hey, When a packet is lost, there is a retransmit 3s later (TCP protocol). Which is under the 10s of the timeout currently configured. So this can't be the reason of too many 408.
Either you're under attack (somebody trying to take all the resources of your website using slowloris-like scripts). Or you have a high rate of packet loss. Cheers 2012/4/5 fred hu <frederick...@gmail.com>: > brower will open upto 6 connection to your server, while not all of them > will be used. > that is one source of 408 > another source is the request of your client is larger than 1460 due to > cookie or some else. so the request is splited into two packets.and the > latter lost due to network. > > however both case, 10% 408 is extremely high. 1% 408 was found in my > production env. > > try change timeout http-request from 10000 to 20000 and see what will > happen. > > 在 2012-4-5 半夜12:20,"Alon M" <a...@datonics.com>写道: > >> Hello , >> we started to use haproxy on our production environment. >> the request are coming to a layer 4 load balancing - ldirector which >> forwards >> them to a haproxy which forwards it to a tomcat on the same server . >> >> our connection handling inside tomcat is fast - ~10 mili seconds, and we >> want to >> delegate the connection handling with the WAN to haproxy instead of a >> tomcat >> thread thus getting batter throughput . >> >> we are getting a lot of http request error, about 10% of the requests are >> timed >> out on the client side, increasing the "timeout http-request", does not >> help , >> the connection just terminates after the max time has passed. >> >> echo "show errors" | socat unix-connect:/tmp/haproxy stdio is clear . >> >> below are a few error records from the log : >> >> Apr 4 14:01:38 localhost.localdomain haproxy[22451]: 95.206.61.53:62766 >> [04/Apr/2012:14:01:28.855] pm pm/<NOSRV> -1/-1/-1/-1/10001 408 212 - - >> cR-- >> 13/13/2/0/0 0/0 "<BADREQ>" >> Apr 4 14:01:39 localhost.localdomain haproxy[22451]: 67.197.4.199:55973 >> [04/Apr/2012:14:01:29.025] pm pm/<NOSRV> -1/-1/-1/-1/10000 408 212 - - >> cR-- >> 12/12/3/0/0 0/0 "<BADREQ>" >> >> here are some details - >> >> Linux tapp4.ny 2.6.18-274.3.1.el5 #1 SMP Tue Sep 6 20:13:52 EDT 2011 >> x86_64 >> x86_64 x86_64 GNU/Linux >> >> >> [root@tapp4 haproxy-1.4.20]# more /etc/issue >> CentOS release 5.5 (Final) >> Kernel \r on an \m >> >> >> [root@tapp4 haproxy-1.4.20]# /usr/sbin/haproxy -vv >> HA-Proxy version 1.4.20 2012/03/10 >> Copyright 2000-2012 Willy Tarreau <w...@1wt.eu> >> >> Build options : >> TARGET = linux26 >> CPU = generic >> CC = gcc >> CFLAGS = -O2 -g -fno-strict-aliasing >> OPTIONS = >> >> Default settings : >> maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 >> >> Encrypted password support via crypt(3): yes >> >> Available polling systems : >> sepoll : pref=400, test result OK >> epoll : pref=300, test result OK >> poll : pref=200, test result OK >> select : pref=150, test result OK >> Total: 4 (4 usable), will use sepoll. >> >> any help would be much appreciated . >> >> Alon >> >> >> >> >> >
