That's interesting, I would have never thought of that. I did run `tcpdump -i eth0 -w dns.pcap` (eth0 is the internet facing interface) and ran my site for a while but nothing matched a DNS request. I don't have something in front of the proxy towards the internet to listen on at the moment either but I will definitely keep that in mind for later, thanks.
-a On Oct 26, 2010, at 5:52 PM, Hank A. Paulson wrote: > Just a guess, but is there something that might be doing reverse dns lookups > for each request when using haproxy? I find when I turn on tcpdump on port 53 > on a firewall or router, I and others are surprised at how much reverse > lookup traffic there is going on in any given environment. > > On 10/26/10 2:02 PM, Simon Green - Centric IT Ltd wrote: >> Don't think there's hasn't been any traffic on this thread, so I thought I'd >> just chip in and say we run HAProxy on ESX4.1 with Stunnel in front on the >> same server and Apache servers behind and don't experience anything like the >> latency you mention below. >> >> -----Original Message----- >> From: Ariel [mailto:[email protected]] >> Sent: 25 October 2010 18:45 >> To: haproxy >> Subject: Strange latency >> >> I am using Rackspace cloud servers and trying to convince my boss that we >> should be using haproxy instead of apache at our frontend doing load >> balancing. For the most part I have set up what I consider a fairly >> successful staging environment (I have working ACL's and cookie based >> routing). The problem however is that when I use haproxy as my load >> balancer my round-trip time for a request goes up by about 50ms. With >> apache as the proxy every request has RTT of ~50ms, but now they are at over >> 100ms. >> >> I am using the same backend servers to test both apache and haproxy, all >> configuration rules the same as I could make them (client side keep-alive >> enabled). Also for a comparison I also set up a quick nginx server to do >> its (very dumb) load balancing solution, and its results are at the same >> speed or better of apache. Also, even when apache is terminating SSL and >> forwarding it on, the RTT does not go up. All three software is running >> (one at a time) on the same virtual server, so I don't think it is that I >> got a bad VPS slice or something like that. >> >> Also, when I use stunnel in front of haproxy to terminate https requests, it >> adds another ~50ms to the total RTT. And if I have to make the request go >> through another stunnel to the backend (a requirement for PCI compliance), >> it adds another ~50ms again. So now using the site with SSL is over 300ms >> per request just from the start. That may not be *terrible* but the site is >> very interactive and calls one AJAX request per second to keep lots of >> things updated. For general users around the internet the site is going to >> appear unresponsive and slow... >> >> I was wondering if anyone using haproxy in a virtualized environment as ever >> experienced something like this? Or maybe some configuration options to try >> to debug this? >> >> -a >> >
