By Xiujun Ma in FreeBSD

High Availability and Load Balancing with FreeBSD

High Availability and Load Balancing with FreeBSD

Ensuring high availability and load balancing for your services is crucial for maintaining uptime and performance, especially in production environments. FreeBSD provides powerful tools like HAProxy, CARP (Common Address Redundancy Protocol), and pfsync to achieve these goals. This guide will teach you how to set up a high availability and load balancing environment on FreeBSD using these tools.

Prerequisites

Before you begin, ensure you have the following:

  1. Two or more FreeBSD servers with root access.
  2. Basic knowledge of the command line and networking.
  3. HAProxy installed on all FreeBSD servers.
  4. An existing network setup with at least two network interfaces on each server.

Step 1: Install and Configure HAProxy

HAProxy is a high-performance, reliable TCP/HTTP load balancer. We'll start by installing and configuring HAProxy.

1.1 Install HAProxy

Install HAProxy using the package manager:

sudo pkg install haproxy

1.2 Configure HAProxy

Edit the HAProxy configuration file to set up load balancing:

sudo nano /usr/local/etc/haproxy/haproxy.cfg

Add the following configuration, adjusting IP addresses and ports as needed:

global
    log 127.0.0.1 local0
    maxconn 2048
    user haproxy
    group haproxy
    daemon

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    retries 3
    option  redispatch
    maxconn 2000
    timeout connect 5s
    timeout client  50s
    timeout server  50s

frontend http-in
    bind *:80
    default_backend servers

backend servers
    balance roundrobin
    server server1 192.168.1.2:80 check
    server server2 192.168.1.3:80 check

1.3 Enable and Start HAProxy

Enable and start the HAProxy service:

sudo sysrc haproxy_enable="YES"
sudo service haproxy start

Step 2: Configure CARP for High Availability

CARP allows multiple hosts on the same local network to share a set of IP addresses. This is useful for failover scenarios.

2.1 Enable CARP

Enable CARP on both servers by editing the /etc/rc.conf file:

sudo nano /etc/rc.conf

Add the following lines:

ifconfig_em0="up"
ifconfig_em0_alias0="vhid 1 pass securepass alias 192.168.1.100/24"

Replace em0 with your network interface, securepass with a secure password, and 192.168.1.100 with your shared virtual IP address.

2.2 Configure CARP on Each Server

Configure CARP on both servers. On the first server, set the priority higher:

ifconfig_em0_alias0="vhid 1 advskew 100 pass securepass alias 192.168.1.100/24"

On the second server, set the priority lower:

ifconfig_em0_alias0="vhid 1 advskew 200 pass securepass alias 192.168.1.100/24"

2.3 Start CARP

Restart the network services on both servers to apply the CARP configuration:

sudo service netif restart

Step 3: Configure pfsync for State Synchronization

pfsync is used to synchronize the state tables between the firewall nodes to ensure seamless failover.

3.1 Enable pfsync

Enable pfsync on both servers by editing the /etc/rc.conf file:

sudo nano /etc/rc.conf

Add the following lines:

pfsync_enable="YES"
pfsync_syncdev="em1"

Replace em1 with your secondary network interface used for pfsync.

3.2 Configure pfsync

Edit the pf configuration file to enable state synchronization:

sudo nano /etc/pf.conf

Add the following line to the top of the file:

set state-policy if-bound

Configure state synchronization:

sync {
    interface pfsync0
    peer 192.168.2.1
}

Replace 192.168.2.1 with the IP address of the pfsync interface on the other server.

3.3 Start pfsync

Start the pfsync service:

sudo service pfsync start

Step 4: Testing the Configuration

4.1 Test Load Balancing

Deploy a simple web server on both backend servers and verify that HAProxy distributes the traffic between them. You can use curl to send requests to the HAProxy server and check the responses:

curl http://192.168.1.100

4.2 Test High Availability

Simulate a failover by shutting down the primary server or disconnecting its network interface. Verify that the secondary server takes over the shared virtual IP address and that HAProxy continues to route traffic.

Step 5: Maintenance and Monitoring

5.1 Monitoring HAProxy

Use the HAProxy statistics page to monitor your load balancer. Enable the statistics page by adding the following section to the HAProxy configuration file:

listen stats
    bind *:8080
    stats enable
    stats uri /stats
    stats auth admin:password

Access the statistics page at http://your_haproxy_server:8080/stats.

5.2 Regular Updates

Keep your system and software up-to-date. Regularly update FreeBSD and installed packages:

sudo freebsd-update fetch install
sudo pkg update
sudo pkg upgrade

Conclusion

Setting up a high availability and load balancing environment with FreeBSD using HAProxy, CARP, and pfsync ensures your services remain available and performant, even in the face of failures. By following this guide, you have configured a robust system capable of handling traffic efficiently and providing seamless failover. Regular maintenance and monitoring will help you keep this setup running smoothly. Happy managing!