date:20131010

Re: webdav

2013-10-10 Thread Sander Klein


Wicked, thanks for your answer.

Sander

On 10.10.2013 00:03, Bryan Talbot wrote:

I've used it in front of SVN running in apache httpd and proxy in
http mode with ssl.  works great.

-Bryan

 On Wed, Oct 9, 2013 at 1:59 AM, Sander Klein roe...@roedie.nl 
wrote:



Hey Baptiste,

We want to use it in front of svn and git. We wont actually do any 
load balancing with it. We just want to use haproxy for a single entry 
point to the repositories.


Greets,

Sander

On 09.10.2013 09:31, Baptiste wrote:


Hi Sander,

As long as webdav respect HTTP RFC, there won't be any issues at 
all.


Which product are you targeting for your webdav deployment?

Baptiste

On Wed, Oct 9, 2013 at 8:57 AM, Sander Klein roe...@roedie.nl 
wrote:



Hi,

Is it possible to use webdav with haproxy while in http mode? Or 
dou I have

to use tcp mode for that?

Regards,

Sander

L'investissement le plus rentable et le plus sure

2013-10-10 Thread Investissement Ehpad

Title: ehpad
	Ehpad : L' investissement immobilier avec 11 % de rduction d'impôt sans risque locatif	Le dispositif ehpad, qui tire sa spcificit de la loi Bouvard et du rgime de la location meuble non professionnelle, est devenu encore plus incitatif ces dernières annes.		C’est aujourd'hui « un parfait outil de dfiscalisation».		Il a pour avantage de permettre aux investisseurs individuels de bnficier : 			D'une rduction d'impôt de 11 % jusqu'à 300 000 euros tale sur neuf ans ehpad		De rcuprer le montant total de la TVA à 19,6 % investissement ehpad		De profiter en outre d'une imposition favorable des loyers ehpad		Avec une rentabilit assure aux alentours de 4,50 % à 5,50 % par an, l'investissement en Ehpad permet de bnficier d'un revenu à long terme.		Les particuliers qui dsirent investir en un programme Ehpad ou de la defiscalisation expatris peuvent se constituer un revenu complmentaire pour leur retraite mais galement rduire leur taux d'imposition.		De fait, cet investissement permet de bnficier d'une rduction d'impôt de 11% du prix d'acquisition.		Ehpad propose aussi des programmes dedefiscalisation solidaire		L'investissement EHPAD permet de bnficier de nombreux avantages fiscaux et financiers à condition de slectionner ses partenaires avec prcaution.	C'est entre autres sur ce point que nous vous accompagnons.	L'investissement immobilier avec11% de rduction d'impôt sans risque locatif = L'EHPADPour savoir si vous pouvez bnficier de cet investissement, contactez nous sans aucun engagement	PS: la seule condition, est d'avoir un revenu minimum de 2 500  par foyer ! 		A tout de suite, 		Service EHPAD France

Load Balancer Replacement

2013-10-10 Thread Shervey, William E

Just reading some of your work online that discusses replacing load balancers 
with haproxy.

It looks like a great solution.  http://haproxy.1wt.eu/

Unfortunately I am simply not smart enough to weed through the architecture 
details to decide whether the tool will work in my environment.

Perhaps you can provide some insight for me.

My servers are VM's and they run Windows Server 2008 R2.

I am currently using load balancers and they sometimes introduce latency that 
causes primary servers to failover to secondary servers.

I'm wondering if haproxy or one of the other suggestions in the Other 
Solutions section would work for me?

Any input appreciated.


Thanks,
Bill Shervey

Work: 321 499-2544
Cell:321 576-2629

Business Resiliency Technology Support
Corporate Business Resiliency Strategic Initiative
Lockheed Martin - Enterprise Business Services

[cid:image001.png@01CEC5AF.BF75F350]

inline: image001.png

Delays from HAProxy

2013-10-10 Thread Andy M.

