Hi, On Sat, Jan 18, 2014 at 11:25:56AM +0800, Ge Jin wrote: > Hi, all! > > > I was confused when we use haproxy and option http-kee-alive, the > established is as twice as tunnel. But other tcp status stayed the > same level. > > #the tunnel mode > LISTEN 5 > FIN_WAIT_1 325 > FIN_WAIT_2 254 > SYN_SENT 49 > LAST_ACK 399 > CLOSING 16 > CLOSE_WAIT 70 > CLOSED 247 > SYN_RCVD 13 > TIME_WAIT 338 > ESTABLISHED 5797 > > #the http-keep-alived mode. > LISTEN 5 > FIN_WAIT_1 166 > FIN_WAIT_2 426 > SYN_SENT 103 > LAST_ACK 819 > CLOSING 5 > CLOSE_WAIT 137 > CLOSED 410 > SYN_RCVD 24 > TIME_WAIT 346 > ESTABLISHED 10019
I don't see any valid reason for this. Are you sure that the other mode is really tunnel mode and not http-server-close mode ? I'm seeing some "no option httpclose" etc in the config so I'm not sure what the config looks like when you're in tunnel mode. But at least that would explain the difference, with only the client-facing connections remaining opened. > And the configure we use > > #2013############## > global > log 192.168.149.1:10602 local4 info > pidfile /var/run/haproxy.pid > maxconn 100000 > maxpipes 50000 > daemon > stats socket /tmp/haproxy.sock mode 755 level admin > nbproc 1 > spread-checks 5 > tune.rcvbuf.client 16384 > tune.rcvbuf.server 32768 > tune.sndbuf.client 65536 > tune.sndbuf.server 16384 > node haproxy > > defaults > #TCP SECTION > maxconn 200000 > backlog 32768 > timeout connect 10s > timeout client 60s > timeout server 60s > timeout queue 30s > timeout check 5s > timeout http-request 5s > timeout http-keep-alive 10s > timeout tunnel 3600s > > > #HTTP SECTION > option accept-invalid-http-request > option accept-invalid-http-response > option redispatch > retries 2 > option httplog > no option checkcache > option http-keep-alive > > > #SYSTEM SECTION > option dontlog-normal > option dontlognull > option log-separate-errors > > > ######### frontend ############## > frontend tcp-in-tos02 > bind :2001 mss 1360 transparent > mode tcp > log global > option tcplog > no option http-keep-alive > no option accept-invalid-http-request > > #distingush HTTP and non-HTTP > tcp-request inspect-delay 60s > tcp-request content accept if HTTP > > acl check_SquidCluster-tos02 nbsrv(SquidCluster-tos02) 0 > > #ACTION > use_backend Direct if !HTTP > use_backend SquidCluster-tos02 if !check_SquidCluster-tos02 > default_backend Direct > > > backend SquidCluster-tos02 > mode http > option forwardfor header X-Client > balance hdr(Host) > source 0.0.0.0 > option httpchk GET http://www.yahoo.com > > server sq-L1-n1a 192.168.138.1:3001 weight 20 check inter 5s > maxconn 10000 > server sq-L1-n1b 192.168.138.1:3002 weight 20 check inter 5s > maxconn 10000 > server sq-L1-n1c 192.168.138.1:3003 weight 20 check inter 5s > maxconn 10000 > server sq-L1-n2a 192.168.138.2:3001 weight 20 check inter 5s > maxconn 10000 > server sq-L1-n2b 192.168.138.2:3002 weight 20 check inter 5s > maxconn 10000 > server sq-L1-n3a 192.168.138.3:3001 weight 20 check inter 5s > maxconn 10000 > server sq-L1-n3b 192.168.138.3:3002 weight 20 check inter 5s > maxconn 10000 > server sq-L1-n3c 192.168.138.3:3003 weight 20 check inter 5s > maxconn 10000 > server sq-L1-n3d 192.168.138.3:3004 weight 20 check inter 5s > maxconn 10000 > > > backend Direct > mode tcp > log global > option tcplog > no option http-keep-alive > no option httpclose > no option http-server-close > no option accept-invalid-http-response > no option http-pretend-keepalive > source 0.0.0.0 usesrc clientip > option transparent > > > Can any one help me to explain this ? Willy
