Hi,
we are using HAProxy with its default 2000 maxconn limit and a listen block:
listen stats :1936
mode http
monitor-uri /healthz
which we use to check HAProxy's "health" by external HTTP probes. The
behaviour I'm seeing is that once the default 2000 maxconn limit is
reached, HAProxy stops listening for new connections and these are queued
in the kernel. This includes the ":1936/healthz" probes which timeout and
HAProxy's state is being interpreted as "unhealthy", rather than "busy".
While we can health-check HAProxy in other ways (e.g. stats UNIX domain
socket in stream mode), HTTP health-checks are preferred since they better
reflect HAProxy's ability to process requests.
As far as I can see, staying with the HTTP probe model, we can increase the
global maxconn limit or/and increase the health-check's timeout period.
Do you see any other options? What are the dangers of setting the global
maxconn limits really high apart from increased HAProxy's memory usage?
I've seen reports <https://www.linangran.com/?p=547> of people going as
high as maxconn=2000000 and achieving 300k concurrent TCP connections on a
reportedly outdated PC.
Many thanks.
Jiri
