Hi Mihir. Am 11.05.2018 um 05:57 schrieb Mihir Shirali: > Hi Aleksandar, > > Why do you add http header for a tftp service? > Do you really mean > https://de.wikipedia.org/wiki/Trivial_File_Transfer_Protocol > <https://de.wikipedia.org/wiki/Trivial_File_Transfer_Protocol> > [Mihir]>>This TFTP is a custom application written by us. The http headers > also > have custom attributes which are used by the backend application. > > haproxy version is > HA-Proxy version 1.5.11 2015/01/31
Could you try to update at least to the latest 1.5 or better to 1.8? https://www.haproxy.org/bugs/bugs-1.5.11.html > https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-rate-limit%20sessions > <https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-rate-limit%20sessions> > > [Mihir]>>I believe this only queues the packets right? Is there a way we could > tell the client to back off and retry after a bit (like a 503). This decision > based on the high number of requests. Yes it's possible but I haven't done it before. I would try this, but I hope that someone with more experience in this topic step forward and show us a working solution. https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-http-request https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.3-src_conn_rate http-request connection track-sc0 src http-request deny deny_status 503 if { src_conn_rate gt 10 } This lines are shameless copied from the examples in https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-tcp-request%20connection Regards Aleks > On Fri, May 11, 2018 at 1:58 AM, Aleksandar Lazic <al-hapr...@none.at > <mailto:al-hapr...@none.at>> wrote: > > Am 10.05.2018 um 18:27 schrieb Mihir Shirali: > > Hi Team, > > > > We have haproxy installed on a server which is being used primarily for > front > > ending TLS. After session establishment it sets certain headers in the > http > > request and forwards it to the application in the backend. The back end > > application is a tftp server and hence it can receive requests from a > large > > number of clients. > > Why do you add http header for a tftp service? > Do you really mean > https://de.wikipedia.org/wiki/Trivial_File_Transfer_Protocol > <https://de.wikipedia.org/wiki/Trivial_File_Transfer_Protocol> > > > What we observe on our server is that when we have large number of > clients > > haproxy gets quite busy and the CPU clocks pretty high. Since both > haproxy and > > our backend application run on the same server - this combined CPU can > get close > > to the limit. > > What we’d like to know is if there is a way to throttle the number of > requests > > per second. All the searches so far - seem to indicate that we could > rate limit > > based on src ip or http header. However, since our client ips will be > different > > in the real world we wont be able to use that (less recurrence) > > Could you please help? Is this possible? > > What's the output of haproxy -vv ? > There was some issues about high CPU Usage so maybe you will need to > update. > > Could this be a option? > > https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-rate-limit%20sessions > > <https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-rate-limit%20sessions> > > https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.3-src_updt_conn_cnt > > <https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.3-src_updt_conn_cnt> > > What's 'less recurrence' , hours, days? > > Regards > Aleks > > > > > -- > Regards, > Mihir