Hi,
I am new with HAProxy and I am running an experiment where I want HAProxy to send SYN to the backend as soon as Client sends SYN. Currently, I see that HAProxy completes 3-way Handshake with Client first and then starts 3-way with backend. My aim is to parallelize these 2 handshakes.
I believe this is because of native DDOS prevention against SYN flood from HAProxy. Is there a way to solve this?
Thanks,
Nalin
No, haproxy is a layer 7 load-balancer, it does not forward packets. What you are trying to achieve is not possible at this layer.
When the client sends a SYN to the port haproxy is running, haproxy does even know about it yet, because the kernel only passes the connection to the application when the 3 way handshake is completed, and even then, haproxy likely wont yet know what backend server to connect to, as it could depend on layer 7 informations.
Thanks for your reply. Wondering if there are any another alternative solutions that I can use.
IPVS is what you are looking for.