On Tue, May 13, 2014 at 03:03:39PM +0200, John-Paul Bader wrote: > Hey, > > we have already tried and disabled all custom sysctls - the behavior was > not getting any better unfortunately :/ > > The whole process locks up, the stats web page does not load anymore and > like described, we get lots of log entries that no backends are > available anymore. > > I could try to create a ktrace for a synthetic test run like this as it > happens rather quickly after starting the test.
That could help. The only possible reason that comes to my mind for now would be that for any reason, SO_LINGER would be ignored on fbsd when haproxy actively closes a connection to a server, preventing the port from being reusable for the time needed to get rid of the resulting TIME_WAIT socket. That would be a big problem which could affect other proxies like squid for example, so I would find it strange. Do you see any TIME_WAIT sockets on the maching running haproxy, towards the servers ? Oh and BTW, are you running with PF ? I have some old memories of PF abusively randomizing sequence numbers and preventing new connections from being initiated using a same source port from the came client. It was so odd that I had to disable it on my home reverse-proxy running OpenBSD! That is easy to test, simply run "pfctl -d" to disable it and test again. Regards, Willy
