2 Quick history - major dates Project started in 2000 as a hack to rewrite HTTP headers during a benchmark 2001/12/16 : version 1.0 : deployed in emergency to off-load a failing load balancer 2002/03/10 : version : basic LB, checks 2003/09/20 : version with English Documentation marks the real take-off 2003/11/09 : version : IPv6, beginning of performance improvements 2004/12/26 : version : first external contrib (appsession) 2006/03/19 : version : first use in a commercial product (ALOHA v1.0) 2006/06/29 : version : focus on flexibility (frontends/backends) 2009/06/09 : start of 1.4-dev branch : new development model with stable/dev branches 2010/02/26 : version : much better HTTP compliance, content analysis, /05/23 : start of 1.5-dev branch
3 Change of goals over time Initially, focused on simplicity (was a tool subject to quick and dirty updates). Then focused on CPU and memory savings for mainstream OSes and hardware (Solaris 2.6 on UltraSparc 170 MHz, Linux 2.2 on Pentium2 450, with up to 128 MB of RAM). Focused on reliability when starting to be used in production in a large bank Focused on connection scalability as the usage grew Focused on dealing with large configurations as adoptions increased Started to focus on maintainability as critical sites adopted it Changed the development model to adopt devel and stable branches (thanks Git) Focused on network bandwidth as large sites adopted it (TCP splicing for 10+ Gbps) Focused on modularity as features started to grow and to share code Current focus is on ability to contribute/debug/audit to scale the project team
4 Goals which have not changed Reliability above anything else. When a user asks for a wrong feature, he has real needs that must be addressed (eg: leastconn, server weight, SSL, compression, keep-alive,...) Long-term maintenance (1.3 still supported, 1.1 still alive in field) No config breakage, guide user through warnings and advices instead (1.5 loads 1.1 configs)
5 Current state of affairs 1.5-dev22 released on 2014/02/ final expected "soon" ("soon" = "when it's ready") 1.4 currently is the mostly deployed version in numbers of sites 1.5-dev currently is the version deployed on the largest sites. Some sites using 1.4 have already replaced stunnel with 1.5-dev on the front 1.5-dev still needs to be stable enough because large sites rely on it today.
6 Why migrate from 1.4 to 1.5 SSL : getting rid of Stunnel Native OpenSSL inclusion, all SSL info available Client and Server side Supports SNI, NPN, ALPN Multi-hosting, wildcards and crt-list Note: thanks to Bumptech for the immense help with Stud! End-to-end HTTP Keep-Alive (static farms, NTLM) IPv6 : supported everywhere (server, ACLs,...) HTTP Compression
7 Why migrate from 1.4 to 1.5 (cont'd) PROXY protocol : now adopted by many common products : PROXY TCP \r\n GET / HTTP/1.1\r\n Host: \r\n \r\n Client-side : haproxy, stud, stunnel, exaproxy, ELB Server-side : haproxy, stud, postfix, exim, nginx, varnish (in progress) More rulesets: tcp-request connection, tcp-response, http-response More actions: HTTP: add-header, set-header, redirect, tarpit TCP: set-nice, set-log-level, set-tos, set-mark, close, expect-proxy, track-*
8 Why migrate from 1.4 to 1.5 (cont'd) Sample extraction from everything available (address, payload, cookie count, date, env,...) Pipelined sample processing via various converters (eg: "hdr(host),lower,map(to_cust.map)") ACLs can use any match method with any input sample Maps and dynamic ACLs updatable from the CLI Stick-tables and counters : track usage stats for any given key : cumulated/concurrent connections, connection rate total bytes in/out, in/out byte rates total HTTP requests, HTTP errors, HTTP req rate, error rate
9 Why migrate from 1.4 to 1.5 (cont'd) Dynamic strings made from samples, usable at many places : Custom log format Custom unique-id insertion HTTP header manipulation Redirects Improved health checks : All are SSL-compatible Scriptable TCP checks Check agent Redis, PgSQL
10 Why migrate from 1.4 to 1.5 (cont'd) Many actions on the CLI : frontend: enable/disable/shutdown table/acl/map : add/del/show/search/clear entries checks: enable/disable limits: set maxconn, rate-limit on many settings Programmable actions on server state transition (on-marked-down...) Environment variables usable in all addresses More tunables (header counts, cookie length,...) Configurable hash algorithms Configuration scalability to tens of thousands of backends
11 Why migrate from 1.4 to 1.5 (cont'd) Platform-specific features : IPv6 transparent binding (Linux) TCP Fast Open (Linux) cpu-map (Linux) tproxy (FreeBSD/OpenBSD) PCRE Jit
12 Focus for 1.6 Config syntax update / removal of obsolete features (eg: reqsetbe) better multi-process / multi-thread integration needed to maximize SSL & compression performance requires better stats handling health check synchronization stick-table sharing? RAM-based small objects cache DNS resolving on-the-fly / checks HTTP/2 gatewaying to 1.x
13 Focus for 1.6 (cont'd) Stateless gzip compression SSL : shared cache, CyaSSL Improved POST/body processing save / restore check states across reloads "wait on resource" dynamic buffer allocation multi-level traffic shaping More core developers for better scalability More: see ROADMAP file!
