On 09/28/2012 08:12 AM, Willy Tarreau wrote:
What happens sometimes is conntrack is loaded with default settings in
the hypervisor, limiting the connection rate to a very low throughput
once all ports have been used. However bitrate is not affected of course.
I've asked our sysadmin to remove the conntrack module altogether, from
googling this, this seems to be the most adequate solution.
I've also done an iperf test from the second lb's interface to the first
lb's interface (both are on separate physical machines) and this results
in a throughput of 941Mbits/s.
OK so at least we can say that the physical network works well.
In your logs I'm seeing that your nginx server responds in roughly 50-100ms,
and that you have around 10 concurrent connections on the frontend max. This
means around 100-200 connections per second max. It would thus be possible
that you're limited there (or by the number of concurrent conns sent by siege).
I just ran siege from the internal network to haproxy first; It would
seem that the issue doesn't happen here (earlier tests were to the
external IP on the BSD firewall, this one to the 10.x.x.x interface), so
it might be that the BSD firewall is causing issues here?
- update your haproxy to the latest stable version in your branch
(1.4.22) to get all known fixes, and check again. If nothing here
helps, then a tcpdump on the siege host would help. Regards, Willy
Okay, I'll do this. I simply installed the Debian wheezy package. As
there are so many resolved bugs, perhaps it's a good plan to get a
package built for wheezy before release?
Thanks,
Fred
