haproxy vs. LVS (layer 7 vs layer 4 load balancing)

We just deployed our first haproxy load balancer and still running several LVS-TUN load balancers. Even when advertised as a fast and lightweight, it’s comparing with other layer-7 LB, not with layer-4 LB like LVS.

Load Average / CPU Usage

haproxy still requires much more resource. On the same really basic server (Pentium 3/4 or something really slow), LVS load average is always or near zero, even with many incoming requests. haproxy’s load average is about 0.3 to 0.5

Features

But the good thing about haproxy is that it has more features and flexible in term of configuration. LVS-TUN is best when the ISP allows packets to have LB’s IP (spoofed packets). But if you don’t have that option, haproxy is the next best thing. Assuming you don’t need HTTP header inspection feature of haproxy, which LVS does not have because it’s layer 4.

Bandwidth Utilization

LVS-TUN only takes the incoming portion of the requests so bandwidth requirement would be half of the full process (haproxy and same for LVS-NAT).

SSL

LVS-TUN does it effortlessly because it does not deal with the content of the packets at all. haproxy can deal with SSL with 2 options:

  • via TCP option (haproxy acts as a layer 4 LB). Pros: easy. Cons: you won’t be able to get the client IP, which to some app is a deal breaker.
  • Stunnel runs on the same machine as haproxy to process SSL then forward to haproxy as a standard request. Pros: client IP is passed with the provided patch on haproxy’s website. Cons: could slow down the LB machine if there’re many SSL requests, need to setup SSL when passing between haproxy and the workers for really secure data

Conclusion

Both haproxy and LVS have their own space. Use LVS-TUN when possible for the best performance and scalability. haproxy is best when you need header inspection and LVS-TUN is not possible with the ISP/network.

Comments (4)

  1. 5:02 am, July 2, 2012Alam  / Reply

    In the end, LVS wins! I managed LVS based balancers for years and it is good until you don’t have arp issue.

  2. 11:08 am, October 16, 2012pedro  / Reply

    I use LVS to balance layer2 and haproxy layer 7.
    LVS decide for wich haproxy the request will go, and the haproxy, decide what app server will receive the request.

  3. 1:52 am, November 11, 2014Thrawn  / Reply

    The HAProxy blog actually suggests that for maximum scalability, you use both layer 4 and 7 load-balancing:

    http://1wt.eu/articles/2006_lb/index_05.html

    In short: do layer 4 balancing between SSL termination points, then from there do layer 7 balancing to the application. You can add as many SSL terminators as you need, because layer 4 balancers are ridiculously fast, so SSL effectively doesn’t add anything to your processing time.

  4. 1:40 pm, July 29, 2015skullnobrains  / Reply

    lvs runs as a kernel module. it is not included in load average calculations afaik

Leave a Reply

Allowed Tags - You may use these HTML tags and attributes in your comment.

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Pingbacks (0)

› No pingbacks yet.