Hi Baptists, Sorry I didn't provide more details earlier.
-------------------------------------------------------------------------------------------------- 1. root@HAPROXY:~# haproxy -vv HA-Proxy version 1.5.8 2014/10/31 Copyright 2000-2014 Willy Tarreau <[email protected]> Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.7 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.1k 8 Jan 2015 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 8.30 2012-02-04 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. -------------------------------------------------------------------------------------------------- 2. Configuration file: global daemon maxconn 60000 quiet nbproc 2 maxpipes 16384 user haproxy group haproxy stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 2m defaults option dontlognull option forwardfor option http-server-close retries 3 option redispatch maxconn 60000 option splice-auto option prefer-last-server timeout connect 5000ms timeout client 50000ms timeout server 50000ms frontend www-http bind *:80 reqadd X-Forwarded-Proto:\ http default_backend www-backend frontend www-https bind *:443 ssl crt /etc/ssl/private/haproxy.pem ciphers AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH rspadd Strict-Transport-Security:\ max-age=31536000 reqadd X-Forwarded-Proto:\ https default_backend www-backend userlist stats-auth group admin users admin user admin insecure-password admin group readonly users user user user insecure-password user backend www-backend mode http maxconn 60000 stats enable stats uri /stats acl AUTH http_auth(stats-auth) acl AUTH_ADMIN http_auth(stats-auth) admin stats http-request auth unless AUTH balance roundrobin option prefer-last-server option forwardfor option splice-auto option splice-request option splice-response compression offload compression algo gzip compression type text/html text/plain text/javascript application/javascript application/xml text/css application/octet-stream server nginx-1 192.168.122.101:80 maxconn 15000 cookie S1 check server nginx-2 192.168.122.102:80 maxconn 15000 cookie S2 check server nginx-3 192.168.122.103:80 maxconn 15000 cookie S3 check server nginx-4 192.168.122.104:80 maxconn 15000 cookie S4 check -------------------------------------------------------------------------------------------------- 3. A 24 processor Ubuntu system starts 2 nginx VM's (KVM, 2 vcpu, 1GB), and 1 haproxy VM (KVM, 2 vcpu, 1GB). 'ab' runs on the host and tests with either the haproxy VM, or directly to one of the 2 nginx VM's. Sometimes during the test, I also see many "nf_conntrack: table full, dropping packet" messages on the host system. Thanks. - Krishna On Tue, Apr 21, 2015 at 1:29 PM, Krishna Kumar (Engineering) < [email protected]> wrote: > Hi all, > > While running the command: :" ab -n 100000 -c 1000 192.168.122.110:80/256 > ", > the haproxy stats page shows the 4 different backend servers changing > status > between "Active up, going down", "Active or backup down", "Down", "Backup > down, going UP", sometimes all 4 backends are in DOWN state. The result is > very > poor performance reported by 'ab' as compared to running directly against a > single backend. > > What could be the reason for this continuous state change? > > root@HAPROXY:~# haproxy -vv > HA-Proxy version 1.5.8 2014/10/31 > Copyright 2000-2014 Willy Tarreau <[email protected]> > > Build options : > TARGET = linux2628 > CPU = generic > CC = gcc > CFLAGS = -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat > -Werror=format-security -D_FORTIFY_SOURCE=2 > OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 > > Default settings : > maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 > > Encrypted password support via crypt(3): yes > Built with zlib version : 1.2.7 > Compression algorithms supported : identity, deflate, gzip > Built with OpenSSL version : OpenSSL 1.0.1e 11 Feb 2013 > Running on OpenSSL version : OpenSSL 1.0.1k 8 Jan 2015 > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports prefer-server-ciphers : yes > Built with PCRE version : 8.30 2012-02-04 > PCRE library supports JIT : no (USE_PCRE_JIT not set) > Built with transparent proxy support using: IP_TRANSPARENT > IPV6_TRANSPARENT IP_FREEBIND > > Available polling systems : > epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll. > > > Thanks, > - Krishna Kumar > >
