HAProxy Enterprise Documentation 2.3r1

Route Health Injection

The Route Health Injection (RHI) service interacts with the BIRD Internet Routing Daemon to start or stop the flow of traffic to this HAProxy Enterprise instance depending on the health of the network and your load balanced servers. RHI is useful for scaling out an HAProxy Enterprise cluster in an active/active manner, ensuring high availability by relying on well established routing network protocols.

The RHI service adds this HAProxy Enterprise instance as a route in BIRD's configuration using a custom route table named volatile. BIRD then broadcasts these routes to peer routers using the BGP, RIP, or OSPF protocol. If either a frontend or a backend is down, then the RHI service removes the route from the volatile table, notifying BIRD to stop advertising this HAProxy Enterprise instance as a route on the network, diverting the flow of traffic to the other HAProxy Enterprise instance in the active-active cluster. You can configure ECMP on your router to load balance traffic to both HAProxy Enterprise instances via the advertised routes.

HAProxy Enterprise Route Health Injection

See also

The BIRD Internet Routing Daemon

Configure Route Health Injection

Install the RHI module using your package manager:
$ # On Debian/Ubuntu $ sudo apt-get install hapee-extras-rhi
$ # On CentOS/RedHat/Oracle/Photon OS $ sudo yum install hapee-extras-rhi
$ # On SUSE $ sudo zypper install hapee-extras-rhi
$ # On FreeBSD $ sudo pkg install hapee-extras-rhi
This installs the hapee-extras-route package too, which is our version of the BIRD Internet Routing Daemon. The daemon is stored as /opt/hapee-extras/sbin/hapee-route.
Create a socket for the Runtime API.

The RHI service needs to connect to the Runtime API to collect information about the health of your frontends and backends. Add a new stats socket line to the global section of your HAProxy Enterprise configuration. This exposes the Runtime API as the socket /var/run/hapee-extras/hapee-lb.sock:
```
global
   stats socket /var/run/hapee-extras/hapee-lb.sock user hapee-lb group hapee mode 660
```
Configure the RHI service.
1. Edit the file /etc/hapee-extras/hapee-rhi.cfg.
  
  The default configuration contains an example:
```
# Inject the 10.200.200.200/32 address into the route daemon if
# all the backends "be_static" and "be_app" are up.
10.200.200.200/32 = all(b:be_static,b:be_app)
```
  This file contains a list of routes that the RHI service should add to BIRD, but only if a given rule returns true; a rule checks the status of one or more frontends or backends to see if they are up or down. A backend is treated as down if all servers fail their health checks or if you manually disable the servers. A frontend is down if you disable it manually.
  
  For example, the following line uses the all rule to announce the 192.168.1.10/32 IP only when both the be_static and be_app backend are up and running. When the condition is false, the IP is removed from the list of advertised routes:
```
192.168.1.10/32 = all(b:be_static,b:be_app)
```
  Or, the following line uses the any rule to advertise the IP if either the be_app or be_app2 backends are up and running:
```
192.168.1.10/32 = any(b:be_app,b:be_app2)
```
2. Save the configuration and then enable and restart the service:
```
$ sudo systemctl enable hapee-extras-rhi
$ sudo systemctl restart hapee-extras-rhi
```
Bind the IP address in HAProxy Enterprise.
1. Edit the HAProxy Enterprise configuration file, /etc/hapee-2.3/hapee-lb.
2. In the frontend section, change the addresses on the bind lines so that they use a specific IP address instead of 0.0.0.0.
  
  The IP address should be a new address that is not assigned to one of the network interfaces.
3. Add the transparent parameter to the bind lines.
  
  This indicates that IP address should be bound even though it does not belong to the local machine. Packets targeting this address will be intercepted as if the address were locally configured.
```
frontend webservice
   bind 192.168.1.10:80 name http transparent
   bind 192.168.1.10:443 name https transparent ssl crt default
```
4. Save the changes and then restart the service.
```
$ sudo systemctl restart hapee-2.3-lb
```
Each HAProxy Enterprise instance should be assigned the same IP address.
Configure BIRD for BGP or OSPF, which are used to advertise routes to peer routers.
1. Edit the file /etc/hapee-extras/hapee-route.cfg.
2. Add a section for either BGP or OSPF, depending on which protocol you intend to use for advertising routes to peers.
  
