxconn 12500
option abortonclose
errorfile 408 /dev/null

backend vLB
listen Test-vLB
bind :80 v4v6
bind :::50143 v4v6 name VVM_PLAIN
bind :::50443 v4v6 name VVM_SSL
bind :::50993 v4v6 name VVM_TLS
maxconn 12500
timeout client 600000
timeout server 60000
timeout connect 5000
balance roundrobin
option forwardfor
option tcp-check
option tcplog
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
mode http
stats enable
cookie SERVERID insert indirect nocache
tcp-check connect port 143
http-check expect string *\ OK\ IMAP4\ ready
maxconn 90096
timeout client 600000
timeout server 60000
timeout connect 5000
server <fqdn_vLB_server> check verify none inter 30000 resolvers mydns resolve-prefer ipv6

listen stats
bind :::61165 v4v6# USED FOR BABBYSITTER TESTER. DO NOT COMMENT OR CHANGE THIS LINE.
mode http
maxconn 3
stats show-legends
stats uri /admin?stats
stats enable
stats hide-version
stats scope .
stats realm Haproxy\ Statistics
stats uri /haproxy?stats;csv
stats auth ZZZZZZ:YYYYYY

option contstats
6

global
log 127.0.0.1 local2 info #emerg alert crit err warning notice info debug

maxsslconn 90096
tune.ssl.default-dh-param 2048
chroot      /var/lib/haproxy
pidfile     /var/run/haproxy.pid
maxconn     12500
user        haproxy
group       haproxy
daemon
ssl-default-bind-ciphers HIGH:MEDIUM:!aNULL:+SHA1:!MD5:!RC4:!SSLv2:!ADH:!EDH
ssl-default-bind-options no-sslv3 #force-tlsv10
stats socket /var/run/haproxy.sock mode 600 level admin
stats timeout 2m

# turn on stats unix socket
stats socket /var/lib/haproxy/stats

resolvers mydns
nameserver dns1 XX.XX.XX.XX:53
nameserver dns2 YY.YY.YY.YY:53
resolve_retries 3
timeout retry 1s
hold valid 60s

defaults
mode http
log global
option httplog
default-server init-addr none
option forwardfor except 127.0.0.0/8
option redispatch
retries 5
timeout http-request 5s
timeout queue 30s
timeout connect 5s
timeout client 5s
timeout server 5s
timeout http-keep-alive 5s
timeout check 5s
maxconn 12500
option abortonclose
errorfile 408 /dev/null

backend vLB
listen test-vLB
bind <Haproxy_Node_IP>:80 v4v6
bind :::50143 v4v6 name VVM_PLAIN
bind :::50443 v4v6 name VVM_SSL
bind :::50993 v4v6 name VVM_TLS
maxconn 12500
timeout client 600000
timeout server 60000
timeout connect 5000
balance roundrobin
option forwardfor
option tcp-check
option tcplog
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
option httpchk HEAD / HTTP/1.1\r\nHost:localhost
mode http
stats enable
cookie SERVERID insert indirect nocache
tcp-check connect port 143
http-check expect string *\ OK\ IMAP4\ ready
maxconn 90096
timeout client 600000
timeout server 60000
timeout connect 5000
server <fqdn_IP_backend> check verify none inter 30000 resolvers mydns resolve-prefer ipv6

listen stats
bind :::61165 v4v6# USED FOR BABBYSITTER TESTER. DO NOT COMMENT OR CHANGE THIS LINE.
mode http
maxconn 3
stats show-legends
stats uri /admin?stats
stats enable
stats hide-version
stats scope .
stats realm Haproxy\ Statistics
stats uri /haproxy?stats;csv;norefresh;
stats auth ZZZZZZ:TTTTTTT

option contstats
7

Please can some help me on the above?

Thank you