Hello,

I am trying to configure an HAProxy And seem to be running into a problem
where the HAProxy will spike.  I have a high throughput server cluster,
which will need to handle about 10-20k QPS.  I believe that HAProxy should
be able to handle that quite easily from what I have read.  I am running
HAProxy on Ubuntu 12.04LTS.  I am running an a Xeon 1270, with 8GB of
RAM(Which i believe is all overkill).  I am doing a simple load balance
between two or three servers(I have two server clusters, one with two
servers, one with three).  I am running 1.4.24.

The reason I believe something is wrong with my haproxy is because I can
refresh my webpage a few times, and every 4-5 times I will be get a spike
around 800ms-3sec to resolve.  This also happens when not hitting my
backend server, and instead hitting the HAProxy stats page.  None of my
servers are anywhere close to using up their system resources(all below 20%
in both memory and CPU).  I don't see much in the syslog that seems wrong
other than this message:

Oct 10 16:48:28 haproxy rsyslogd-2177: imuxsock begins to drop message 3912
due to rate-limiting

I believe that has to do with the logging not being able to keep up, rather
than haproxy dropping packets.

I was wondering if  there were any suggestions for me to look into to try
and fix my problem, or suggest how to configure a HAProxy correctly to be
able to handle the load I need(preferably higher than the load I need, as
this may increase over time).  I am open to changing operating systems if
need be as well.

Here are my two config files:

global
   log /dev/log   local0 info
   log /dev/log   local0 notice
   maxconn 5
   user y
   group y
   #debug

defaults
   log global
   modehttp
   option  httplog
   option  dontlognull
   option  forwardfor
   retries 3
   option redispatch
   option http-server-close
   maxconn 3
   contimeout  1
   clitimeout  5
   srvtimeout  5
   balance leastconn

listen  c_cluster 255.255.255.146:80
maxconn 3
server  c1 10.101.13.74:80 maxconn 1
server  c2 10.101.13.78:80 maxconn 1
server  c3 10.101.13.82:80 maxconn 1
listen  stats :
mode http
stats enable
stats hide-version
stats uri /


and

# this config needs haproxy-1.1.28 or haproxy-1.2.1
global
   log /dev/log   local0 info
   log /dev/log   local0 notice
   maxconn 2
   user y
   group y
   #debug

defaults
   log global
   modehttp
   option  httplog
   option  dontlognull
   option  forwardfor
   retries 3
   option redispatch
   option http-server-close
   maxconn 2
   contimeout  1
   clitimeout  5
   srvtimeout  5
   balance leastconn

listen  a_cluster 255.255.255.151:80
maxconn 2
server  a1 10.101.13.68:80 maxconn 1
server  a2 10.101.13.66:80 maxconn 1
listen  stats :
mode http
stats enable
stats hide-version
stats uri /


My sysctl.conf has the following changes:

fs.file-max = 100
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1

Thank you,

Andy

Re: Delays from HAProxy

2013-10-10 Thread Pär Åslund

Hi Andy,

Can't see anything wrong with your configuration.
How about the server running haproxy? anything about that regarding cpu etc?

I wouldn't be using net.ipv4.tcp_tw_recycle = 1
tw_recycle is a bit dodgy and can give some unwanted side-effects.
tw_reuse = 1 should be sufficient.

How does a tcpdump look? Since you get this issue on the stats get a dump
on that.

What setting are there on the box regarding SYN backlog?
net.core.somaxconn  net.ipv4.tcp_max_syn_backlog

Best regards,
pelle


On Thu, Oct 10, 2013 at 7:16 PM, Andy M. ajm2...@gmail.com wrote:

 Hello,

 I am trying to configure an HAProxy And seem to be running into a problem
 where the HAProxy will spike.  I have a high throughput server cluster,
 which will need to handle about 10-20k QPS.  I believe that HAProxy should
 be able to handle that quite easily from what I have read.  I am running
 HAProxy on Ubuntu 12.04LTS.  I am running an a Xeon 1270, with 8GB of
 RAM(Which i believe is all overkill).  I am doing a simple load balance
 between two or three servers(I have two server clusters, one with two
 servers, one with three).  I am running 1.4.24.

