Hello! I've been asked to architect software load balancing for a web farm to support hundreds of thousands of concurrent connections. I planned to use multiple haproxy instances and round-robin DNS to make it scalable (we've done this before with success). We need to support SSL connections, but terminated on the backend. Persistence is a bonus (to reduce SSL negotiations) but not absolutely required, so I planned to use source IP persistence and expect the hash to be consistent across identically-configured instances.
Now the customer has added the requirement that the requests look like they came from the client — i.e. transparent proxying. So I need to set the default gateway of the backends to the haproxy instance, or else I get asynchronous routing.But if I have multiple haproxy instances, I can't route through just one; if the request came from a different haproxy instance, I'll be async again. The best option I can come up with is to break the backends into groups and assign each group to an haproxy, which would then be the backends' default gateway. But then my backends are silo'd and I'm really relying on round-robin DNS to keep things even, which I don't consider reliable. I've asked if the customer can use the X-Forwarded-For header instead, but I'm not expecting them to agree to that. This is a rebuild of an environment that had its own Foundry ServerIron, so they've come to expect certain features. I haven't had any luck searching the web for something like this. Am I correct about all this? Does anyone have a better idea? Thank you!!! Donovan
