Thank you for your tips - they are much appreciated. Baptiste said the following on 06/30/2014 04:34 PM: [CUT] > > You can use transparent proxying. > that way, you can have up to 64K source port per source IP address :) > It should be enough. > That said, it requires you change the XMPP servers' default gateway to > your HAProxy box. > Or that I simply add the public IP to the backends loopback interface and tell it not to respond to arp for that ip on other interfaces (that's what I do with LinuxVirtualServer).
But perhaps that approach does not work with haproxy? > At that level of connections, you should also check memory footprint, > which could be huge! > Note also that 1 process can have up to 1.000.000 file desciptors, > which means that at most, 1 HAProxy can forward 500.000 TCP > connections (since HAProxy needs 1 connection on the client side and > an other one on the server side). > I found that.. it seems to still be the case :( I'd need a setup where haproxy divided the open descriptors amongst child-processes then. f.ex. by having each backend being a process - and then setting up two backends, with the same backend servers. 500k is unfortunately very close to the expected load.. (they want to connect different boxes, mobile phones etc. to this xmpp setup). I'll have to start somewhere, and then I'll have to figure out how to test simulate this load in some way - before I hit this limit in production :) -- Regards, Klavs Klavsen, GSEC - [email protected] - http://www.vsen.dk - Tlf. 61281200 "Those who do not understand Unix are condemned to reinvent it, poorly." --Henry Spencer
