Two reasons for the presence of load balancers at this stage: to go further with the LB IP configuration and to overcome the inability to route requests directly from the LB IP to OVH RunAbove instances*, which are used as the front-end, reinforcing the 3 physical dedicated servers.
In this configuration, the LB IP directs basic requests (network layer), while HAProxy servers are able to sort finer, targeted requests (application routing). For example to manipulate headers answers in some cases.
It must be noted that the LB IP plays a role in securing the infrastructure by only opening ports 80 (http) and 443 (https) thereby limiting the attack perimeter. Additionally, the OVH.com load balancing service is based on 2 redundant physical load balancers (Cisco ACE), or up to 6 load balancers in the case of the “multi-datacenter” option, optimizing the response time via the “Anycast” principal (processing requests as close as possible to the user) porting the LB IP across all 3 datacenters: RBX, SBG, and BHS.
* OVH Load Balancing IP compatibility with RunAbove instances to be announced in the future.