On 03/07/2013 01:20 PM, Lukas Tribus wrote:
Aren't using HTTPS in the frontend when benchmarking haproxy and plain HTTP
when benchmarking the original server, are you? That could explain the
performance differences.
No, I only tested HTTP version :)
Anyway, you do want to enable keepalive and to do that you need to remove "option
httpclose" from the sections and insert "option http-server-close" in both frontend
and backend [1].
I did that change and there seems to be an improvement, instead of some
25K TIME_WAIT connections I now have only 5K.
You can unload the conntrack module in your kernel with insmod -r <module> (check loaded modules
with lsmod), but consider that you may need it for stateless iptable rules (check for
"established" in the "iptables -vnL" output).
I need it for my firewall it seems so I'll leave it for now.
Thank you so much for your help!
Alex
