haproxy - pass original / remote ip in tcp mode

load-balancing haproxy

Solution 1:

Just for future references, keepalived is a solution for failover not load balancing (maybe you mean LVS?). the transparent proxy mode for HAProxy has nothing to do with any special way of sending the original IP, that would be the normal non-transparent HTTP mode where you can use a standardized HTTP header for this.

In my opinion the correctly answer the original question is: You could compile transparent proxy support in HAProxy on a TPROXY enabled linux kernel. This together with proper TPROXY supporting version + configuration of iptables on the same machine enables actual fully transparent tcp proxy support. This means that backend servers do NOT need any special configuration.

Note that this is actually not the recommended setup for HAProxy and should only be used if you absolutely need it.

Solution 2:

There is apparently some sort of "transparent" mode for haproxy that I've never looked at or want anything to do with, that you could try. Otherwise, you'll need to teach whatever the backend service is about haproxy's special way of sending the original IP ("PROXY blahblah") and have the service pull the original IP out of that.

Why are you bothering with haproxy, though? You've got keepalived already in place, and it does proper transparent load balancing, too.

Solution 3:

Using send-proxy in your configuration (per-server) will give you the original source-ip on the recieving server side, even in TCP mode. This requires HAProxy 1.5+.

You may find more information about Proxy Protocol in HAProxy Documentation.

listen my_service 0.0.0.0:4567
mode tcp
balance leastconn
option tcpka
contimeout      500000
clitimeout      500000
srvtimeout      500000

server host1 xxx.xxx.xxx.xx1:4567 send-proxy check port 4567 inter 5000 rise 3 fall 3
server host2 xxx.xxx.xxx.xx2:4567 send-proxy check port 4567 inter 5000 rise 3 fall 3

Solution 4:

You could set the HAProxy as NAT Mode, which it still using TCP mode in Layer 4 but makes the IP transparent.

HAProxy Layer 4 load balancing NAT mode

On the other hand, HAPorxy Transparent Mode uses HTTP mode in Layer 7, which it doesn't hit your point because there are already has forwardfor option in HTTP mode.

HAProxy layer 7 load-balancing transparent proxy mode

Related

How to correctly save and load a model with custom CTC layer (Keras example)
Optimization problem with non-linear constraint
HTML video player (Fluid Player) playing more then one video
How can I resolve this class instance error in the following very simple function?
Can Someone please explain how For loop is Working here?
Lua check if method exists
Typescript: Enforce a type to be "string literal" and not <string>
How to visualize Protocols and Extensions in UML?
How to display elements inside a div one after another?
How to use LIMIT in spring within sql query?
Python test given path to file in given path of folder
How to use custom scripts in Azure Data Factory to Transform data?