Hi Willy,

> Now the question is, does it cause any problem for you or is it just that
> it came as a surprize and you were worried that it could cause problems ?

Yes, unfortunately it does create a problem.

Each backend server (a SOAP API) can only handle up to 7 concurrent
connections. The 8th connection freezes/is waiting for a server response.
In order to satisfy this max connection requirement to the backend
server(s) I wanted to use "maxconn 6".
My hope was that HAProxy would not allow more than 6 concurrent connections
going to each backend server.
>From POV of the SOAP API, an additional connection (7) is added because of
the regular healthcheck from HAProxy.

So now we have the problem that idle connections are not accounted for and
HAProxy keeps letting new connections going through.
This causes the SOAP backend servers to freeze up.

> The possible alternative would be to have an option to say that idle
> connections are accounted for and that some of them will be killed before
> passing a new connection to the server, but that will significantly reduce
> the efficiency of server-side keep-alive.

Yes, such an option would be really helpful. Should probably be turned off
by default, but it would be a great help for such scenarios.
But none of them should be killed if new requests are passed over to the
backend server.
In fact the option could do the same as counting the number of established
tcp connections going through HAProxy to the backend server and handle this
as CUR value.
The maxconn setting is then reached by all connections (whether they're
active or idle) resulting in HAProxy returning a 503 error.

> If you're really short on server-side connections and want to optimize
> them as much as possible, you can try to enable "http-reuse".

That's a good idea, but unfortunately won't work in this case.
Each session, even idle sessions, have a bound "ticket" in the SOAP API. A
reuse would basically hijack a session already in progress resulting in
data corruption.

I know it's a weird application design and I personally haven't ever seen
anything like this before.

I'm happy to provide my time/support for you to get in place such an
option. Just let me know.

In the meantime I'll probably try to solve this using iptables limits
behind HAProxy (between HAProxy and backend server).

Reply via email to