Nginx ip_hash behind proxy (Cloudflare)

From a purely performance perspective, let benchmarking make these decisions for you rather than assuming -- using a tool like httperf is invaluable when making architecture changes.

From an architectural philosophy perspective, I'm a little curious why you have both nginx and apache on the application servers. Nginx blazes at static content and efficiently handles most backend frameworks/technologies (Rails, PHP via FastFCGI, etc), so I would drop the final Apache layer. Once again, this comes from a limited understanding of the technologies that you're using, so you may have a need for it that I'm not anticipating (but if that's the case, you could always drop nginx on the app servers and just use apache -- it's not THAT bad at static content when configured properly).

Currently, I use nginx -> haproxy on load balancing servers and nginx on the app servers with much success. As Willy Tarreau stated, nginx and haproxy are a very fast combination, so I wouldn't worry about the speed of having both on the front-end, but keep in mind that adding additional layers increases complexity as well as the number of points of failure.

The very short answer: coincodence is why. The hashing algorithm made it end up in the same bucket, and the problem it tries to solve is "make sure that the same client always talks to the same backend - yet still try to keep a fairly even spread across my backends".

It's equivilent to other IP-hashing algorithms. On a very basic level:

1. You look at the IP-address of the peer contacting you.
2. You hash it - doing this gives you a fairly random number (yet, always the same for the same address) - more random than the IP-address, which depending on your users can be very sequential.
3. Pick a backend by doing hash % backends

What you accomplish by doing this, is a fairly even spread of your clients - yet you should be able to expect that the clients keep talk to the same backend for every request. This is very useful if you have session-data stored on each server, for example.

If you just want to spread the load across your backend, and don't have anything to worry about as far as your application goes; Round Robin is a better option - you'll get a more even spread (even though in most cases just marginally - ip_hash works great) - and it will consume slightly less resources due to not spending time hashing the client address.