HAProxy ALOHA 17.0 is now available, delivering powerful new features that improve UDP load balancing, simplify network management, and enhance performance.
With this release, we’re introducing the new UDP Module and extending network management to the Data Plane API, a new API-based approach to network configuration. The Network Management CLI is enhanced with exit status codes and contextual help. Plus, the Stream Processing Offloading Engine has been reworked to better integrate with HAProxy ALOHA’s evolving architecture.
New to HAProxy ALOHA?
HAProxy ALOHA provides high-performance load balancing for TCP, UDP, QUIC, and HTTP-based applications; SSL processing; PacketShield DDoS protection; bot management; and a next-generation WAF.
HAProxy ALOHA combines the performance, reliability, and flexibility of our open-source core (HAProxy – the most widely used software load balancer) with a convenient hardware or virtual appliance, an intuitive GUI, and world-class support.
HAProxy ALOHA benefits from next-generation security layers powered by threat intelligence from HAProxy Edge and enhanced by machine learning.
What’s new?
HAProxy ALOHA 17.0 includes exclusive new features plus many of the features from the community version of HAProxy 3.1. For the full list of features, read the release notes for HAProxy ALOHA 17.0.
New in HAProxy ALOHA 17.0 are the following important features:
The new UDP Module. HAProxy ALOHA customers can take advantage of fast, reliable UDP proxying and load balancing. While UDP support already exists in HAProxy ALOHA via LVS, this HAProxy native UDP Module offers better session tracking, logging, and statistics.
Powerful network management with Data Plane API. Customers can now leverage new Data Plane API endpoints to configure their network infrastructure instead of relying solely on the Network Management CLI.
Enhanced Network Management CLI. Improvements to the Network Management CLI bring customers clearer exit status codes and the addition of contextual help for improved usability and reduced troubleshooting.
Reworked Stream Processing Offloading Engine. The reworked Stream Processing Offloading Engine (SPOE) improves reliability and load balancing efficiency, and will better integrate with HAProxy ALOHA’s evolving architecture.
We announced the release of the community version, HAProxy 3.1, in December 2024, which included improvements to observability, reliability, performance, and flexibility. The features from HAProxy 3.1 are now available in HAProxy ALOHA 17.0.
Some of these inherited features include:
Smarter logging with log profiles: Define log formats for every stage of a transaction—like accept, request, and response—to simplify troubleshooting and eliminate the need for post-processing logs.
Optimized HTTP/2 performance: Dynamic per-stream window size management boosts POST upload performance by up to 20x, while reducing head-of-line blocking.
More reliable reloads: Improved master/worker operations and cleaner separation of roles provide smoother operations during reloads.
We outline every community feature in detail in, “Reviewing Every New Feature in HAProxy 3.1”.
Ready to upgrade?
To start the upgrade procedure, visit the installation instructions for HAProxy ALOHA 17.0.
A new era of UDP load balancing
HAProxy ALOHA has long supported UDP load balancing, but handling UDP traffic is getting even better. With the addition of the new UDP Module—previously released in HAProxy Enterprise—HAProxy ALOHA customers will benefit from enhanced session tracking, logging, and statistics. This upgrade ensures that HAProxy ALOHA continues to provide a high-performance, observable UDP load balancing solution.
Why the new UDP Module matters for HAProxy ALOHA customers
The UDP Module is a fast, reliable, and secure way of handling UDP traffic. With the new UDP Module, HAProxy ALOHA enhances its already strong UDP capabilities making it easier to monitor and manage UDP traffic for time-sensitive applications, including DNS, NTP, RADIUS, and Syslog traffic.
The new module provides:
Advanced session tracking for better visibility into traffic
Improved logging and statistics for more accurate monitoring and troubleshooting
That’s not all—it’s fast. It wouldn’t be HAProxy if it wasn’t.
Customers using the new UDP Module benefit from faster and more reliable UDP load balancing compared with other load balancers. When we evaluated the new UDP Module on HAProxy Enterprise (see the test parameters here), we measured excellent throughput and reliability when testing with Syslog traffic.
The results were that the new UDP Module was capable of processing 3.8 million messages per second – up to 4.6X faster than the nearest enterprise competitor.
