> i am trying to understand why "option httpclose" would be a problem?
With httpclose in your configuration, you need 2 tcp session per *request* on your haproxy box. When you disable httpclose and enable only http-server-close, then you will use keepalive between the client and haproxy. With keepalive, you will have a lower number of tcp sessions and a way lower number of packets on your network (think about the packets exchanged if every http requests needs a full 3 way tcp handshake). Haproxy is not the bottleneck with httpclose, but something else is. That can be conntrack on the haproxy box, conntrack on the client box, or any firewall in between. The bottleneck can also be your virtualization system. Make sure you assign static, dedicated ressources to the VM (disable anything like RAM Ballooning) and unload conntrack from every box (client and haproxy). Also, check for packet loss, input and crc errors on your NICs.