> So you are saying that by using the maxconn property in the global > config block HAProxy is automatically adjusting the systems ulimit > setting?
Yes, HAproxy is automatically adjusting and configuring ulimit based on your configuration (based on settings like maxconn and maxpipes). So unless you know exactly how HAproxy and the kernel handles every single connection and have a valid reason for it, you are advised to remove the ulimit-n from configuration, so HAproxy can figure out the best value. > global > maxconn 4096 > ulimin-n 4096 In this case, you may run into problems with TCP splicing (splicing uses pipes and each pipe uses 2 fd's). Because of corner cases like this, I would strongly suggest to remove the ulimit-n keyword from the configuration and let haproxy handle it. > what's a generally effective approach at deciding what to set > your maxconn to? Consider that this are _concurrent_ connections. If maxconn is maxed out, that doesn't mean the client sees an error or the connection times out. The TCP session (client <--> haproxy) will be established, but not processed. It will wait in queue until another session is completed. What you can or should set as maxconn value depends on your hardware and what your services actually need. If you don't have any concurrent session numbers from your application, I suggest you start with a small maxconn value, and then increment it slowely. Simultaneously monitor the actual session rate you hit and the load on your system. That way you will understand how your hardware and kernel cope with certain numbers and you will also see how many simultanous connections you actually have. With this knowledge you can probably better decide howto configure haproxy. > do all your frontend maxconn directives need to add up to, and > not surpass, your global maxconn value? Refer to [1]; there are some answers to your question in the second posts (actually, the guy is quoting Willy). Lukas [1] http://stackoverflow.com/questions/8750518/difference-between-global-maxconn-and-server-maxconn-haproxy