 The reason I believe something is wrong with my haproxy is because I can
 refresh my webpage a few times, and every 4-5 times I will be get a spike
 around 800ms-3sec to resolve.  This also happens when not hitting my
 backend server, and instead hitting the HAProxy stats page.  None of my
 servers are anywhere close to using up their system resources(all below 20%
 in both memory and CPU).  I don't see much in the syslog that seems wrong
 other than this message:

 Oct 10 16:48:28 haproxy rsyslogd-2177: imuxsock begins to drop message
 3912 due to rate-limiting

 I believe that has to do with the logging not being able to keep up,
 rather than haproxy dropping packets.

 I was wondering if  there were any suggestions for me to look into to try
 and fix my problem, or suggest how to configure a HAProxy correctly to be
 able to handle the load I need(preferably higher than the load I need, as
 this may increase over time).  I am open to changing operating systems if
 need be as well.

 Here are my two config files:

 global
log /dev/log   local0 info
log /dev/log   local0 notice
maxconn 5
user y
group y
#debug

 defaults
log global
modehttp
option  httplog
option  dontlognull
option  forwardfor
retries 3
option redispatch
option http-server-close
maxconn 3
contimeout  1
clitimeout  5
srvtimeout  5
balance leastconn

 listen  c_cluster 255.255.255.146:80
 maxconn 3
 server  c1 10.101.13.74:80 maxconn 1
 server  c2 10.101.13.78:80 maxconn 1
 server  c3 10.101.13.82:80 maxconn 1
 listen  stats :
 mode http
 stats enable
 stats hide-version
 stats uri /


 and

 # this config needs haproxy-1.1.28 or haproxy-1.2.1
 global
log /dev/log   local0 info
log /dev/log   local0 notice
maxconn 2
user y
group y
#debug

 defaults
log global
modehttp
option  httplog
option  dontlognull
option  forwardfor
retries 3
option redispatch
option http-server-close
maxconn 2
contimeout  1
clitimeout  5
srvtimeout  5
balance leastconn

 listen  a_cluster 255.255.255.151:80
 maxconn 2
 server  a1 10.101.13.68:80 maxconn 1
 server  a2 10.101.13.66:80 maxconn 1
 listen  stats :
 mode http
 stats enable
 stats hide-version
 stats uri /


 My sysctl.conf has the following changes:

 fs.file-max = 100
 net.ipv4.tcp_tw_reuse = 1
 net.ipv4.tcp_tw_recycle = 1

 Thank you,

 Andy

Fwd: Delays from HAProxy

2013-10-10 Thread Andy M.

Thanks for the response pelle,

The haproxy box is running at about 10-15% cpu.

Looking at the TCP Dump, it seems the client is doing 1 or more
TCP_Retransmissions of the incoming request when there is a delay.  Anyone
know why this would happen?

Here is the requested information:
root@haproxy:~# sysctl net.core.somaxconn
net.core.somaxconn = 128
root@haproxy:~# sysctl net.ipv4.tcp_max_syn_backlog
net.ipv4.tcp_max_syn_backlog = 2048

I removed the tcp_tw_recycle, but this did not change anything

Thank you,

Andy



On Thu, Oct 10, 2013 at 1:58 PM, Pär Åslund psl...@gmail.com wrote:

 Hi Andy,

 Can't see anything wrong with your configuration.
 How about the server running haproxy? anything about that regarding cpu
 etc?

 I wouldn't be using net.ipv4.tcp_tw_recycle = 1
 tw_recycle is a bit dodgy and can give some unwanted side-effects.
 tw_reuse = 1 should be sufficient.

 How does a tcpdump look? Since you get this issue on the stats get a dump
 on that.

