Hi Zhi, On Sat, Dec 10, 2016 at 11:35:07AM +0800, zhi wrote: > backend 39ca866e-cadd-4915-bf80-cfc4a43d4591 > source 0.0.0.0 usesrc clientip > mode tcp > balance roundrobin > timeout check 5000 > server 6bd4198e-baf5-4c28-84f9-db395ab8982b 192.168.0.175:111 weight 2 > check inter 10s fall 3 > > > Then I visit the HAProxy service and catch packets in HAProxy's interface. > I find so many RST packets like this: > > [image: ???????????? 1] > > 192.168.0.186 is HAProxy service and 192.168.0.175 is real server. > > In TCP three handshakes, > handshake 1: 192.168.0.186 -> 192.168.0.175 [syn] > handshake 2: 192.168.0.175 -> 192.168.0.186 [syn, ack] > handshake 3: 192.168.0.186 -> 192.168.0.175 [rst, ack] > > Then HAProxy service try to connect real server again like this: > handshake 1: 192.168.0.186 -> 192.168.0.175 [syn] > handshake 2: 192.168.0.175 -> 192.168.0.186 [syn, ack] > handshake 3: 192.168.0.186 -> 192.168.0.175 [rst, ack]
These are TCP health checks performed by you "check" directive on the server line. The purpose is to check if the port is opened. We take care of closing with an RST so as not to wake up the application then close and pollute its logs with protocol errors. When you know the application protocol you can instead use an application level check, but here it seems you're sending to a portmapper and there's no such health check. You don't have to worry about this, this is a totally normal behaviour. Cheers, Willy
