On Sat, 2015-03-21 at 14:03 +0100, Lukas Tribus wrote: > > haproxy is a tcp (layer 3/4) proxy, that can perform application (layer > > 7) functions. i am already doing service checks against my proxies to > > validate their availability. when no pool member is available, haproxy > > knows it. there are no external helpers needed to make this > > determination. the layer 7 capabilities make this possible. > > > > the injection of a RST is part-and-parcel to the tcp proxy > > functionality. i can understand if the functionality in not in haproxy, > > but it is not outside the realm of capability for a t. > > The 3 way TCP handshake happens before the application (haproxy) is even > aware of the session, therefor this is only possible if the kernel handles > it (iptables), which is why I said its only possible with external helpers. > > Or is what you are requesting to send a RST in the middle of an already > established TCP session? > > > Please CC the mailing list. > > > Lukas > >
sorry, thought i did cc the list. i will have to test out the behavior, as this is an implemented solution where i work, using other products. i can test a couple of different scenarios that come to mind. 1, new browser session comes in to the load balancer, and no backend servers are available. where / when is the RST sent? 2, a session to the load balanced exists, and the backend servers become unavailable. where / when is the RST sent? i'll run these scenarios and let you know what i find in a packet capture.