  What setting are there on the box regarding SYN backlog?
 net.core.somaxconn  net.ipv4.tcp_max_syn_backlog

 Best regards,
 pelle


 On Thu, Oct 10, 2013 at 7:16 PM, Andy M. ajm2...@gmail.com wrote:

 Hello,

 I am trying to configure an HAProxy And seem to be running into a problem
 where the HAProxy will spike.  I have a high throughput server cluster,
 which will need to handle about 10-20k QPS.  I believe that HAProxy should
 be able to handle that quite easily from what I have read.  I am running
 HAProxy on Ubuntu 12.04LTS.  I am running an a Xeon 1270, with 8GB of
 RAM(Which i believe is all overkill).  I am doing a simple load balance
 between two or three servers(I have two server clusters, one with two
 servers, one with three).  I am running 1.4.24.

 The reason I believe something is wrong with my haproxy is because I can
 refresh my webpage a few times, and every 4-5 times I will be get a spike
 around 800ms-3sec to resolve.  This also happens when not hitting my
 backend server, and instead hitting the HAProxy stats page.  None of my
 servers are anywhere close to using up their system resources(all below 20%
 in both memory and CPU).  I don't see much in the syslog that seems wrong
 other than this message:

 Oct 10 16:48:28 haproxy rsyslogd-2177: imuxsock begins to drop message
 3912 due to rate-limiting

 I believe that has to do with the logging not being able to keep up,
 rather than haproxy dropping packets.

 I was wondering if  there were any suggestions for me to look into to try
 and fix my problem, or suggest how to configure a HAProxy correctly to be
 able to handle the load I need(preferably higher than the load I need, as
 this may increase over time).  I am open to changing operating systems if
 need be as well.

 Here are my two config files:

 global
log /dev/log   local0 info
log /dev/log   local0 notice
maxconn 5
user y
group y
#debug

 defaults
log global
modehttp
option  httplog
option  dontlognull
option  forwardfor
retries 3
option redispatch
option http-server-close
maxconn 3
contimeout  1
clitimeout  5
srvtimeout  5
balance leastconn

 listen  c_cluster 255.255.255.146:80
 maxconn 3
 server  c1 10.101.13.74:80 maxconn 1
 server  c2 10.101.13.78:80 maxconn 1
 server  c3 10.101.13.82:80 maxconn 1
 listen  stats :
 mode http
 stats enable
 stats hide-version
 stats uri /


 and

 # this config needs haproxy-1.1.28 or haproxy-1.2.1
 global
log /dev/log   local0 info
log /dev/log   local0 notice
maxconn 2
user y
group y
#debug

  defaults
log global
modehttp
option  httplog
option  dontlognull
option  forwardfor
retries 3
option redispatch
option http-server-close
maxconn 2
contimeout  1
clitimeout  5
srvtimeout  5
balance leastconn

 listen  a_cluster 255.255.255.151:80
 maxconn 2
 server  a1 10.101.13.68:80 maxconn 1
 server  a2 10.101.13.66:80 maxconn 1
 listen  stats :
 mode http
 stats enable
 stats hide-version
 stats uri /


 My sysctl.conf has the following changes:

 fs.file-max = 100
 net.ipv4.tcp_tw_reuse = 1
 net.ipv4.tcp_tw_recycle = 1

 Thank you,

 Andy

Re: Delays from HAProxy

2013-10-10 Thread Andy M.

Thanks for the response pelle,

The haproxy box is running at about 10-15% cpu.

Looking at the TCP Dump, it seems the client is doing 1 or more
TCP_Retransmissions of the incoming request when there is a delay.  Anyone
know why this would happen?

Here is the requested information:
root@haproxy:~# sysctl net.core.somaxconn
net.core.somaxconn = 128
root@haproxy:~# sysctl net.ipv4.tcp_max_syn_backlog
net.ipv4.tcp_max_syn_backlog = 2048

I removed the tcp_tw_recycle, but this did not change anything

Thank you,

Andy


On Thu, Oct 10, 2013 at 3:44 PM, Andy M. ajm2...@gmail.com wrote:

 Thanks for the response pelle,

 The haproxy box is running at about 10-15% cpu.

