haproxy - pass original / remote ip in tcp mode
Solution 1:
Just for future references, keepalived is a solution for failover not load balancing (maybe you mean LVS?). the transparent proxy mode for HAProxy has nothing to do with any special way of sending the original IP, that would be the normal non-transparent HTTP mode where you can use a standardized HTTP header for this.
In my opinion the correctly answer the original question is: You could compile transparent proxy support in HAProxy on a TPROXY enabled linux kernel. This together with proper TPROXY supporting version + configuration of iptables on the same machine enables actual fully transparent tcp proxy support. This means that backend servers do NOT need any special configuration.
Note that this is actually not the recommended setup for HAProxy and should only be used if you absolutely need it.
Solution 2:
There is apparently some sort of "transparent" mode for haproxy that I've never looked at or want anything to do with, that you could try. Otherwise, you'll need to teach whatever the backend service is about haproxy's special way of sending the original IP ("PROXY blahblah") and have the service pull the original IP out of that.
Why are you bothering with haproxy, though? You've got keepalived already in place, and it does proper transparent load balancing, too.
Solution 3:
Using send-proxy
in your configuration (per-server) will give you the original source-ip on the recieving server side, even in TCP mode. This requires HAProxy 1.5+.
You may find more information about Proxy Protocol in HAProxy Documentation.
listen my_service 0.0.0.0:4567
mode tcp
balance leastconn
option tcpka
contimeout 500000
clitimeout 500000
srvtimeout 500000
server host1 xxx.xxx.xxx.xx1:4567 send-proxy check port 4567 inter 5000 rise 3 fall 3
server host2 xxx.xxx.xxx.xx2:4567 send-proxy check port 4567 inter 5000 rise 3 fall 3
Solution 4:
You could set the HAProxy as NAT Mode, which it still using TCP mode in Layer 4 but makes the IP transparent.
HAProxy Layer 4 load balancing NAT mode
On the other hand, HAPorxy Transparent Mode uses HTTP mode in Layer 7, which it doesn't hit your point because there are already has forwardfor
option in HTTP mode.
HAProxy layer 7 load-balancing transparent proxy mode