On 7 April 2011 10:53, John Helliwell <[email protected]> wrote:
> On 7 April 2011 10:12, Willy Tarreau <[email protected]> wrote: > >> Hi John, >> >> On Wed, Apr 06, 2011 at 05:27:09PM +0100, John Helliwell wrote: >> > Hi, >> > >> > Another one for Solaris! >> >> Thanks for the report, this one is not solaris-specific, as >> we could reproduce it here on Linux too. While checking for it, >> we found another one. Both were introduced in 1.5-dev5. You can >> get them here : >> >> >> http://git.1wt.eu/web?p=haproxy.git;a=commitdiff_plain;h=442452034e1a3bed25201af033847a59b60748e9 >> >> http://git.1wt.eu/web?p=haproxy.git;a=commitdiff_plain;h=c9f6011760b2e829421c4b57f9b04169734a2cb4 >> >> Cheers, >> Willy >> >> > Hi Willy, > > That's fantastic - I have applied the patches, and can confirm that > stick-tables now work as I imagined they would. (I have deliberately > obscured the full IP address of my poor victim below :-) ) > > > show table dynamic-content data.conn_rate gt 2 > # table: dynamic-content, type: ip, size:1048576, used:102 > 661e74: key=86.10.xx.xx use=0 exp=13394 conn_rate(30000)=3 > > I think the next step is to place this in use on one of the four the live > site haproxies, run a day's traffic though it (about 12GB per haproxy box), > and monitor the stability and latencies throughout the day. Last night the > site peaked at 20Mbits/sec and haproxy didn't even break into a sweat - > thoroughly impressive. > > We had problems though when one of our users left a book on his keyboard, > which sent 2500 browser refreshes per minute to a dynamic content PHP driven > site, which is why we want to introduce per-user flood protection... > > Tomorrow, I might even put the use_backend flood-protection if { > sc1_get_gpc0 gt 0 } clause live! > > Thanks again Willy! > > Best Regards > > John. > > -- > John Helliwell > Hi all, Just to report that our live site ran with Solaris 10 / haproxy-1.5dev5 + patches for - [BUG] stream_sock: use get_addr_len() instead of sizeof() on sockaddr_storage - [BUG] TCP source tracking was broken with IPv6 changes - [BUG] stick-tables did not work when converting IPv6 to IPv4 and sent out 8,587,556,938 byes of data at a max session rate of 119 sess/sec in the last 17 hours with no problems. I'd say that's working alright :) Regards John -- John Helliwell
