On Tue, Jul 16, 2013 at 10:16:11PM +0200, Lukas Tribus wrote:
> Hi!
>
>
> > The incoming packets pass thru haproxy, but my backend web servers
> > respond directly to client, instead of send to haproxy and then to client?
>
> This is by definition not possible when you are working at layer 7 (or even
> when you just terminating TCP).
>
> Use layer 4 load balancers, like Linux' LVS for "direct route".
>
>
>
> > I think that if the haproxy could be a bottleneck if all packets
> > returned thru him.
>
> I wouldn't be so sure about that. What kind of traffic patterns do you
> have? Numbers of 20Gbps+ are possible on a properly tuned machine.
Yeah, even more, during last test I reached 40 Gbps with 256 kB objects
and I still had some CPU available. I'll need to upgrade the platform
with more NICs, clients and servers to publish a better test report :-)
In fact, direct routing is only interesting in three cases :
- you have a compelling reason for not wanting to transfer the traffic
back to the LB (eg: expensive bandwidth)
- you're dealing with very small packets that a standard TCP stack
will not be abke to process at line rate
- you need multiple LBs *and* you want to get the client's IP as the
source address, so it can become hard to route back to the proper LB.
Best regards,
Willy