Reliability was also excellent. UDP is a connectionless transport protocol where some packet loss is expected due to a variety of network conditions and, when it happens, is uncorrected because (unlike TCP) there is no client-server connection to identify and correct packet loss. Despite this, we saw that the new UDP Module achieved a very high delivery rate of 99.2% when saturating the log server’s 40Gb’s bandwidth – 4X more reliable message delivery than the nearest enterprise competitor.
This best-in-class UDP performance compared with other load balancers shows how it will help HAProxy ALOHA customers scale higher, eliminate performance bottlenecks, reduce resource utilization on servers and cloud compute, and decrease overall costs.
HAProxy ALOHA has always been known for its simplicity and reliability when handling application traffic. Now, with the new UDP Module, it’s easier and more dependable than ever for all your UDP traffic needs.
New Data Plane API network endpoints for network configuration
Last release, we introduced the Network Management CLI (netctl) to simplify network interface management directly from the appliance.
The Network Management CLI operated as an abstraction layer that allowed users to configure the network stack of the HAProxy ALOHA load balancer using a simple command-line tool. This made previously complex tasks, like creating link aggregations, defining VLANs, or managing IP routing, more accessible.
In HAProxy ALOHA 17.0, we enhanced this capability further by developing a new API-based method for managing network settings.
At the heart of this new feature is the netapi, a collection of new API endpoints within the Data Plane API, designed specifically for configuring the network stack of HAProxy ALOHA. The new Data Plane API endpoints extend the capabilities of the Network Management CLI, offering the same network management functionality but instead through the API.
Unlike netctl, which runs locally on the appliance, netapi operates remotely via API requests, making it a more powerful tool for automating and managing network configurations across distributed environments.
Why use API-based network configuration and management?
Deployment environments have become increasingly complex, often spanning on-premises, multi-cloud, and hybrid infrastructures. In these environments, manual network configuration can be time-consuming, error-prone, and difficult to scale.
The Data Plane API is our solution to these challenges, empowering organizations with a more flexible way to orchestrate network changes remotely and at scale, ensuring consistency across multiple appliances while reducing operational overhead.
The new Data Plane API network endpoints allow administrators to:
Automate network operations. By managing network settings programmatically, you reduce manual efforts associated with Network Management CLI or the Services tab.
Better integrate with existing infrastructure. Use API endpoints to unify HAProxy ALOHA with centralized network automation infrastructure.
Simplify complex configurations. Manage bonds, VLANs, VRRP, and other advanced network setups through structured JSON API calls.
Improve operational efficiency. Manage multiple appliances remotely with structured API calls to each appliance.
In short, we’ve taken everything you love about netctl and made it more flexible. For those managing large-scale deployments, the ability to remotely configure networking via the Data Plane API will be invaluable. It means faster deployments and consistency across your appliances.
Enhanced Network Management CLI improves user experience
Speaking of the Network Management CLI, we’ve introduced two quality-of-life improvements in HAProxy ALOHA 17.0 to make network configuration more efficient and user-friendly.
Previously, the Network Management CLI lacked clear status codes and contextual help, making it difficult to verify execution results and understand available command options. With this release, we’ve addressed these issues, ensuring a better user experience for administrators managing the network stack of HAProxy ALOHA appliances.
Exit status codes: Confidently verify command execution
One of the biggest challenges users faced with netctl was that it did not return a structured exit status code, meaning users had to individually interpret stdout messages.
With HAProxy ALOHA 17.0, netctl now returns clearer exit status codes, making it easier to verify if an action was executed correctly. This is particularly valuable for:
Troubleshooting and debugging to quickly identify command failures.
Reducing human error through clear, structured codes.
Integrating monitoring of errors in automated infrastructure.
