Integrating with HAProxy (non-enterprise)

Note: If you have an HAProxy enterprise account, refer to Integrating with HAProxy (enterprise) for implementation instructions.

IBM® NS1 Connect® customers with an HAProxy enterprise account can send critical load-related metrics collected by HAProxy load balancers to the IBM NS1 Connect® platform to configure global server load balancing (GSLB) across application endpoints and services. Load balancing or load shedding is a critical tool that can help optimize application delivery by preventing outages related to load or data center capacity limitations. IBM NS1 Connect® supports integrations with various load balancers to push load metrics—such as system load, client response times, or connection counts—to the platform, where they can inform and optimize DNS traffic steering decisions.

Before you begin

  • You must have a valid IBM NS1 Connect® API key with the following permissions enabled: Push to data feeds, Manage data sources, and Manage data feeds.
  • The instructions below assume you have already created the DNS records and answers corresponding to your domain endpoints and services.

Procedure

The steps below outline the process for configuring the integration between the IBM NS1 Connect® platform and HAProxy non-enterprise accounts.

Step 1 - Configure an NS1 API data source for the HAProxy integration

Refer to Creating a third-party data source for instructions to create a custom data source, selecting "NS1 API" as the data source type. Once configured, record the unique source ID next to the data source under Integrations > Data sources.

Step 2 - Configure a data feed for each HAProxy server or PoP

Refer to Creating a data feed for instructions to create data feeds from the NS1 API data source you created in the previous step. You must create one data feed for each endpoint or service monitored by HAProxy.

Step 3 - Edit the corresponding DNS answer metadata

To enable automatic updates to the load-related metadata from the HAProxy data feeds, you must modify the load-related metadata for each answer and then set the low and high watermarks to inform traffic steering behavior.

  1. Refer to Connecting a monitor or data source to a DNS answer for instructions to connect each data feed to the corresponding DNS answer. For the purposes of this integration, you must connect the data feed to one of the load-related metadata fields—load average, active requests, or active connections.
  2. For each answer, edit the Low watermark metadata field to indicate the point when the IBM NS1 Connect® platform should start to slow traffic distribution to the endpoint. This value is compared against the current load metric provided by HAProxy.
  3. For each answer, edit the High watermark metadata field to indicate the point when the IBM NS1 Connect® platform should stop traffic distribution to the endpoint. This value is compared against the current load metric provided by HAProxy.
  4. (Recommended) If you plan to use the Up filter in the Filter Chain to eliminate unavailable endpoints, connect a native NS1 monitor or third-party data source to the Up/down answer metadata field to enable automatic updates.
Step 4 - Configure HAProxy to send metrics to the NS1 platform
Note: HAProxy cannot send outbound webhooks directly— however, with a few modifications and basic CLI utilities, you can configure HAProxy to send metrics to the IBM NS1 Connect® platform.
  1. Log in to the HAProxy server or PoP.
  2. Edit the /etc/haproxy/haproxy.cfg file by adding the following line to the "global" section:
    stats socket /var/run/haproxy.sock mode 600 level admin
    Note: If you need to use the socket interactively, add a timeout value to the global section to instruct the socket to wait for input. For example:
    stats timeout 1m
  3. Reload the HAProxy server, and then run the following commands to verify that the stats socket is functioning properly:
    echo "show info" | nc -U /var/run/haproxy.sock stdio
    echo "show stat" | nc -U /var/run/haproxy.sock stdio

    You should see general information, as well as comma-delimited stats using netcat non-interactively.

  4. Construct a BASH script to send the number of current connections to the IBM NS1 Connect® platform. The following script will query the socket, grab the value(s) we want, and POST to the associated data feed.
    #!/bin/bash
     
     APIKey='<NS1_API_key>'
     
     SourceUUID='<data_source_ID>'
     
     Region='<region>'
     
     CurrConns=`echo "show info" | nc -U /var/run/haproxy.sock | grep CurrConns | cut -d " " -f2`
     
     curl -sX POST -H 'X-NSONE-Key: '$NSONE_APIKey
     'https://api.nsone.net/v1/feed/'$SourceUUID -d '{"'$Region'":
     {"connections": '$CurrConns'}}'

    Replace <NS1_API_key> with a valid NS1 API key (with data sources & feed permissions enabled), <data_source_ID> with the data source ID generated earlier, and <region> with the region of the current PoP (for example, lga01).

    Attention: The example above configures data flow related to the number of active connections, but you can replace this with a different metric like load average or active requests per second. This process can be extended to work with any metric that can POST simple JSON output to NS1 API data feeds.
    Note: You can use any programming language for this script.
  5. Save the script as /root/shed_load.sh, and configure it to execute once per minute in the root crontab using the following command:
    crontab -e

    Then, add the following task:

    */1 *  * * *     /root/shed_load.sh
    
  6. Repeat this process for the other HAProxy PoPs you want to send information to the IBM NS1 Connect® platform, changing the <region> in the BASH script to match the region of the specific PoP.

Once complete, the HAProxy PoPs will send metrics (i.e., the number of active connections) to the IBM NS1 Connect® platform.

Step 5 - Create a Filter Chain

To activate the configuration, you must create a Filter Chain for the DNS record(s) containing the HAProxy-connected DNS answers. For the purposes of this integration, the Filter Chain must include the Shed Load filter. Refer to the Filter Chain configuration described in Automatic load shedding which includes the Up filter, Shed Load filter, and the Select First N filter (in that order). This ensures only endpoints marked as "up" and whose load metric is in an acceptable range are considered, but only the first answer in the list is returned to the requesting client.