Hello,
On Fri, 13 Nov 2020 at 21:21, Willy Tarreau <w...@1wt.eu> wrote: > > > I'd suggest you run haproxy with noreuseport [1] temporarily, and > > > check if your kernel refuses to bind() to those IP's - it likely will. > > > This indicates an unsupported configuration (by your kernel, not by > > > haproxy). > > > > It indeed does fail. Hmmm, that's a shame as this was a really nice > > "feature" to have this fallback. I guess it's back to the drawing board > > unless you or anyone else have any other suggestions. > > OK so that confirms it. Well, you didn't lose anything it's just that > before the moment noreuseport was introduced, you simply did not benefit > from it. Note that for two sockets to support binding with SO_REUSEPORT, > *both* need to have it. So in your case if you value having it for whatever > reason, you may want to keep it enabled for one of the bind lines and > remove it on the other ones. I'm afraid noreuseport is a global option in haproxy. But the noreuseport was merely a suggestion to confirm that the kernel is not OK with this config. The change in behavior with conflicting sockets with SO_REUSEPORT enabled could be due to support for BPF (SO_ATTACH_REUSEPORT_CBPF) and eBPF (SO_ATTACH_REUSEPORT_EBPF) introduced in 4.5. Lukas