LPO Master Class led by Deepak Malhotra, Chief Legal Administrative Officer and Global Counsel at Fusion Universal
Dear Reader, We at Global Outsourcing Association of Lawyers invite you to participate in our very powerful LPO Master Class led by Deepak Malhotra, Chief Legal Officer Global Counsel at Fusion Universal, UK. Date: 25 April 2012 Time: 9:00 am PDT/12:00 pm EDT (100-120 minutes) Topic: LPO Business Models: Determining which Makes Most Sense for your Business Needs and Goals Fee: Yes Please let me know if you are interested. I'll be glad to discuss more information. Thank You Mitchell Jones Head - Operations Global Outsourcing Association of Lawyers (GOAL) PS: Kindly join our very special group - Global Outsourcing Association of Lawyers (GOAL) at LinkedIn to network with the legal/IP outsourcing world. To unsubscribe, reply with Unsubscribe in the subject line.
haproxy ssh transparent proxy
Sorry for i'm new in haproxy,there is my problem i wanna haproxy to proxy any non-http traffic. And there is my config about it listen tcp-in bind 192.168.137.18: mode tcp tcp-request inspect-delay 5s tcp-request content accept if HTTP use_backend SquidClusters if HTTP default_backend Non-http if !HTTP ##default let any non-http traffic behave like's self, backend Non-http mode tcp log global timeout server 1h server directserver 0.0.0.0 but it's doesn't work. Is there any one help me?
Missing log entries
Hello, I am observing some strange behaviour with haproxy and logging on Ubuntu Oneiric. haproxy is setup to log to /dev/log and logs successfully appear in /var/log/syslog (via rsyslog). Well, some of them do. Some just don't. If I look on the servers we are proxying/load balancing I can see requests in their logs but they aren't in the haproxy output in /var/log/syslog. I've also noticed that if I do a wget then the entries appear, however from a browser they don't appear. I've also noticed that the entries in haproxy aren't always in the server logs and the entries in the server logs often aren't in haproxy. Any help is much appreciated. We are using HA-Proxy version 1.4.15 2011/04/08 This is our configuration: global daemon maxconn 256 log /dev/log local0 defaults mode http timeout connect 5000ms timeout client 5ms timeout server 5ms option httplog frontend http-in bind *:80 default_backend servers log global backend servers server one one:8080 server two two:8080 Thanks Peter -- Peter Gillard-Moss Developer | ThoughtWorks Studios | Technical Solutions http://www.thoughtworks-studios.com
Re: Performance optimization on VMWare VM's
Hi, How important is it to assign a specific NIC to the single haproxy vm with physical passthrough? Best regards Sebastian On 16.04.2012 07:01, Baptiste wrote: Hey, You have to reserve resources for the VM. FYI, At exceliance, we were able to go up to 55K rps in a VM on a core i7. You'll need to tune your sysctl as well. cheers On Sun, Apr 15, 2012 at 6:30 PM, Willy Tarreauw...@1wt.eu wrote: On Sun, Apr 15, 2012 at 05:35:59PM +0200, Lukas Tribus wrote: Does that mean Sandy/Ivy Bridge based Intel Platforms can't be undoubtedly recommended for high performance usage with haproxy or is there a workaround? It's never all white or black. It also depends on the L3 cache latency. My experience with first gen i5 CPUs is quite good and much better than with the 12-core AMD 6172. What platform would you recommend for a new setup? i3/i5 are really good performers. Pick one with a high frequency and you should be fine. Regards, Willy
HAProxy Hardware LB
Hi, I'm trying to build a small size loadbalancing maschine which fit's into a small 19 rackmountable case. Are there any experiences which some specific hardware, for example ATOM boards or something similiar? Can someone recomment anything special? Best regards Sebastian
HAProxy high SLAB_CACHE
Hi Team, Configured HAProxy for bunch of web servers. It was working smoothly until one fine day I found that on the server where haproxy is running memory utilisation is getting high everyday. Biggest chunk in the memory consumption is in slab_cache which is utilising 90% to 95% of total memory. Server started using Swap and performance degraded. Running Below configuration OS - Debian 6.0.4 squeeze RAM - 6GB CPU - Pentium D 3.00GHz HAProxy - HA-Proxy version 1.4.19 2012/01/07 #free -m total used free sharedbuffers cached Mem: 5959 5780178 0 3 26 -/+ buffers/cache: 5749209 Swap: 5119102 5017 Have a nice time, Gourav Joshi Have a look at www.linuxquestions.in
Re: nginx alone performs x2 than haproxy-nginx
On 29/04/2012 20:01, Willy Tarreau wrote: What I could suggest would be : - reduce /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_time_wait to 30s - increase /proc/sys/net/netfilter/nf_conntrack_max to 524288 conns. - increase hashsize to 131072 buckets. This will help you support up to 8700 conn/s without trouble. You just need to scale the latter two settings accordingly if you plan to go higher. You could also disable connection tracking all together using the NOTRACK target in the raw table. iptables -t raw -A PREROUTING -p tcp --dport 80 -j NOTRACK iptables -t raw -A PREROUTING -p tcp --dport 443 -j NOTRACK Note however that you will no longer be able to carry out any connection tracking logic on matched packes, including no NAT, syncookie protection, etc. Jinn
Re: nginx alone performs x2 than haproxy-nginx
On Wed, May 02, 2012 at 03:40:58PM +0200, Lukas Tribus wrote: Note however that you will no longer be able to carry out any connection tracking logic on matched packes, including no NAT, syncookie protection, etc. Are you sure syncookie protection doesn't work with -j NOTRACK? I don't believe syncookie has anything to do with conntrack at all, in fact, if syncookies would be stateful, they would be totally useless. You're right Lukas, syncookies are independant on conntrack, they're applied on the socket itself, as soon as the backlog is full. Willy
Re: HAProxy and SSL traffic termination
