Integrating with HAProxy (non-enterprise)
IBM NS1 Connect® customers with an HAProxy enterprise account can send critical load-related metrics collected by HAProxy load balancers to NS1 Connect to configure global server load balancing (GSLB) across application endpoints and services. Load balancing or load shedding is a critical tool that can help optimize application delivery by preventing outages related to load or data center capacity limitations. NS1 Connect supports integrations with various load balancers to push load metrics—such as system load, client response times, or connection counts—to the platform, where they can inform and optimize DNS traffic steering decisions.
Before you begin
- You must have a valid NS1 Connect API key with the following permissions enabled: Push to data feeds, Manage data sources, and Manage data feeds.
- The following instructions assume you have already created the DNS records and answers corresponding to your domain endpoints and services.
Procedure
The following steps outline the process for configuring the integration between the NS1 Connect platform and HAProxy non-enterprise accounts.
Refer to Creating a third-party data source for instructions to create a custom data source, selecting NS1 API as the data source type. Once configured, record the unique source ID next to the data source under .
Refer to Creating a data feed for instructions to create data feeds from the NS1 Connect API data source you created in the previous step. You must create one data feed for each endpoint or service monitored by HAProxy.
To enable automatic updates to the load-related metadata from the HAProxy data feeds, you must modify the load-related metadata for each answer and then set the low and high watermarks to inform traffic steering behavior.
- Refer to Connecting a monitor or data source to a DNS answer for instructions to connect each data feed to the corresponding DNS answer. You must connect the data feed to one of the load-related metadata fields—load average, active requests, or active connections.
- For each answer, edit the Low watermark metadata field to indicate the point when the NS1 Connect platform should start to slow traffic distribution to the endpoint. This value is compared against the current load metric provided by HAProxy.
- For each answer, edit the High watermark metadata field to indicate the point when the NS1 Connect platform should stop traffic distribution to the endpoint. This value is compared against the current load metric provided by HAProxy.
- (Recommended) If you plan to use the Up filter in the Filter Chain to eliminate unavailable endpoints, connect a native NS1 Connect monitor or third-party data source to the Up/down answer metadata field to enable automatic updates.
- Log in to the HAProxy server or PoP.
- Edit the
/etc/haproxy/haproxy.cfgfile by adding the following line to the "global" section:stats socket /var/run/haproxy.sock mode 600 level adminNote: If you need to use the socket interactively, add a timeout value to the global section to instruct the socket to wait for input. For example:stats timeout 1m - Reload the HAProxy server, and then run the following commands to verify that the stats socket
is functioning
properly:
echo "show info" | nc -U /var/run/haproxy.sock stdioecho "show stat" | nc -U /var/run/haproxy.sock stdioYou should see general information, as well as comma-delimited stats using netcat non-interactively.
- Construct a BASH script to send the number of current connections to the NS1 Connect platform. The following script will
query the socket, grab the value(s) we want, and POST to the associated data
feed.
#!/bin/bash APIKey='<NS1_API_key>' SourceUUID='<data_source_ID>' Region='<region>' CurrConns=`echo "show info" | nc -U /var/run/haproxy.sock | grep CurrConns | cut -d " " -f2` curl -sX POST -H 'X-NSONE-Key: '$NSONE_APIKey 'https://api.nsone.net/v1/feed/'$SourceUUID -d '{"'$Region'": {"connections": '$CurrConns'}}'Replace <NS1_API_key> with a valid NS1 Connect API key (with data sources & feed permissions enabled), <data_source_ID> with the data source ID generated earlier, and <region> with the region of the current PoP (for example,
lga01).Attention: The example above configures data flow related to the number of active connections, but you can replace this with a different metric like load average or active requests per second. This process can be extended to work with any metric that can POST simple JSON output to NS1 Connect API data feeds.Note: You can use any programming language for this script. - Save the script as
/root/shed_load.sh, and configure it to execute once per minute in the root crontab using the following command:crontab -eThen, add the following task:
*/1 * * * * /root/shed_load.sh - Repeat this process for the other HAProxy PoPs you want to send information to NS1 Connect, changing the <region> in the BASH script to match the region of the specific PoP.
Once complete, the HAProxy PoPs will send metrics (that is, the number of active connections) to NS1 Connect.
To activate the configuration, you must create a Filter Chain for the DNS record(s) containing the HAProxy-connected DNS answers. The Filter Chain must include the Shed Load filter. Refer to the Filter Chain configuration described in Automatic load shedding which includes the Up filter, Shed Load filter, and the Select First N filter (in that order). This ensures only endpoints marked as up and whose load metric is in an acceptable range are considered, but only the first answer in the list is returned to the requesting client.