Tag Archives: ipv6

HAProxy and Varnish comparison

In opensource world, there are some very smart products which are very often used to build a high performance, reliable and scalable architecture.
HAProxy and Varnish are both in this category.

Since we can’t really compare a reverse-proxy cache and a reverse-proxy load-balancer, I’m just going to focus in common for both software as well as the advantage of each of them.
The list is not exhaustive, but must only focus on most used / interesting features. So feel free to add a comment if you want me to complete the list.

Common points between HAProxy and Varnish


Before comparing the differences, we can summarize the points in common:

  • reverse-proxy mode
  • advanced HTTP features
  • no SSL offloading
  • client-side HTTP 1.1 with keepalive
  • tunnel mode available
  • high performance
  • basic load-balancing
  • server health checking
  • IPv6 ready
  • Management socket (CLI)
  • Professional services and training available

Features available in HAProxy and not in Varnish


The features below are available in HAProxy, but aren’t in Varnish:

  • advanced load-balancer
  • multiple persistence methods
  • DOS and DDOS mitigation
  • Advanced and custom logging
  • Web interface
  • Server / application protection through queue management, slow start, etc…
  • SNI content switching
  • Named ACLs
  • Full HTTP 1.1 support on server side, but keep-alive
  • Can work at TCP level with any L7 protocol
  • Proxy protocol for both client and server
  • powerful log analyzer tool (halog)
  • <private joke> 2002 website design </private joke>

Features available in Varnish and not in HAProxy


The features below are available in Varnish, but aren’t in HAProxy:

  • caching
  • grace mode (stale content delivery)
  • saint mode (manages origin server errors)
  • modular software (with a lot of modules available)
  • intuitive VCL configuration language
  • HTTP 1.1 on server side
  • TCP connection re-use
  • Edge side includes (ESI)
  • a few command line tools for stats (varnishstat, varnishhist, etc…)
  • powerful live traffic analyzer (varnishlog)
  • <private joke> 2012 website design </private joke>

Conclusion


Even if HAProxy can do TCP proxying, it is often used in front of web application, exactly where we find Varnish :).
They complete very well together: Varnish will make the website faster by offloading static object delivery to itself, while HAProxy can ensure a smooth load-balancing with smart persistence and DDOS mitigation.

Basically, HAProxy and Varnish completes very well, despite being “competitors” on a few features, each on them has its own domain of expertise where it performs very well: HAProxy is a reverse-proxy Load-Balancer and Varnish is a Reverse-proxy cache.

To be honest, when, at HAProxy Technologies, we work on infrastructures where Aloha Load balancer or HAProxy is deployed, we often see Varnish deployed. And if it is not the case, we often recommend the customer to deploy one if we feel it would improve its website performance.
Recently, I had a discussion with Ruben and Kristian when they came to Paris and they told me that they also often see an HAProxy when they work on infrastructure where Varnish is deployed.

So the real question is: Since Varnish and HAProxy are a bit similar but complete so well, how can we use them together???
The response could be very long, so stay tuned, I’ll try to answer this question in an article coming soon.

Related Links

Links

Layer7 IPv6 configuration

Purpose

Use the Aloha as an IPv6 to IPv4 gateway without modifying anything on your current platform.

Target Network Diagram

Context

The website is available through IPv4 on  the service IP  192.168.1.254. The IPv4 router does NAT IPv4 public address to this service IP.
About IPv6, the website hostname resolves directly on the IP 2001::2254, which is the  IPv6 service IP hosting the service. The router just routes traffic to the Aloha.
All IPv6 traffic will be automatically translated to IPv4 by the Aloha: nothing to change on your servers and your servers don’t even need to be IPv6 compliant.

Configuration

Aloha 1 network configuration

On the GUI, click on Services > network > eth0  setup icon  , then  update  the configuration as below:

service network eth0
    vrrp id 254
    vrrp garp 30
    vrrp prio 100
    vrrp no-address
    vrrp address 2001::2254
    vrrp address 192.168.1.254
    vrrp address 2001::2254
    ip6  address 2001::2201/96
    ip address 192.168.1.201/24
    mtu 1500

Click on [OK], then [Close].

Once the configuration has been updated, you need to reload the services:

  • Network: Click on Services > eth0 reload icon
  • VRRP: Click on Services > vrrp reload icon

Aloha 2 network configuration

On the GUI, click on Services > network > eth0  setup icon  , then  update  the configuration as below:

service network eth0
    vrrp id 254
    vrrp garp 30
    vrrp prio 99
    vrrp no-address
    vrrp address 2001::2254
    vrrp address 192.168.1.254
    vrrp address 2001::2254
    ip6  address 2001::2202/96
    ip address 192.168.1.202/24
    mtu 1500

Click on [OK], then [Close].

Once the configuration has been updated, you need to reload the services:

  • Network: Click on Services > eth0 reload icon
  • VRRP: Click on Services > vrrp reload icon

Layer 7 (HAproxy) configuration

This configuration is common to both Aloha load balancer.
Add the bind on the IPv6 service address in the corresponding frontend section:

frontend ft_myappli
    bind  192.168.1.254:80
    bind 2001::2254:80
    mode http
    log global
    option httplog
    maxconn 1000
    timeout client 25s
    default_backend bk_myappli

Click on [OK], then [Apply].

Links