 Looking at the TCP Dump, it seems the client is doing 1 or more
 TCP_Retransmissions of the incoming request when there is a delay.  Anyone
 know why this would happen?

 Here is the requested information:
 root@haproxy:~# sysctl net.core.somaxconn
 net.core.somaxconn = 128
 root@haproxy:~# sysctl net.ipv4.tcp_max_syn_backlog
 net.ipv4.tcp_max_syn_backlog = 2048

 I removed the tcp_tw_recycle, but this did not change anything

 Thank you,

 Andy



 On Thu, Oct 10, 2013 at 1:58 PM, Pär Åslund psl...@gmail.com wrote:

 Hi Andy,

 Can't see anything wrong with your configuration.
 How about the server running haproxy? anything about that regarding cpu
 etc?

 I wouldn't be using net.ipv4.tcp_tw_recycle = 1
 tw_recycle is a bit dodgy and can give some unwanted side-effects.
 tw_reuse = 1 should be sufficient.

 How does a tcpdump look? Since you get this issue on the stats get a dump
 on that.

  What setting are there on the box regarding SYN backlog?
 net.core.somaxconn  net.ipv4.tcp_max_syn_backlog

 Best regards,
 pelle


 On Thu, Oct 10, 2013 at 7:16 PM, Andy M. ajm2...@gmail.com wrote:

 Hello,

 I am trying to configure an HAProxy And seem to be running into a
 problem where the HAProxy will spike.  I have a high throughput server
 cluster, which will need to handle about 10-20k QPS.  I believe that
 HAProxy should be able to handle that quite easily from what I have read.
  I am running HAProxy on Ubuntu 12.04LTS.  I am running an a Xeon 1270,
 with 8GB of RAM(Which i believe is all overkill).  I am doing a simple load
 balance between two or three servers(I have two server clusters, one with
 two servers, one with three).  I am running 1.4.24.

 The reason I believe something is wrong with my haproxy is because I can
 refresh my webpage a few times, and every 4-5 times I will be get a spike
 around 800ms-3sec to resolve.  This also happens when not hitting my
 backend server, and instead hitting the HAProxy stats page.  None of my
 servers are anywhere close to using up their system resources(all below 20%
 in both memory and CPU).  I don't see much in the syslog that seems wrong
 other than this message:

 Oct 10 16:48:28 haproxy rsyslogd-2177: imuxsock begins to drop message
 3912 due to rate-limiting

 I believe that has to do with the logging not being able to keep up,
 rather than haproxy dropping packets.

 I was wondering if  there were any suggestions for me to look into to
 try and fix my problem, or suggest how to configure a HAProxy correctly to
 be able to handle the load I need(preferably higher than the load I need,
 as this may increase over time).  I am open to changing operating systems
 if need be as well.

 Here are my two config files:

 global
log /dev/log   local0 info
log /dev/log   local0 notice
maxconn 5
user y
group y
#debug

 defaults
log global
modehttp
option  httplog
option  dontlognull
option  forwardfor
retries 3
option redispatch
option http-server-close
maxconn 3
contimeout  1
clitimeout  5
srvtimeout  5
balance leastconn

 listen  c_cluster 255.255.255.146:80
 maxconn 3
 server  c1 10.101.13.74:80 maxconn 1
 server  c2 10.101.13.78:80 maxconn 1
 server  c3 10.101.13.82:80 maxconn 1
 listen  stats :
 mode http
 stats enable
 stats hide-version
 stats uri /


 and

 # this config needs haproxy-1.1.28 or haproxy-1.2.1
 global
log /dev/log   local0 info
log /dev/log   local0 notice
maxconn 2
user y
group y
#debug

  defaults
log global
modehttp
option  httplog
option  dontlognull
option  forwardfor
retries 3
option redispatch
option http-server-close
maxconn 2
contimeout  1
clitimeout  5
srvtimeout  5
balance leastconn

 listen  a_cluster 255.255.255.151:80
 maxconn 2
 server  a1 10.101.13.68:80 maxconn 1
 server  a2 10.101.13.66:80 maxconn 1
 listen  stats :
 mode http
 stats enable

Need help with 1.5 crashing when browser refreshed

2013-10-10 Thread Kevin

I am having an issue with the 1.5dev19 and the latest snapshot. It crashes 
sometimes when loading our site. It’s repeatable simply by refreshing the 
browser several times rapidly. 

