On 03/03/2015 12:14 πμ, Lukas Tribus wrote: >> The HAProxy is used by normal browsers >> but also from cronjobs with various languages(Perl,Python,C,Go etc) >> >> I was surprised about this very long inactivity period for TCP >> connection on a system which has reasonable settings for TCP keepalive[3]. > > This is not what TCP keepalives does. First of all TCP keepalive will > keep the connection alive as long as the TCP peer on the other side > answers the probe requests (but doesn't enforce a layer 7 inactivity timeout). > > Second of all, you would have to specifically enable TCP keepalive via > config "option clitcpka", which you didn't. >
My mistake was that I assumed that TCP keepalive is enabled on HAProxy by default, thus I surprised I didn't see any TCP keepalives. > TCP keepalives have nothing to do with your problem, nor will they > solve your issue. > > > >> But setting 'timeout tunnel' is not set, and since this HAProxy is >> serving proxy traffic to squid all client/server connections are treated >> as tunnels. am I right? > > No, because you configured "option http-server-close" mode, which means > keep-alive on the client side, *not* tunnel mode. In fact, tunnel mode > would break your forwardfor config. > > > >> For few of the connections that were in established state( for the old >> process) I run tcpdump and saw no activity at all, I have attached a >> network trace from one those and you can see that client sends >> periodically every 10min 5bytes. > > According to your configuration, you have a 10 seconds keep-alive timeout, > thus, after 10 seconds of inactivity, the TCP session should close, HOWEVER > you do have some insane timeouts that may affect the session anyway: > >> timeout queue 1m >> timeout client 30m >> timeout server 30m > Hold on a second let me get that right. Without TCP keep alive enabled, a client which sends some data every 10mins and timeout client set to 30m it more or less means that the connection will only drop by the client. Am I right? what happens to this particular connection when TCP keep alive is enabled but timeout client stays at 30m? I believe nothing. I am trying to understand which settings enforce closure of a TCP session after X time of no data seen from the client. I believe is a combination of timeout client and/or timeout http-keep-alive. When I read the following from timeout http-keep-alive help: If this parameter is not set, the "http-request" timeout applies, and if both are not set, "timeout client" still applies at the lower level. It should be set in the frontend to take effect, unless the frontend is in TCP mode, in which case the HTTP backend's timeout will be used. ---------------------------------------------------------------------- I understand that connection should have been closed since I use timeout http-keep-alive 10s. > Bring'em down to 5 seconds each, not more. > I will do. > Upgrade HAProxy to latest 1.5 stable. There is a decent amount of fixes > since 1.5.6. > I had that in my todo list anyways, so I need to bump the priority and get 1.5.11 installed. > If it still doesn't timeout, connect to the unix domain socket of your old > process (you will have to change socket path before reloading to avoid) > and issue "show sess". > I will do, thanks a lot for the reply. Pavlos
signature.asc
Description: OpenPGP digital signature
