Integrating with HAProxy (enterprise)

IBM® NS1 Connect® customers with a HAProxy enterprise account can send critical load-related metrics collected by HAProxy load balancers to NS1 Connect to configure global server load balancing (GSLB) across application endpoints and services.

Load balancing or load shedding is a critical tool that can help optimize application delivery by preventing outages related to load or data center capacity limitations. NS1 Connect supports integrations with various load balancers to push load metrics—such as system load, client response times, or connection counts—to the platform, where they can optimize DNS traffic steering decisions.

Note: The following instructions apply to enterprise HAProxy account users. If you have a non-enterprise account, refer to Integrating with HAProxy (non-enterprise).

Before you begin

  • You must have access to HAProxy Enterprise version 1.8 or newer.
  • You must have a valid NS1 Connect API key with the following permissions enabled: Push to data feeds, Manage data sources, and Manage data feeds.
  • You must have two or more geographically dispersed instances of HAProxy Enterprise.
  • The following instructions assume you have already created the DNS records and answers corresponding to your domain endpoints and services.

Procedure

Complete the following instructions to configure automatic load shedding within NS1 Connect using HAProxy.

Step 1 - Configure an NS1 Connect API data source for the HAProxy integration

Refer to Creating a third-party data source for instructions to create a custom data source, selecting NS1 API as the data source type. Once configured, record the unique source ID next to the data source underIntegrations > Data sources.

Step 2 - Configure a data feed for each HAProxy server or PoP

Refer to Creating a data feed for instructions to create data feeds from the NS1 Connect API data source you created in the previous step. You must create one data feed for each monitored endpoint or service.

Step 3 - Edit the corresponding DNS answer metadata

To enable automatic updates to the load-related metadata from the HAProxy data feeds, you must modify the load-related metadata for each answer and then set the low and high watermarks to inform traffic steering behavior.

  1. Refer to Connecting a monitor or data source to a DNS answer for instructions to connect each data feed to the corresponding DNS answer. For the purposes of this integration, you must connect the data feed to one of the load-related metadata fields: load average, active requests, or active connections.
  2. For each answer, edit the Low watermark metadata field to indicate the point when the NS1 Connect platform should start to slow traffic distribution to the endpoint. This value is compared against the current load metric provided by HAProxy.
  3. For each answer, edit the High watermark metadata field to indicate the point when NS1 Connect should stop traffic distribution to the endpoint. This value is compared against the current load metric provided by HAProxy.
  4. (Recommended) If you plan to use the Up filter in the Filter Chain to eliminate unavailable endpoints, connect a native NS1 Connect monitor or third-party data source to the Up/down answer metadata field to enable automatic updates.
Step 4 - Configure HAProxy to send data to NS1 Connect

Complete the following instructions to configure your HAProxy load balancer to send data to NS1 Connect. For example, you can use the HAProxy "Send Metrics" module to send the count of active connections from each load balancer to NS1 Connect.

  1. Log into each load balancer server and install HAProxy's Send Metrics module.
  2. Edit the HAProxy configuration file to send data related to active connections to NS1 Connect by adding the code below to the global section. Replace the <sourceID> with the data source ID generated in Step 1, <$NSONE_API_KEY> with your valid NS1 Connect API key, and <feed_name> with the name of the specific data feed corresponding to this load balancer server.
    module-path /opt/hapee-1.8/modules
module-load hapee-lb-send-metrics.so
send-metrics-url POST https://api.nsone.net/v1/feed/<sourceID> xdelay 1m 5s 1s 1s timeout 100ms retries 3 log verify none
send-metrics-header 'X-NSONE-Key: <$NSONE_API_KEY>'
send-metrics-content-type application/json
send-metrics-data '{ "<feed_name>": { "connections": "%ac" }}'
  3. Reload HAProxy.
  4. Verify that the HAProxy access logs show that the Send Metrics module sent data successfully:
    Send Metrics: metrics data successfully updated (1/0)
  5. Repeat these steps for each load balancer.
Step 5 - Configure a Filter Chain

To activate the configuration, you must create a Filter Chain for the DNS record(s) containing the HAProxy-connected DNS answers. The Filter Chain must include the Shed Load filter. Refer to the Filter Chain configuration described in Automatic load shedding which includes the Up filter, Shed Load filter, and the Select First N filter (in that order). This ensures only endpoints marked as up and whose load metric is in an acceptable range are considered, but only the first answer in the list is returned to the requesting client.