Dear list! Author: Sven Ulland <sven.ulland+git...@xeneta.com> Number of patches: 1
This is an automated relay of the Github pull request: MINOR: connection: add TCP keep-alive parameters Patch title(s): MINOR: connection: add TCP keep-alive parameters Link: https://github.com/haproxy/haproxy/pull/252 Edit locally: wget https://github.com/haproxy/haproxy/pull/252.patch && vi 252.patch Apply locally: curl https://github.com/haproxy/haproxy/pull/252.patch | git am - Description: Add configuration parameters to control TCP keep-alives: * tcp- keepalive-time: Idle time before keep-alive probes are sent * tcp- keepalive-interval: Interval between keep-alive probes * tcp- keepalive-count: Number of keep-alive probes to send before giving up Tested with TCP and HTTP, and with different settings in the default, listen, frontend and backend sections. Potential issues: * Only tested on Linux. * Darwin `#ifdef TCP_KEEPALIVE` implemented but untested. * No Windows support. Rationale: * HAProxy only allows enabling/disabling TCP keep- alives; not controlling parameters. * System default parameters controllable using sysctl. * System defaults apply to all connections. Default idle time: 7200 seconds, as required by RFC 1122. * The `sysctl` command does not work on Docker containers due to read- only procfs. * The Docker `privileged` flag could have worked, but is unsupported on AWS Fargate. * The Docker `sysctl` flag could have worked, but is unsupported on AWS Fargate. * The Docker Linux capability flags could have worked, but are unsupported on AWS Fargate. * I'm behind a Cisco Meraki NAT gateway that has a fixed TCP NAT timeout of 300 seconds, meaning connections are dropped before the TCP keep-alive idle time kicks in (default 7200 seconds on Linux). Meraki support confirms the fixed 300 second timeout. * Instead of requiring all clients to increase the TCP keep-alive probe frequency, fix it centrally by enabling parameters in HAProxy. Instructions: This github pull request will be closed automatically; patch should be reviewed on the haproxy mailing list (email@example.com). Everyone is invited to comment, even the patch's author. Please keep the author and list CCed in replies. Please note that in absence of any response this pull request will be lost.