[HN Gopher] HAProxy 3.0 Released
___________________________________________________________________
HAProxy 3.0 Released
Author : causenad
Score : 24 points
Date : 2024-05-29 17:13 UTC (5 hours ago)
(HTM) web link (www.haproxy.com)
(TXT) w3m dump (www.haproxy.com)
| nwmcsween wrote:
| So HAProxy has a bit of a love/hate relationship in Kubernetes,
| the problem really being UDP and the mess(?) that is proxying
| stateless traffic. The Gateway API kind of expecting UDP proxying
| support doesn't help.
| jakubsuchy wrote:
| Disclosure: I work at Haproxy.com
|
| It is an interesting topic. We don't see UDP in Kubernetes that
| often but we do support it in various ways depending on the
| application. HAProxy Community supports QUIC, which is UDP and
| Syslog load balancing. HAProxy Enterprise (the paid one) has a
| UDP module that supports other applications too.
| wtarreau wrote:
| UDP through a proxy is total non-sense. There isn't any single
| UDP-based service that is cleanly proxyable. Not just one. Most
| of them rely on the source IP address itself (plus port) or
| announce it in the protocol, then require either to spoof the
| source address and reconfigure all servers to route responses
| through the proxy, or the proxy to mangle the contents (not
| even always possible). There's no notion or indication of
| beginning nor end of connection, packet direction, nor number
| of packets expected in each direction. Sometimes assigned ports
| on both sides are not even compatible anymore with some
| protocols. And it's even funnier when some users want to proxy
| some IPv6 traffic to an IPv4 server and they don't even
| understand that it's not possible to perform transparent
| proxying in this case. UDP has always been for light stateless
| stuff on direct connections, and a proxy is everything but
| that.
|
| In short, only services that support being NATted by a firewall
| will be transportable over a proxy (sometimes with some
| efforts), and will always be better handled using LVS that does
| that natively, with less overhead, less resources and less
| configuration. I've yet to see a _single_ valid case for
| generic UDP proxying.
|
| The only cases that make sense are service proxies (syslog
| proxy, DNS proxy etc), which I'm perfectly fine with. For
| example our syslog proxy can listen to UDP and forward to UDP,
| TCP and/or stdout, message by message. But for now I'll
| continue to firmly oppose to the supporting generic UDP in
| haproxy and I will continue to tell requesters that their
| demand is stupid and proves a very poor understanding of
| networking basics.
|
| In the end there's a nice tradeoff: internally at HAProxyTech
| some of my coworkers have implemented generic proxying in the
| enterprise edition for all those whom we don't want to say
| their demand is stupid, because they're willing to pay to avoid
| using their brain. They're happy with that (at least I hope
| so), and we don't have to pollute the core with code trying to
| plug uncovered areas for people complaining on an issue tracker
| that something does not work due to their uneducated
| architectural choices. So in the end everyone wins.
___________________________________________________________________
(page generated 2024-05-29 23:03 UTC)