HAProxy Enterprise Documentation 13.0

Configuring Direct Server Return (DSR)

The Direct Server Return (DSR) feature enables a server to respond directly to clients without having to go through the load balancer, which eliminates a bottleneck in the server-to-client path.

When to use DSR

  • When response time matters

  • When no intelligence is required

  • When the output capacity of the load balancer might be a bottleneck

Advantages

  • No connection limit

  • Client access servers can see the client IP address

  • A single interface is required on the load balancer

Limitations

  • Infrastructure intrusive: you must configure the load balancer virtual IP on the client access server (Loopback).

  • No SSL acceleration; no advanced persistence

How DSR works

DSR is also known as the "Gateway" mode.

In layer 4 gateway mode, the ALOHA load balancer sees only the traffic going from the client to the server. The servers answer directly to the client through its default gateway.

https://cdn.haproxy.com/documentation/aloha/latest/assets/dsr-diagram-8cee18cd861ccfe46663fced540c550f8669f5667450d2693537518862d444d3.png

  • The client reaches the Virtual IP address configured on the load balancer.

  • The ALOHA load balancer chooses a server based on its configuration, and changes the destination MAC address of the frame before it forwards it to the server.

  • The server receives the packets corresponding to the request.

  • The server answers directly back to the client, bypassing the ALOHA load balancer.

The backends must have the service IP configured on a loopback in order to accept the requests.

Configure DSR on ALOHA

  1. In ALOHA's user interface, browse to the "LB Layer 4" tab.

  2. Copy and paste the following lines in the "Configuration" box:

    director exchange 10.0.0.9:443 TCP
    balance roundrobin                               #alctl: load balancing algorithm
    mode gateway                                     #alctl: forwarding mode
    check interval 10 timeout 2                      #alctl: check parameters
    option tcpcheck                                  #alctl: adv check parameters
    server exchange1 10.0.0.13:443 weight 10 check   #alctl: server exchange1
    server exchange2 10.0.0.14:443 weight 10 check   #alctl: server exchange2

Configure DSR on Linux

This section describes the server side configuration to make it compatible with an ALOHA load balancer configured in Layer 4 DSR mode.

  1. Create a loopback interface (i.e. lo:1) with the Virtual IP address and a netmask value setup to 255.255.255.255 (/32).

    Note

    Remember to make it resilient at startup. This configuration depends on the Linux distribution you are using.

  2. Set up the two sysctls below:

    • arp_ignore to 1

    • arp_announce to 2

  3. To apply the changes directly, run the commands below:

    $ sudo sysctl -w net.ipv4.conf.all.arp_ignore=1
$ sudo sysctl -w net.ipv4.conf.all.arp_announce=2

  4. To make these changes resilient after reboot, edit your /etc/sysctls.conf file to add the two lines below:

    net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_announce=2

Next up

TCP SYNPROXY Module