The application itself is responding properly. I can test directly to it, bypassing haproxy, and response times are very fast.
I hear you on the timeouts, those were actually pulled from an example 2013 config here : http://blog.haproxy.com/2012/12/17/microsoft-exchange-2013-load-balancing-with-haproxy/ The thought on http-no-delay is from this thread http://haproxy.formilux.narkive.com/sw2UL3za/low-performance-when-using-mode-http-for-exchange-outlook-anywhere-rpc Microsoft stretches the http protocol to maintain connections for in and out data and sets content length to 1GB and by default haproxy waits for all of the content before forwarding it. So it may be evil but is used to counter an even greater evil! HA-Proxy version 1.5.4 2014/09/02 Copyright 2000-2014 Willy Tarreau <w...@1wt.eu> Build options : TARGET = linux26 CPU = generic CC = gcc CFLAGS = -m64 -march=x86-64 -O2 -g -fno-strict-aliasing OPTIONS = USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built without zlib support (USE_ZLIB not set) Compression algorithms supported : identity Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 7.8 2008-09-05 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. ----- Original Message ----- From: Lukas Tribus <luky...@hotmail.com> To: Tod Schmidt <tschmi...@yahoo.com>; "haproxy@formilux.org" <haproxy@formilux.org> Cc: Sent: Tuesday, February 10, 2015 11:01 AM Subject: RE: SSL Performance Issues with Exchange 2010 Hi Tod, > The only thing I found that I think may be causing this is Outlook > Anywhere/RPC > over HTTPS. I did not find the option for http-no-delay until after testing > so I > am wondering if this one setting could cause this type of behavior? Do you have problems with the actual application when the issue is not happening? If not, then please don't configure http-no-delay, it will only hurt the proxy performance. Do avoid this, its evil. > I am assuming it might since connections are hanging until the client timeout. I assume connection are hanging because of your huge timeouts and you simply hit maxconn. > timeout client 300s & 5 minute timeout for clients > timeout server 300s & 5 minute timeout for servers I suggest to lower both those settings to something like 5 seconds. > timeout queue 30s & 30 seconds max queued on load balancer and this to something like 1 - 5 seconds. > timeout http-keep-alive 1s & 1 second max for the client to post next request I suggest to increase this to at least 5 seconds or more. Since you make heavy use of SSL, I would set this to 10 - 30 seconds actually, but YMMV as it depends on how your clients are using the application. Also, you should probably tell us the release and the output of "haproxy -vv". Regards, Lukas
