I have to go to sleep :) for unknown reason I thought that you are out ot ephemeral ports due to rapid connection reopen (aka ephemeral ports exhaustion).
вт, 9 февр. 2021 г. в 01:04, Максим Куприянов <[email protected]>: > Илья, thanks for your answer! > > Sorry, but It seems to me I didn't make it clear: the problem is the data > received from these fast clients never reaches backends. But it should be > delivered in order to be saved. > > Maybe there is some way to delay acknowledging of the data received until > some backend is selected and connected to session? > > > пн, 8 февр. 2021 г. в 22:56, Илья Шипицин <[email protected]>: > >> I think it is "4. Client disconnects (FIN, FIN-ACK)" >> if client would send RST instead of FIN, port would have been released >> immediately. >> >> >> https://stackoverflow.com/questions/13049828/fin-vs-rst-in-tcp-connections >> >> RST is much better for short living connections. >> >> пн, 8 февр. 2021 г. в 22:17, Максим Куприянов <[email protected] >> >: >> >>> Hi! >>> >>> I faced a problem dealing with l4 (tcp mode) haproxy-based proxy over >>> Graphite's component receiving metrics from clients and clients who are >>> connecting just to send one or two Graphite-metrics and disconnecting right >>> after. >>> >>> It looks like this >>> 1. Client connects to haproxy (SYN/SYN-ACK/ACK) >>> 2. Client sends one line of metric >>> 3. Haproxy acknowledges receiving this line (ACK to client) >>> 4. Client disconnects (FIN, FIN-ACK) >>> 5. Haproxy writes 1/-1/0/0 CC-termination state to log without even >>> trying to connect to a backend and send client's data to it. >>> 6. Metric is lost :( >>> >>> If the client is slow enough between steps 1 and 2 or it sends a bunch >>> of metrics so haproxy has time to connect to a backend – everything works >>> like a charm. >>> >>> How can I deal with these send-and-forget clients? >>> >>> Example. First column is a time delta in seconds between packets >>> 0.000000 client haproxy TCP 100 58664 → 2024 [SYN] Seq=0 Win=65535 >>> Len=0 MSS=1220 WS=64 TSval=904701415 TSecr=0 SACK_PERM=1 >>> 0.000015 haproxy client TCP 96 2024 → 58664 [SYN, ACK] Seq=0 Ack=1 >>> Win=65535 Len=0 MSS=8840 SACK_PERM=1 TSval=276942420 TSecr=904701415 WS=2048 >>> 0.019105 client haproxy TCP 88 58664 → 2024 [ACK] Seq=1 Ack=1 >>> Win=131264 Len=0 TSval=904701434 TSecr=276942420 >>> 0.000090 client haproxy TCP 151 58664 → 2024 [PSH, ACK] Seq=1 Ack=1 >>> Win=131264 Len=63 TSval=904701434 TSecr=276942420 >>> 0.000012 haproxy client TCP 88 2024 → 58664 [ACK] Seq=1 Ack=64 >>> Win=65536 Len=0 TSval=276942439 TSecr=904701434 >>> 0.000150 client haproxy TCP 88 58664 → 2024 [FIN, ACK] Seq=64 Ack=1 >>> Win=131264 Len=0 TSval=904701434 TSecr=276942420 >>> 0.000058 haproxy client TCP 88 2024 → 58664 [FIN, ACK] Seq=1 Ack=65 >>> Win=65536 Len=0 TSval=276942439 TSecr=904701434 >>> >>> haproxy -vv >>> HA-Proxy version 2.2.8-1 2021/01/28 - https://haproxy.org/ >>> Status: long-term supported branch - will stop receiving fixes around Q2 >>> 2025. >>> Known bugs: http://www.haproxy.org/bugs/bugs-2.2.8.html >>> Running on: Linux 4.19.91-22 #1 SMP Wed Dec 25 14:25:55 UTC 2019 x86_64 >>> Build options : >>> TARGET = linux-glibc >>> CPU = generic >>> CC = gcc >>> CFLAGS = -O2 -g -O2 -fPIE -fstack-protector-strong -Wformat >>> -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -Wall -Wextra >>> -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare >>> -Wno-unused-parameter -Wno-clobbered -Wno-missing-field-initializers >>> -Wtype-limits >>> OPTIONS = USE_PCRE2=1 USE_PCRE2_JIT=1 USE_GETADDRINFO=1 USE_OPENSSL=1 >>> USE_LUA=1 USE_ZLIB=1 USE_TFO=1 USE_SYSTEMD=1 >>> DEBUG = >>> >>> Feature list : +EPOLL -KQUEUE +NETFILTER -PCRE -PCRE_JIT +PCRE2 >>> +PCRE2_JIT +POLL -PRIVATE_CACHE +THREAD -PTHREAD_PSHARED +BACKTRACE >>> -STATIC_PCRE -STATIC_PCRE2 +TPROXY +LINUX_TPROXY +LINUX_SPLICE +LIBCRYPT >>> +CRYPT_H +GETADDRINFO +OPENSSL +LUA +FUTEX +ACCEPT4 -CLOSEFROM +ZLIB -SLZ >>> +CPU_AFFINITY +TFO +NS +DL +RT -DEVICEATLAS -51DEGREES -WURFL +SYSTEMD >>> -OBSOLETE_LINKER +PRCTL +THREAD_DUMP -EVPORTS >>> >>> Default settings : >>> bufsize = 16384, maxrewrite = 1024, maxpollevents = 200 >>> >>> Built with multi-threading support (MAX_THREADS=64, default=32). >>> Built with OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016 >>> Running on OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016 >>> OpenSSL library supports TLS extensions : yes >>> OpenSSL library supports SNI : yes >>> OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 >>> Built with Lua version : Lua 5.3.1 >>> Built with network namespace support. >>> Built with zlib version : 1.2.8 >>> Running on zlib version : 1.2.8 >>> Compression algorithms supported : identity("identity"), >>> deflate("deflate"), raw-deflate("deflate"), gzip("gzip") >>> Built with transparent proxy support using: IP_TRANSPARENT >>> IPV6_TRANSPARENT IP_FREEBIND >>> Built with PCRE2 version : 10.21 2016-01-12 >>> PCRE2 library supports JIT : yes >>> Encrypted password support via crypt(3): yes >>> Built with gcc compiler version 5.4.0 20160609 >>> Built with the Prometheus exporter as a service >>> >>> Available polling systems : >>> epoll : pref=300, test result OK >>> poll : pref=200, test result OK >>> select : pref=150, test result OK >>> Total: 3 (3 usable), will use epoll. >>> >>> Available multiplexer protocols : >>> (protocols marked as <default> cannot be specified using 'proto' keyword) >>> fcgi : mode=HTTP side=BE mux=FCGI >>> <default> : mode=HTTP side=FE|BE mux=H1 >>> h2 : mode=HTTP side=FE|BE mux=H2 >>> <default> : mode=TCP side=FE|BE mux=PASS >>> >>> Available services : prometheus-exporter >>> Available filters : >>> [SPOE] spoe >>> [COMP] compression >>> [TRACE] trace >>> [CACHE] cache >>> [FCGI] fcgi-app >>> >>> -- >>> Best regards, >>> Maksim Kupriianov >>> >>> >>> >>> >>>