I’ve tried using poll instead of kqueue and there was no change. Version 1.4 
does not display the problem.

I was hoping to get some help debugging this if possible. I’m not that familiar 
with the current C tools, but have some experience from years ago so if someone 
would point me to some info on setting this up to run in a debugger I’ll look 
into it further.

Thanks,
Kevin 


Process: haproxy [36011]
Path:/usr/local/Cellar/haproxy/1.5-dev19/bin/haproxy
Identifier:  haproxy
Version: 0
Code Type:   X86-64 (Native)
Parent Process:  launchd [1]
User ID: 0

Date/Time:   2013-10-10 10:53:42.811 -0500
OS Version:  Mac OS X 10.8.5 (12F37)
Report Version:  10

Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x

VM Regions Near 0x:
-- shared memory  7fe1b000-7fe1c000 [4K] r-x/r-x 
SM=SHM  


Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   haproxy 0x00010d6ffc8c session_accept + 95
1   haproxy 0x00010d6c3e73 listener_accept + 469
2   haproxy 0x00010d70da01 _do_poll + 1209
3   haproxy 0x00010d6bbd0c run_poll_loop + 51
4   haproxy 0x00010d6bc427 main + 1759
5   libdyld.dylib   0x7fff8e65f7e1 start + 1

Thread 0 crashed with X86 Thread State (64-bit):
 rax: 0x7fb1c406ce00  rbx: 0x  rcx: 0x0001  
rdx: 0x00010d73c018
 rdi: 0x  rsi: 0x  rbp: 0x7fff52546bd0  
rsp: 0x7fff52546b80
  r8: 0x00010d73bc44   r9: 0x00010d73bc08  r10: 0x0040  
r11: 0x7fb1c406ce00
 r12: 0x0013  r13: 0x7fff52546bf0  r14: 0x7fb1c406ce00  
r15: 0x7fb1c400c400
 rip: 0x00010d6ffc8c  rfl: 0x00010206  cr2: 0x
Logical CPU: 6

Re: Need help with 1.5 crashing when browser refreshed

2013-10-10 Thread Kevin

So after some more troubleshooting the problem seems to be related to PCRE. If 
I compile without it I don’t see the problem. In 1.4 there  does not appear to 
be any issue using PCRE.

Any ideas?

- Kevin


On Oct 10, 2013, at 4:23 PM, Kevin k...@gatorgraphics.com wrote:

 I am having an issue with the 1.5dev19 and the latest snapshot. It crashes 
 sometimes when loading our site. It’s repeatable simply by refreshing the 
 browser several times rapidly. 
 
 I’ve tried using poll instead of kqueue and there was no change. Version 1.4 
 does not display the problem.
 
 I was hoping to get some help debugging this if possible. I’m not that 
 familiar with the current C tools, but have some experience from years ago so 
 if someone would point me to some info on setting this up to run in a 
 debugger I’ll look into it further.
 
 Thanks,
 Kevin

Huge performance issues with Haproxy + SSL

2013-10-10 Thread steve

I have been working on trouble shooting Haproxy 1.5 dev 19 with SSL for the 
last day or so on Cent OS 6.4 64bit.

Lastest OpenSSL compiled 1.0.1e, recompiled haproxy with this make -s 
TARGET=linux2628 USE_EPOLL=1 USE_OPENSSL=1 ARCH=x86_64 clean all

SSL cert wild card, plus godaddy intermediate and our key.

Our current set of issues we are seeing:
*Massive amounts of connection refused when running the test with ssl
*Very High usage of CPU on this 8 core 32 gig box with 100 gig ssd and 1gb 
nic
*Maybe 1/4 the amount of traffic we can push though, compaired to a non ssl 
test

We are using Jmeter to load test and blazemeter to do up to 40k jmeter 
threads for a full hour.

