The first piece of advice you will receive is to disable the
nf_conntrack module :)
That should give a performance improvement. I will send on my sysctl
parameters if possible later. I would also recommend you sending in
your haproxy config, and upgrading to the haproxy version in epel
repos, if you don't wish to compile from source.
Chris
Sent from my iPhone
On 6 Oct 2009, at 18:25, Michael Marano <[email protected]> wrote:
We’ve completed a move to Rackspace Cloud and are now using HAproxy
as our load balancer. Haproxy is a Phenomenal piece of software.
The primary issue I’ve noticed from haproxy is that my backends are
frequently going DOWN/UP, and we’re having some long request times a
s well as serving occaisional 504’s. I’ve been doing my research
and understand that I need to do some system tuning via sysctl to ge
t things running properly. All references have different reccomenda
tions on what parameters to tune, and I’m a bit hesitant to copy/pas
te from multiple resources.
Is there a baseline set of recommended tunings that I can apply as a
first response before digging into the gritty details?
I’ve attached a bunch of details below. Thanks for any help you can
provide.
Michael
-------
[mmar...@w1 w1]$ cat /etc/redhat-release
CentOS release 5.3 (Final)
[mmar...@w1 w1]$ uname -a
Linux w1.gamesradar.com 2.6.24-23-xen #1 SMP Mon Jan 26 03:09:12 UTC
2009 x86_64 x86_64 x86_64 GNU/Linux
[mmar...@w1 w1]$ /usr/sbin/haproxy -v
HA-Proxy version 1.3.18 2009/05/10
Here’s what I’m finding in /var/log/messages:
Oct 2 23:12:38 w1 kernel: [1556670.291082] printk: 482 messages
suppressed.
Oct 2 23:12:38 w1 kernel: [1556670.291102] nf_conntrack: table
full, dropping packet.
Oct 3 01:34:49 w1 kernel: [1566552.616316] possible SYN flooding on
port 80. Sending cookies.
Oct 3 03:19:52 w1 kernel: [1572838.886342] printk: 294 messages
suppressed.
[mmar...@w1 w1]$ sudo /sbin/sysctl -a | grep ^net
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_sack = 1
net.ipv4.tcp_retrans_collapse = 1
net.ipv4.ip_forward = 0
net.ipv4.ip_default_ttl = 64
net.ipv4.ip_no_pmtu_disc = 0
net.ipv4.ip_nonlocal_bind = 0
net.ipv4.tcp_syn_retries = 5
net.ipv4.tcp_synack_retries = 5
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_max_tw_buckets = 180000
net.ipv4.ipfrag_high_thresh = 262144
net.ipv4.ipfrag_low_thresh = 196608
net.ipv4.ip_dynaddr = 0
net.ipv4.ipfrag_time = 30
net.ipv4.tcp_keepalive_time = 7200
net.ipv4.tcp_keepalive_probes = 9
net.ipv4.tcp_keepalive_intvl = 75
net.ipv4.tcp_retries1 = 3
net.ipv4.tcp_retries2 = 15
net.ipv4.tcp_fin_timeout = 60
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_abort_on_overflow = 0
net.ipv4.tcp_stdurg = 0
net.ipv4.tcp_rfc1337 = 0
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.ip_local_port_range = 32768 61000
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.icmp_errors_use_inbound_ifaddr = 0
net.ipv4.route.min_delay = 2
net.ipv4.route.max_delay = 10
net.ipv4.route.gc_thresh = 262144
net.ipv4.route.max_size = 4194304
net.ipv4.route.gc_min_interval = 0
net.ipv4.route.gc_min_interval_ms = 500
net.ipv4.route.gc_timeout = 300
net.ipv4.route.gc_interval = 60
net.ipv4.route.redirect_load = 5
net.ipv4.route.redirect_number = 9
net.ipv4.route.redirect_silence = 5120
net.ipv4.route.error_cost = 250
net.ipv4.route.error_burst = 1250
net.ipv4.route.gc_elasticity = 8
net.ipv4.route.mtu_expires = 600
