On Mon, Jun 30, 2014 at 4:22 PM, Vincent Bernat <[email protected]> wrote: > ❦ 30 juin 2014 15:54 +0200, Klavs Klavsen <[email protected]> : > >> As far as I can gather - that would mean it will run out of ports, when >> it hits about 64k connections being open. >> >> But perhaps ports can be reused, if they are used against different >> backends ? (ie. the max open connection amount in the linux tcp stack >> becomes 64k * backends-available) > > Yes, the 64k limit is per target IP. Only one connection can match a > source IP, source port, destination IP, destination port. So, with one > source IP, N destination IP and one destination port, you have about > N*64k simultaneous connections. > > You can increase the number of possible quadruplets by using multiple > target ports (you make the daemon listen on several ports on the > backends) or multiple target IP (you add more IP on your backends). > > Don't forget to tune net.ipv4.ip_local_port_range. > -- > Each module should do one thing well. > - The Elements of Programming Style (Kernighan & Plauger) >
You can use transparent proxying. that way, you can have up to 64K source port per source IP address :) It should be enough. That said, it requires you change the XMPP servers' default gateway to your HAProxy box. At that level of connections, you should also check memory footprint, which could be huge! Note also that 1 process can have up to 1.000.000 file desciptors, which means that at most, 1 HAProxy can forward 500.000 TCP connections (since HAProxy needs 1 connection on the client side and an other one on the server side). Baptiste
