load-balancingdigital-oceanhaproxyfailoversystem-design

Access Load balancer using the floating IP address

I have my load balancer machine currently which is servicing request in a round robin mechanism to the configured backend servers.

Now I want to configure a failover load balancer, so that it acts as a backup whenever my primary goes down. But before doing that for my primary load balancer I have created a floating IP address. But I see that I cannot access my web service using the floating IP address of the load balancer machine.

This site can’t be reached144.126.254.191 refused to connect.
Try:

Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED

Why am I unable to access the web service which was accessed using load balancer IP address using its floating IP address

Solution

  • I was using Digtal Ocean platform to create my droplets. After assigned a floating IP to it from this page.

    https://cloud.digitalocean.com/networking/floating_ips?i=0eb956

    Now I need to get the private IP of my droplet using the command ip a

    root@ubuntu-s-1vcpu-1gb-blr1-01:~# ip a
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:a0:A:B:C:D brd ff:ff:ff:ff:ff:ff
inet PUBLICIP/20 brd E.F.G.H scope global eth0
valid_lft forever preferred_lft forever
inet *PRIVATEIP(X.X.X.X)*/16 brd X.X.I.J scope global eth0
valid_lft forever preferred_lft forever
inet6 2400:6180:ZZ:ZZ::ZZ:ZZZZ/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::50a0:9fff:fe54:add2/64 scope link
valid_lft forever preferred_lft forever
3: eth1: mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 9a:4b:a5:ZZ:ZZ:ZZ brd ff:ff:ff:ff:ff:ff
inet K.L.M.N/20 brd O.P.Q.R scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::984b:SSSS:TTTT:UUUU/64 scope link
valid_lft forever preferred_lft forever

    I got the floating IP say, FLOATINGIPADDRESS

    Floating IP works via Anchor IP present over eth0 interface. We can use the same private IP as any traffic sent over Floating IP will be sent to this private IP only i.e inet *X.X.X.X*/16 brd

    Now I need HAProxy to bind to this private IP in my HAProxy cfg file.

    sudo nano /etc/haproxy/haproxy.cfg

    #HAProxy for web servers
frontend web-frontend
  bind PRIVATEIP(X.X.X.X):80
  bind LOADBALNCERIP:80
  mode http
  default_backend web-backend

backend web-backend

  http-request set-header X-Forwarded-Proto https if { ssl_fc } # For Proto
  http-request add-header X-Real-Ip %[src] # Custom header with src IP
  option forwardfor # X-forwarded-for

  balance roundrobin
  server web-server1 IP1:80 check
  server web-server2 IP2:80 check
  server web-server3 IP3:80 check
  server web-server4 IP4:80 check

listen stats
bind PRIVATEIP(X.X.X.X):8080
bind LOADBALNCERIP:8080
mode http
option forwardfor
option httpclose
stats enable
stats show-legends
stats refresh 5s
stats uri /stats
stats realm Haproxy\ Statistics
stats auth root:password            #Login User and Password for the monitoring
stats admin if TRUE
default_backend web-backend