For example, previously, running a netctl command on a non-existent connection would return an unclear error message:
| root@p16v-aloha-x2:~# export NETCTL_CODE=$(netctl connection show ethernet-eth20) | |
| root@p16v-aloha-x2:~# echo $NETCTL_CODE | |
| InvalidConnection, ethernet-eth20 - no such connection profile |
Now, netctl provides this exit status code (“1” indicates failure):
| root@p16v-aloha-x2:~# netctl connection show ethernet-eth20 | |
| InvalidConnection, ethernet-eth20 - no such connection profile | |
| root@p16v-aloha-x2:~# echo $? | |
| 1 |
And when a command executes successfully (“0” indicates success):
| root@p16v-aloha-x2:~# netctl connection show ethernet-eth2 | |
| connection.id ethernet-eth2 | |
| connection.interface-name eth2 | |
| connection.master --- | |
| connection.slave-type --- | |
| connection.type 802-3-ethernet | |
| connection.uuid 79ba6b7d-6477-42a1-8606-3e43c92165e8 | |
| 802-3-ethernet.auto-negotiate false | |
| 802-3-ethernet.duplex --- | |
| 802-3-ethernet.mtu --- | |
| 802-3-ethernet.speed --- | |
| ipv4.addresses 10.20.120.18/24 | |
| ipv4.gateway --- | |
| ipv4.method manual | |
| ipv4.routes --- | |
| ipv6.addresses --- | |
| ipv6.gateway --- | |
| ipv6.method disabled | |
| ipv6.routes --- | |
| vrrp.instances --- | |
| root@p16v-aloha-x2:~# echo $? | |
| 0 |
With clearer status codes, it’s now easier for administrators to validate the execution of commands, streamlining workflows and improving reliability when configuring and managing the network.
Contextual help: simplifying network management
Before HAProxy ALOHA 17.0, administrators had no built-in help system for netctl, making it harder to understand command syntax and available options. This made implementing complex networking configurations like VLANS, bonds, and VRRP more challenging.
HAProxy ALOHA 17.0 introduces contextual help, enabling users to quickly access guidance without having to dig through documentation or tutorials. This added contextual help will:
Reduce misconfigurations
Enhance efficiency
Make
netctlmore intuitive
For example, when modifying a network connection, netctl will now suggest options:
| root@p16v-aloha-xx:~# netctl connection modify ethernet-eth5 master <hit TAB key twice> | |
| eth0 eth1 eth2 eth3 eth4 eth5 eth6 eth7 lo sync tunl0 |
As another example, netctl can display help based on the current connection context/configuration level:
| root@p16v-aloha-x1:~# netctl connection modify id ethernet-eth7 <TAB twice> | |
| 802-3-ethernet.auto-negotiate connection.master id ipv6.method | |
| 802-3-ethernet.duplex connection.slave-type ifname ipv6.routes | |
| 802-3-ethernet.mtu connection.type ipv4.addresses master | |
| 802-3-ethernet.speed dev ipv4.gateway slave-type | |
| bond.options ethernet.auto-negotiate ipv4.method type | |
| con-name ethernet.duplex ipv4.routes vlan.id | |
| connection.id ethernet.mtu ipv6.addresses vlan.parent | |
| connection.interface-name ethernet.speed ipv6.gateway vrrp.instances |
The introduction of contextual help will make using the Network Management CLI smoother and more intuitive. With this improved usability, configuring the network stack on HAProxy ALOHA appliances has never been easier.
Reworked Stream Processing Offloading Engine
Stream Processing Offloading Engine (SPOE) enables administrators, DevOps, and SecOps teams to implement custom functions at the proxy layer using any programming language. However, as HAProxy ALOHA’s codebase has evolved, maintaining the original SPOE implementation became a bit more complex.
With HAProxy ALOHA 17.0, SPOE has been updated to fully support HAProxy ALOHA’s modern architecture, allowing greater efficiency in building and managing custom functions. It’s now implemented as a “mux”, which allows for fine-grained management of SPOP (the SPOE Protocol) through a new backend mode called mode spop. This update brings several benefits:
Support for load-balancing algorithms: You can now apply any load-balancing strategy to SPOP backends, optimizing traffic distribution.
Connection sharing between threads: Idle connections can be shared, improving efficiency on the server side and response times on the agent side.
What does this mean for our customers? We’ve future-proofed SPOE to better integrate with HAProxy ALOHA’s infrastructure! Rest assured, the reworked SPOE was achieved without any breaking changes. If you’ve built SPOA (Agents) in previous versions of HAProxy ALOHA, they’ll continue to work just fine with HAProxy ALOHA 17.0.
Upgrade to HAProxy ALOHA 17.0
When you are ready to upgrade to HAProxy ALOHA 17.0, follow the link below.
Product | Release Notes | Install Instructions | Free Trial |
