I should also add that I took a look at Pound- which seems lighter than haProxy, yet less flexible.
Can anyone recommend one?

I've had a look at Pound, but only briefly, and never checked out haProxy.

My question would be: are you trying to set this up for High Availability, or for actual ditribution of load?

If it's HA you're after, you'll have to consider that, in a true HA environment, you'll have 2 of EVERYTHING (at least).

2 routers connected to the 'net,
2 switches,
2 firewalls,
2 switches,
2 servers.

The way our load balancers do things for our HA environment is pretty neat.

They do an ARP request every couple of seconds, and if it doesn't get a response, it disables traffic going to that server. I don't have access to the actual algorythms used in the decision-making process, but you could make a simple one by doing round-robin, except when server X is down, then it just sends it to server Y.

For failover of the Load Balancers themselves, it's pretty neat. If LB A sees that its connection to the switches (any switch) has died, it will send a command to LB B, telling it that it's going down. Then LB B will send out "gratuitous ARPs"(1), saying "I've now got the IP address of LB A, except with LB B's MAC address". Now the directly connected devices will start sending their packets to LB B.

The above implies that LB B is "inactive" and not doing anything until LB A is dead.

The same thing applies with LB B's health checks of LB A fail. LB B does the ARP checks on LB A as well, and if it sees LB A dead, it will take over.

I know that doesn't answer your question about haProxy/Pound, but it may be useful to you, or to someone else reading this thread. ;)

I've been meaning to write a set of scripts and/or programs that will emulate this type of scenario. This shouldn't be all that hard to do, really. Maybe I jsut get off my lazy duff and do it. :)

-MM

(1)
Gratuitous ARP:
gratuitous ARP was invented for two reasons:
1) detect if the assigned IP address is not already in use (an ICMP error message wil be received if it is)
2) advertise your own (possibly new MAC address) corresponding to the IP address.

You could assign service specific IP numbers for your round robin scheme. That is give each machine two IPs, one for the machine and one for Apache. Point all your web sites to the Apache specific IPs and then if one of the servers go down you just move the IP number to one of the other machines. I do this for our DNS service and it seems to work fine.

Have you looked at just using apache or squid to do this reverse proxy stuff. When you want to take a box offline, just update their config, and get them to reload.

uncle_bob, charlier: tnx for the point- yet with apache / ip assignment i won't achieve auto failover- so that when i take a box off for mnt / when a box really fails, it wont get out of the web-tier pool- but good ideas, though.

MattyMoose, seems like you're loaded with money there :-)
For my needs, I would probably be fine with the assumption that hardware(switch/router/firewall) rarely fail, while the application (web-tier boxes) fail more frequently (or get loaded more easily)-
and under this assumption, i want only to dist load among web-tier boxes (to achieve "higher availability".. as opposed to the "high availability" that doubled hardware layout could buy)-
and also some level of failover.

i wonder if this haProxy will do the job well.