  Within it, add an export line that advertises routes from the volatile table, vol1.
  
  An example BGP configuration section:
```
protocol bgp r1 {
  local 192.168.0.101 as 65001;
  neighbor 192.168.0.1 as 65001;
  graceful restart on;
  import none;

  # advertise the IP route
  export where proto = "vol1";
}
```
  In this example:
  - the local directive refers to the IP address assigned to this HAProxy Enterprise instance's network interface and assigns the Autonomous System Number 65001.
  - the neighbor directive refers to the layer 3 device, such as the gateway router, with which we are establishing a BGP session.
  - the neighbor directive refers to the layer 3 device,
    
    such as the gateway router, with which we are establishing a BGP session.
  An example OSPF configuration section:
```
protocol ospf anycast {
  tick 2;
  import none;

  # advertise the IP route
  export where proto = "vol1";

  area 0.0.0.0 {
     stub no;
     interface "eth0" {
        hello 10;
        retransmit 6;
        cost 10;
        transmit delay 5;
        dead count 4;
        wait 50;
        type broadcast;
      };
   };
}
```
3. Save the configuration and then restart the service:
```
$ sudo systemctl restart hapee-extras-route
```
4. Repeat these steps for the hapee-extras-route6 service if using IPv6.
Verify that RHI added a route to BIRD by calling the show route command. The IP should display.
```
$ sudo /opt/hapee-extras/bin/hapee-route-cli show route

BIRD 1.6.3 ready.
192.168.1.10/32    dev auto [vol1 18:54:15] * (0)
```
When you disable all servers in the backend, the command should not return this route.
Configure ECMP on your peer router to distribute traffic to the bound IP.

Volatile table

BIRD stores routes in routing tables, with each table associated with a particular protocol such as BGP or OSPF. The RHI service adds its own table named volatile, which allows it to add routes to BIRD dynamically.

To see the volatile table definition, edit the BIRD configuration.

Edit the file /etc/hapee-extras/hapee-route.cfg.
Scroll down to the protocol volatile section.
```
protocol volatile vol1 {
  #  gateway <ip>
}
```
By default, BIRD announces routes through the gateway configured on the network interface, but you can specify a different network gateway by uncommenting the gateway directive and typing its IP address.

For example:
```
protocol volatile vol1 {
  gateway 192.168.1.244
}
```
You can add more volatile tables to support advertising routes for different frontends:
```
protocol volatile vol1 {
}

protocol volatile vol2 {
}
```
Then, prefix each route in the RHI service's configuration, /etc/hapee-extras/hapee-rhi.cfg, with a table's name:
```
vol1%192.168.1.10/32 = all(b:be_static,b:be_app)
vol2%192.168.1.11/32 = any(b:k8s_servers)
```

Rules syntax

This section describes the syntax of the RHI configuration file.

<network>[,<network>,[...]] = <agg>(<b:|f:><name>[,<b:|f:><name>,[...]])

<network>

[%<protoname>]{<ipv4>,<ipv6>}[/<mask>]

Specify an IPv4 or IPv6 CIDR subnet or list of several comma-delimited subnets. If you do not specify any subnet mask, RHI applies the /32 mask. For advanced configuration, you can supply the name of a volatile table in the %<protoname> section (default is vol1).

<agg>

Aggregation function.

`all`	Returns true if all listed proxies are active.
`any`	Returns true if at least one of the proxies listed is active.
`never`	Always false. For debugging purposes.
`always`	Always true. For debugging purposes.

<b:|f:>

Prefix of either b for backend or f for frontend.

<name>

Name of the frontend or backend.

Next up

Real-time Cluster-wide Tracking

More Versions

HAProxy Products Documentation

Route Health Injection

Configure Route Health Injection

Volatile table

Rules syntax

Your feedback is important to us!