Thank you for support, we have fixed our issues. Ha. ----- Original Message -----
From: "brendan kearney" <[email protected]> To: "Lukas Tribus" <[email protected]> Cc: [email protected] Sent: Monday, March 23, 2015 2:40:57 PM Subject: Re: HAProxy and site failover I have confirmed the behavior. In both cases all new connections receive a RST when a backend server is not available to service the request. The behavior is Syn -> RST in both cases. Any existing connections timeout. On Mar 21, 2015 9:11 AM, "Brendan Kearney" < [email protected] > wrote: On Sat, 2015-03-21 at 14:03 +0100, Lukas Tribus wrote: > > haproxy is a tcp (layer 3/4) proxy, that can perform application (layer > > 7) functions. i am already doing service checks against my proxies to > > validate their availability. when no pool member is available, haproxy > > knows it. there are no external helpers needed to make this > > determination. the layer 7 capabilities make this possible. > > > > the injection of a RST is part-and-parcel to the tcp proxy > > functionality. i can understand if the functionality in not in haproxy, > > but it is not outside the realm of capability for a t. > > The 3 way TCP handshake happens before the application (haproxy) is even > aware of the session, therefor this is only possible if the kernel handles > it (iptables), which is why I said its only possible with external helpers. > > Or is what you are requesting to send a RST in the middle of an already > established TCP session? > > > Please CC the mailing list. > > > Lukas > > sorry, thought i did cc the list. i will have to test out the behavior, as this is an implemented solution where i work, using other products. i can test a couple of different scenarios that come to mind. 1, new browser session comes in to the load balancer, and no backend servers are available. where / when is the RST sent? 2, a session to the load balanced exists, and the backend servers become unavailable. where / when is the RST sent? i'll run these scenarios and let you know what i find in a packet capture.
