Thanks for your feedback on this Thomas.
On 03/06/2013 06:08 PM, Thomas Heil wrote:
Well 120 up to 200ms would be okay, but 4000ms is not. Could you disable
Firewalling, e.g. unload all neccessary modules on the HAProxy Machine?
I made again some tests and when the service isn't much used (that is
about 1/3 of its peak time usage) then ab testing via HAproxy or
directly returns
very close results 24ms on average (directly) vs. 42 on average (via
HAproxy)
The problem seems to occur only when there is high load -> the number of
TIME_WAIT connections on the client side go over 20K
Firewall ON/OFF - won't make a difference.
I suspect that is because of this that the service doesn't always
perform well but I would surely appreciate any advice from you.
Also, let me know what kernel params or configuration files you might
need me to share with you in order to get a better understanding.
Would you mind, share your sysctl settings?
Sure, here they are on HAproxy side
/
//#net.ipv4.ip_forward=1//
//net.ipv4.conf.all.rp_filter=1//
//net.ipv4.icmp_echo_ignore_broadcasts=1//
//
//net.ipv4.tcp_tw_recycle = 1//
//net.ipv4.tcp_tw_reuse = 1//
//net.ipv4.ip_local_port_range = 1024 65023//
//net.ipv4.tcp_max_syn_backlog = 10240//
//net.ipv4.tcp_max_tw_buckets = 400000//
//net.ipv4.tcp_synack_retries = 3//
//net.core.somaxconn = 10000//
//net.ipv4.tcp_fin_timeout = 5//
//net.ipv4.tcp_max_orphans = 8192//
//net.ipv4.tcp_orphan_retries = 1//
//net.ipv4.netfilter.ip_conntrack_max = 55000//
//net.ipv4.ip_local_port_range = 1025 65000//
//fs.file-max = 3269728//
//net.ipv4.netfilter.ip_conntrack_max = 1024000//
//net.netfilter.nf_conntrack_max = 1024000//
//net.nf_conntrack_max = 1024000//
//net.core.netdev_max_backlog = 50000//
//net.core.somaxconn = 50000/
