> I have confirmed the behavior. In both cases all new connections
> receive a RST when a backend server is not available to service the
> request. The behavior is Syn -> RST in both cases. Any existing
> connections timeout.
That doesn't change the fact that an application can't do this, the
TCP stack needs to do this, and HAProxy doesn't implement its own
TCP stack, it leverages the TCP stack of the OS.
As I said, you need external helpers to install iptables rules or
something like that.
The only thing an application could theoretically do, would be to
close the listening socket and reopen it once the services are available
again, but this introduces so much issues (for example we can't drop
privileges, we can't monitor the proxy at all, we need to call the bind logic
again and again, etc), that I don't think its worth the trouble.
I understand that your existing (probably proprietary) load-balancing
solution can do this (and it probably only can because some user presented
a huge business case to that vendor), but that doesn't mean it makes sense
to implement it in an a layer 4/7 reverse proxy application.
Lukas