On Wed, May 2, 2012 at 3:46 PM, Alexander Kamardash alexander.kamard...@trusteer.com wrote: Hi, We want to perform LB, SSL termination and L7 on HAProxy. Could you please advise the best approach for it? We are interested in max performance and not complicated configuration. If you are already running such configuration, pls share what is the max connection rate you reach. - Alexander Hi, If you can wait a bit, HAProxy will do SSL endpoint for you. Waiting that, either nginx or stud looks to perform quite well. cheers
Re: Performance optimization on VMWare VM's
Hey, If you really need to do that for performance purpose, then you should dedicate a server to your LB... cheers On Wed, May 2, 2012 at 12:58 PM, Sebastian Fohler i...@far-galaxy.de wrote: Hi, How important is it to assign a specific NIC to the single haproxy vm with physical passthrough? Best regards Sebastian On 16.04.2012 07:01, Baptiste wrote: Hey, You have to reserve resources for the VM. FYI, At exceliance, we were able to go up to 55K rps in a VM on a core i7. You'll need to tune your sysctl as well. cheers On Sun, Apr 15, 2012 at 6:30 PM, Willy Tarreauw...@1wt.eu wrote: On Sun, Apr 15, 2012 at 05:35:59PM +0200, Lukas Tribus wrote: Does that mean Sandy/Ivy Bridge based Intel Platforms can't be undoubtedly recommended for high performance usage with haproxy or is there a workaround? It's never all white or black. It also depends on the L3 cache latency. My experience with first gen i5 CPUs is quite good and much better than with the 12-core AMD 6172. What platform would you recommend for a new setup? i3/i5 are really good performers. Pick one with a high frequency and you should be fine. Regards, Willy
Re: Missing log entries
Hi, You should enable http-server-close option in both frontend and backend or in defaults section. Otherwise, the first request is the only logged (tunnel mode). cheers On Wed, May 2, 2012 at 12:53 PM, Peter Gillard-Moss pgill...@thoughtworks.com wrote: Hello, I am observing some strange behaviour with haproxy and logging on Ubuntu Oneiric. haproxy is setup to log to /dev/log and logs successfully appear in /var/log/syslog (via rsyslog). Well, some of them do. Some just don't. If I look on the servers we are proxying/load balancing I can see requests in their logs but they aren't in the haproxy output in /var/log/syslog. I've also noticed that if I do a wget then the entries appear, however from a browser they don't appear. I've also noticed that the entries in haproxy aren't always in the server logs and the entries in the server logs often aren't in haproxy. Any help is much appreciated. We are using HA-Proxy version 1.4.15 2011/04/08 This is our configuration: global daemon maxconn 256 log /dev/log local0 defaults mode http timeout connect 5000ms timeout client 5ms timeout server 5ms option httplog frontend http-in bind *:80 default_backend servers log global backend servers server one one:8080 server two two:8080 Thanks Peter -- Peter Gillard-Moss Developer | ThoughtWorks Studios | Technical Solutions http://www.thoughtworks-studios.com
Re: Rate limiting based on backend response
Hi, Currently, you can only do this based on source IP address. I know Willy is working to improve this and in1.5-dev9 you'll be able to do it, since you'll be able to track any users using strings (ie your token) then apply conn_rate or sess_rate, http_req_rate, etc... using gpc0 as a trigger. cheers On Wed, May 2, 2012 at 5:47 AM, Ben Hood 0x6e6...@gmail.com wrote: Hi, I was wondering if HAProxy has the capability to rate limit HTTP POSTs based on the response from the backend. The clients identify themselves with an token passed as query parameter in the POST. I would like to implement the business logic for calculating rate limits in my backend app. If the backend decides that a limit has been breached for a particular client token, it would response with a certain non-2xx code and would supply a TTL value to express the period of time that the client will be throttled. Hence I was wondering whether it is possible to configure HAProxy to cache the fact that a given client token is to be throttled for the period expressed by the TTL. Any help is appreciated, Cheers, Ben
Re: Possible to healthy check backend server's link speed?
Hi, There s a timeout check you can try to play with, as well as the classical options like inter, rise and fall. cheers On Tue, May 1, 2012 at 5:13 PM, Igor j...@owind.com wrote: Hi, Sometimes, some backend servers' link quality become very poor ( test by wget a test file from server), they look like very well except download link quality, so the regular way(option httpchk GET / | http-check expect status 400) to check healthy can't handle this situation, is there a way to fix this by haproxy, or I should do shell script monitor instead? Bests, -Igor
Re: HAProxy and SSL traffic termination
A fairly easy configuration is to have Pound SSL sitting in front of HAProxy. I don't have benchmark numbers, but the configuration is fairly simple: Pound:443 - Haproxy:80 (or really any tcp port that haproxy is listening on) Here's most of my pound.cfg file: ListenHTTPS Address 0.0.0.0 Port443 # Obviously, adjust this to point to wherever your ssl cert is Cert/etc/ssl/yourssl.pem End Service Backend # in this configuration, haproxy is sitting on the same server as pound Address 127.0.0.1 Port 80 End End On Wed, May 2, 2012 at 3:00 PM, Baptiste bed...@gmail.com wrote: On Wed, May 2, 2012 at 3:46 PM, Alexander Kamardash alexander.kamard...@trusteer.com wrote: Hi, We want to perform LB, SSL termination and L7 on HAProxy. Could you please advise the best approach for it? We are interested in max performance and not complicated configuration. If you are already running such configuration, pls share what is the max connection rate you reach. - Alexander Hi, If you can wait a bit, HAProxy will do SSL endpoint for you. Waiting that, either nginx or stud looks to perform quite well. cheers