HAProxy Overview and Features

Jul 1, 2025

Overview

This lecture provides an introduction to HAProxy version 1.8.30, explaining basic concepts of load balancing, HAProxy's features, architecture, use cases, and integration with related tools.

Available Documentation

  • Multiple documents support HAProxy: intro, management, configuration, coding style, PROXY protocol, and README for builds.
  • Always check relevant docs before asking questions to the community or mailing list.

Introduction to Load Balancing

  • Load balancing distributes work across multiple components for higher aggregate performance without user intervention.
  • Load balancers may operate at link, network, or server levels; common in web environments as "network load balancers."
  • Two main technologies: packet-based (L4, stateless, fast) and session/content-based (L7, stateful, content-aware).

Introduction to HAProxy

  • HAProxy is a TCP/HTTP proxy, SSL terminator, traffic regulator, and reverse-proxy, not a caching proxy or explicit HTTP proxy.
  • Designed for high availability, scalability, and protection against attacks.

How HAProxy Works

  • Single-threaded, event-driven, non-blocking engine optimized for fast data movement.
  • Core tasks: processing connections, health checking servers, exchanging info with other HAProxy nodes.
  • Uses frontends (client-side) and backends (server-side) for processing and routing.

Basic Features of HAProxy

  • Proxying: Manages connection transparently, supports PROXY protocol, enforces timeouts, and validates protocols.
  • SSL: Supports SNI, wildcard certs, client/server authentication, ALPN/NPN, OCSP stapling, and stateless session resumption.
  • Monitoring: Continuous health checks, server agents, detailed status reporting, and multiple check methods.
  • High Availability: Only valid servers used, backup servers, graceful shutdown, and VRRP integration.
  • Load Balancing: Multiple algorithms (round-robin, leastconn, source, URI), server weights, dynamic weights, slow-start, and hashing.
  • Stickiness: Maintains session persistence, supports flexible stick-tables, and replication across nodes.
  • Sampling/Conversion: Can extract, transform, and use data from connections, headers, SSL, etc.
  • Maps: Fast key-to-value mappings for data such as geolocation.
  • ACLs/Conditions: Conditional operations with logical combinations of ACLs.
  • Content Switching: Routes requests based on content (headers, URLs) to different backends.
  • Stick-Tables: Store stickiness info, statistics, and support replication.
  • Formatted Strings: Flexible logging and header manipulation with dynamic expressions.
  • HTTP Rewriting/Redirection: Adjusts headers/paths for legacy apps, supports regex and ACL-based changes.
  • Server Protection: Buffers, strict protocol validation, queuing, connection limits, and anti-abuse measures.
  • Logging: High-precision, detailed logs with customizable formats and levels.
  • Statistics: Web-based authenticated stats interface with fine-grained visibility and administrative controls.

Advanced Features

  • Management: Single binary, offline config checks, CLI for live troubleshooting, SNMP support, recommended utilities: socat, halog, tcpdump, strace.
  • System-Specific Capabilities: Some features are Linux/BSD specific (transparent bind, network namespaces), monotonic clock for timer accuracy.
  • Scripting: Optional Lua scripting for custom processing and advanced automations.

Sizing & Performance

  • Processing costs: payload < headers < connections < TLS operations.
  • Best performance: high-frequency CPUs, fewer cores except for TLS.
  • Benchmarks: up to 20 Gbps clear-text, 4.6 Gbps TLS, 83k+ connections/sec, and 20000+ concurrent saturated connections per GB RAM.

How to Get HAProxy

  • Official site provides sources and stable releases; also available via OS packages or commercial versions.
  • Identify your version/source before upgrading; always use latest for your branch.

Companion Products & Alternatives

  • Apache: Use HAProxy for connection limits and DoS protection.
  • NGINX: Complements HAProxy, supports PROXY protocol, good for static file serving.
  • Varnish: Works with HAProxy for SSL offloading and smart caching.
  • Alternatives: LVS/IPVS, Pound, Pen, NGINX, and Varnish offer various features but may lack advanced load balancing or stickiness.

Key Terms & Definitions

  • Load Balancer — Distributes traffic or requests across multiple servers or components.
  • Frontend/Backend — HAProxy config entities handling client/server side processing.
  • Stickiness — Ensures repeated requests from a client are sent to the same server.
  • Stick-Table — Data structure storing stickiness info and statistics.
  • PROXY Protocol — Protocol for passing client connection info to backend servers.
  • ACL (Access Control List) — Set of tests and conditions to control routing or processing.
  • Content Switching — Routing requests to different backends based on content.

Action Items / Next Steps

  • Review the official documentation for specific configuration, management, and coding guidance.
  • Identify your current HAProxy version and source before planning upgrades.
  • Consider recommended utilities (socat, halog, tcpdump, strace) for troubleshooting and management.

View note source

http://cbonte.github.io/haproxy-dconv/1.8/intro.html#3.3.1