HAProxy Enterprise 2.7 and HAProxy ALOHA 15 are now available. Users of our enterprise-class software load balancer and hardware/virtual load balancer appliance who upgrade to the latest versions will benefit from all the features announced in the community version, HAProxy 2.7, plus the ability to serve applications using HTTP/3 over QUIC. If you want to start the upgrade procedure straight away, go to the upgrade instructions for HAProxy Enterprise and HAProxy ALOHA.
Production-Ready QUIC Packages
For many users, the most significant change is the availability of packages containing support for QUIC and HTTP/3, placing HAProxy Enterprise and HAProxy ALOHA among the first enterprise-class load balancers to enable QUIC traffic in production environments.
Our industry-leading implementation of QUIC reinforces HAProxy Technologies’ commitment to innovation while giving our customers the fastest performance, the greatest flexibility, and the most dependable reliability on the market. These are the values that propelled HAProxy to a leadership position in G2’s 2023 rankings for load balancing and market momentum, and we’re sticking to them.
All The Features From HAProxy 2.7
We announced the release of HAProxy 2.7 in December 2022. HAProxy 2.7 brought many benefits to users of HAProxy’s community version, upgrading old features and introducing some new ones. Highlights include:
the debut of traffic shaping to control client upload and download speeds
an improvement to health check performance to reduce CPU load
updated layer 7 retries that reuse idle HTTP connections even for first client requests
stick table locking efficiency improvements
the introduction of stick table data shards to accelerate the processing of large datasets
a range of new converter and Runtime API command additions
as well as other small updates to Lua script arguments and Master CLI control.
These new and upgraded features are now available in HAProxy Enterprise 2.7 and HAProxy ALOHA 15.
For an introduction to the features listed above, watch our on-demand webinar “HAProxy 2.7 Feature Roundup”. For more information on QUIC support, read on.
A History of QUIC in HAProxy
At HAProxyConf 2022 in Paris, France, HAProxy engineers Amaury Denoyelle and Frédéric Lécaille presented the state of QUIC implementation in HAProxy [watch it on-demand]. The pair took a deep dive into the history of the protocol, the development process, and what it took to put HAProxy at the forefront of HTTP/3 early adopters.
HAProxy Technologies began work on QUIC in 2019 when it was still a draft protocol. In 2021, HAProxy 2.5 brought experimental support for QUIC, and in 2022 HAProxy 2.6 and 2.7 improved stability.
While HAProxy 2.7 provides stable QUIC support in our community version, users do need to provide a compatible SSL library and recompile HAProxy to enable QUIC with mandatory TLS. In comparison, our enterprise packages include special SSL/TLS libraries that add APIs necessary for integrating QUIC in HAProxy Enterprise and ALOHA. This lets users get started fast without needing to source a compatible SSL library themselves.
Why QUIC and HTTP/3?
HTTP/3, as its name implies, is the latest generation of the HTTP protocol. HTTP/3 has much in common with its predecessor, HTTP/2, such as a frame-oriented binary encoding. However, one crucial difference is that the stream notion has been moved outside of HTTP to the new lower transport protocol called QUIC.
QUIC is a new transport protocol separated from HTTP/3.0 and implemented on top of User Datagram Protocol (UDP) to facilitate its deployment in userspace. QUIC is designed to be a reliable protocol; as a result, it shares several properties with Transmission Control Protocol (TCP):
reliable (error detection, retransmissions)
While QUIC was designed with HTTP/3 in mind, it could support other application protocols in the future.
The major advantage of QUIC is its notion of streams: QUIC provides ordered delivery for each stream. This solves head-of-line blocking issues in HTTP/2. QUIC also provides other improvements, such as reduced latency (thanks to faster handshakes when establishing encrypted connections) and support for connection migration.
What Difference Does QUIC Make?
If QUIC support isn’t already on your roadmap, it probably will be soon. According to W3Techs, in March 2023, QUIC was used by 8.7% of web traffic, up from 7.8% a year earlier. Popular websites such as Snapchat, Uber, and Box all use QUIC.
According to Meta engineers Matt Joras and Yang Chi, adopting QUIC led to improvements in several Facebook metrics.
People on Facebook experienced a 6 percent reduction in request errors, a 20 percent tail latency reduction, and a 5 percent reduction in response header size relative to HTTP/2. This had cascading effects on other metrics as well, indicating that peoples’ experience was greatly enhanced by QUIC.
However, as Meta discovered, migrating traffic to QUIC is not without challenges.
What was most puzzling was that, despite QUIC being enabled only for dynamic requests, we observed increased error rates for static content downloaded with TCP.
Despite this, Meta found QUIC’s performance improvements to be worth the cost of addressing the challenges. In this respect, HAProxy Technologies has a similar view to Meta’s. Our implementation of QUIC in our enterprise products had its challenges – but it was worth it.
The Challenge of Ensuring SSL Compatibility and Fast Performance
Our engineers had an interesting time implementing QUIC in our enterprise products, and it came down to identifying an SSL library that works with QUIC and provides the performance our customers expect.
Challenge 1: QUIC compatibility
We have historically shipped HAProxy Enterprise and HAProxy ALOHA packages with SSL libraries by OpenSSL. Unfortunately, OpenSSL libraries do not support QUIC natively.
We evaluated two options:
Include the quictls modification with an OpenSSL library to enable QUIC compatibility.
Include a QUIC-compatible SSL library from a different provider.
Challenge 2: Performance
HAProxy Enterprise and ALOHA are fast – and well-known for it. Thousands of architectural decisions account for this, one of which is the decision to leverage multithreading.
When we tested the OpenSSL 3.0 library, we found that it negatively affected the performance of multithreaded architectures. The resulting performance was a long way from what our customers and we have come to expect from SSL on HAProxy.
Our solution is to package HAProxy Enterprise and HAProxy ALOHA with a customized version of the OpenSSL 1.1.1 library that includes the quictls modification. These packages provide excellent performance and QUIC compatibility which is not supported natively by OpenSSL 1.1.1.
HAProxy Technologies will maintain the SSL library included in our QUIC packages as part of the standard one-year maintenance for HAProxy Enterprise 2.7 and HAProxy ALOHA 15.
Meanwhile, our engineering team continues to evaluate other SSL libraries with HAProxy to ensure we provide our customers with the best performance and stable long-term solutions.
HAProxy Performance Benchmarks Using QUIC
Speaking of performance, we are delighted to share that our internal benchmarks achieved impressive throughput when using QUIC. We will share the results and the full story on our QUIC benchmarks soon – so watch this space.
Upgrade or Try HAProxy Enterprise 2.7 and HAProxy ALOHA 15
If you’re not already using HAProxy Enterprise or HAProxy ALOHA, request a free trial or contact our sales team for a demonstration.
HAProxy Enterprise 2.7
HAProxy ALOHA 15