14 Commercial extensions to come by 2014 Browser fingerprinting differenciate a real browser from a bot avoid blocking search engines scraping your site Bot Net stopper prevent botnets from hammering your site APT protection don't let attackers abuse HTTP to wake up backdoors or bypass filtering DDoS mitigation 20 Gbps stateful line-rate software-only filter blocks invalid packets System's network stack handles the TCP validation HAProxy handles the HTTP validation and abuse prevention... and more by the end of the year
Administration Manual Web Security Manager 4.2 www.alertlogic.com firstname.lastname@example.org February, 2014 Alert Logic, the Alert Logic logo, the Alert Logic logotype and Web Security Manager are trademarks
Appliance Administration Manual v6.21 This document covers all required administration information for Loadbalancer.org appliances Copyright 2014 Loadbalancer.org, Inc. Table of Contents Section A Introduction...7
Getting Started with Zeus Web Server 4.3 Zeus Technology Limited - COPYRIGHT NOTICE Zeus Technology Limited 2004. Copyright in this documentation belongs to Zeus Technology Limited. All rights are reserved.
Load Balancing Microsoft IIS Deployment Guide rev. 1.4.2 Copyright 2015 Loadbalancer.org, Inc. 1 Table of Contents About this Guide... 4 Appliances Supported... 4 Microsoft IIS Software Versions Supported...
Deployment Guide AX Series with Microsoft Exchange Server 2010 v.1.2 DG_0512.1 DEPLOYMENT GUIDE AX Series with Microsoft Exchange Server 2010 Table of Contents 1. Introduction... 4 1.1 Prerequisites and
ALOHA Load-Balancer - Application Note Document version: v1.2 Last update: 2nd June 2014 EMEA Headquarters 3, rue du petit robinson ZAC des Metz 78350 Jouy-en-Josas France http://www.haproxy.com/ Purpose
Pertino HA Cluster Deployment: Enabling a Multi- Tier Web Application Using Amazon EC2 and Google CE A Pertino Deployment Guide 1 Table of Contents Abstract... 2 Introduction... 3 Before you get Started...
2008 Cisco Systems, Inc. All rights reserved. Cisco Public 1 Server Load Balancing Design 2008 Cisco Systems, Inc. All rights reserved. Cisco Public 2 1 Cisco Application Delivery Networks Network Classification
Next Generation Security with VMware NSX and Palo Alto Networks VM-Series TECHNICAL WHITE PAPER Summary of Contents Introduction... 3 Intended Audience and purpose of document.... 3 Solution Overview....
DEPLOYMENT GUIDE Version 1.0 Deploying the BIG-IP LTM with Apache Tomcat and Apache HTTP Server Table of Contents Table of Contents Deploying the BIG-IP LTM with Tomcat application servers and Apache web
Using Dynamic Feedback to Optimise Load Balancing Decisions Jeremy Kerr email@example.com Abstract The goal of a network load balancer is to distribute a workload evenly amongst a cluster of
UNIVERSITY OF OSLO Department of Informatics Performance Measurement of Web Services Linux Virtual Server Muhammad Ashfaq Oslo University College May 19, 2009 Performance Measurement of Web Services Linux
Best Practices for HP Vertica OEM Customers HP Vertica Analytic Database Software Version: 7.0.x Document Release Date: 2/20/2015 Legal Notices Warranty The only warranties for HP products and services
Web Switching (Draft) Giuseppe Attardi, Università di Pisa Angelo Raffaele Meo, Politecnico di Torino January 2003 1. The Problem Web servers are becoming the primary interface to a number of services,
This guide provides configuration best practices for application optimization with SAP Business Suite and the Cisco data center solutions, including the Cisco Application Control Engine (ACE), Wide Area
Exploring the Linux-based Zeus load balancer OLYMPIAN On today s networks, distributing requests in a cluster of web servers requires more than just assigning the requests in a round robin. The Zeus ZXTM
XR: Crossroads Load Balancer and Fail Over Utility Karel Kubat 2010 This document is the introductory guide, the configuration guide and the installation guide to XR. XR is an open source load balancer
LevelOne User Manual ACC-2000 KVM IP Console Module Ver. 1.1 1 / 87 Certificates Ver. 1.0.0-0709 FCC This equipment has been tested and found to comply with Part 15 of the FCC Rules. Operation is subject
Red Hat Enterprise Linux 7 Load Balancer Administration Load Balancer Add-on for Red Hat Enterprise Linux Red Hat Engineering Content Services Red Hat Enterprise Linux 7 Load Balancer Administration Load