Transparent HAProxy in MS Azure


#1

Dear all,
I wonder whether someone managed to setup TRANSPARENT HAProxy within Microsoft Azure environment. We are able to setup transparent HAProxy in local, VirtualBox-based environment, but when trying to apply this setup in MS Azure, we cannot make it work (probably due to some routing problems). Is there anyone who has some positive experience with deploying of transparent HAProxy into MS Azure?


#2

Michal,
I found your post while looking for information on the same thing. I know it’s been a while since your post so you may have already found a solution but here is how I done it. If you find a better way please let me know,

I done it with multiple subnets in Azure. HAProxy in one and the servers in another. You then add a user defined route from the server subnet to route all traffic back though your HAProxy vm. On your HAProxy vm you need to enable IP forwarding as well the correct inbound and outbound security group rules. The outbound rule nearly caught me out as the traffic will be from 0.0.0.0/0 not the IP of your HAProxy instance.

And that should be it, you may be able to do it in a single subnet by changing the routes on the server to route the return traffic back through HAProxy but I’ve not tried this. I’ve written it all up here https://loadbalancer.org/blog/transparent-haproxy-in-azure in more detail.


#3

Hello Ben,
thank you for the reply. It is good to know that you have find a procedure how to setup transparent HAProxy in Azure. The problem is, that as far as I understood to your solution, you implemented it in new, resource-based, Azure portal where user-defined routes can be used. Unfortunately, our solution is deployed in classic Azure portal so we cannot use UDRs at all, thus we decided to slighly change our setup and to use native Azure’s load balancers in addition to Linux VM machines with modified IP tables (we need to limit number of incoming TCP connections which was the main aim of our tryings). Anyway, thank you for the post again!


#4

Can you provide your configuration? We have similar needs of transparent proxy on open stack. We would like to experiment how that works.