Here is a list of the errors that are spit back after the test is done
Response codes

response codecountresponse message
400 29 Bad request

Non HTTP response code: javax.net.ssl.SSLPeerUnverifiedException
86069 Non HTTP response message: peer not authenticated

Non HTTP response code: org.apache.http.conn.HttpHostConnectException 27229 
Non HTTP response message: Connection to https://.com: refused

Non HTTP response code: java.net.SocketException
88 Non HTTP response message: Connection reset

4122 Precondition Failed
Non HTTP response code: org.apache.http.NoHttpResponseException270Non HTTP 
response message: The target server failed to respond

So this is what we are facing and we are not haproxy experts and think we 
have taken it to the best of what we understand about haproxy config and 
settings.
  
special note: we do not have a web site on the backend, its user server for 
an upcoming game we are working on so the stack is quite simple from haproxy 
- node.js -- db and back.

Json data is posted to the user server and returned.

Re: Huge performance issues with Haproxy + SSL

2013-10-10 Thread Baptiste

Hi Steve,

Can you send us your configuration (anonymised if required).
We also need your sysctls (at least the one you've modified).

Baptiste


On Fri, Oct 11, 2013 at 4:43 AM, steve bloga...@gmail.com wrote:
 I have been working on trouble shooting Haproxy 1.5 dev 19 with SSL for the
 last day or so on Cent OS 6.4 64bit.

 Lastest OpenSSL compiled 1.0.1e, recompiled haproxy with this make -s
 TARGET=linux2628 USE_EPOLL=1 USE_OPENSSL=1 ARCH=x86_64 clean all

 SSL cert wild card, plus godaddy intermediate and our key.

 Our current set of issues we are seeing:
 *Massive amounts of connection refused when running the test with ssl
 *Very High usage of CPU on this 8 core 32 gig box with 100 gig ssd and 1gb
 nic
 *Maybe 1/4 the amount of traffic we can push though, compaired to a non ssl
 test

 We are using Jmeter to load test and blazemeter to do up to 40k jmeter
 threads for a full hour.

 Here is a list of the errors that are spit back after the test is done
 Response codes

 response codecountresponse message
 400 29 Bad request

 Non HTTP response code: javax.net.ssl.SSLPeerUnverifiedException
 86069 Non HTTP response message: peer not authenticated

 Non HTTP response code: org.apache.http.conn.HttpHostConnectException 27229
 Non HTTP response message: Connection to https://.com: refused

 Non HTTP response code: java.net.SocketException
 88 Non HTTP response message: Connection reset

 4122 Precondition Failed
 Non HTTP response code: org.apache.http.NoHttpResponseException270Non HTTP
 response message: The target server failed to respond

 So this is what we are facing and we are not haproxy experts and think we
 have taken it to the best of what we understand about haproxy config and
 settings.

 special note: we do not have a web site on the backend, its user server for
 an upcoming game we are working on so the stack is quite simple from haproxy
 - node.js -- db and back.

 Json data is posted to the user server and returned.

Re: Delays from HAProxy

2013-10-10 Thread Willy Tarreau

On Thu, Oct 10, 2013 at 03:57:37PM -0400, Andy M. wrote:
 Thanks for the response pelle,
 
 The haproxy box is running at about 10-15% cpu.
 
 Looking at the TCP Dump, it seems the client is doing 1 or more
 TCP_Retransmissions of the incoming request when there is a delay.  Anyone
 know why this would happen?

When you say the incoming request, you mean the SYN packet, right ?
If so, that means the backlog is full.

 Here is the requested information:
 root@haproxy:~# sysctl net.core.somaxconn
 net.core.somaxconn = 128

This is far too low or 20k CPS. You fill it in 6 ms at 20k CPS.
Try increasing it to 1024 to see how things go.

 root@haproxy:~# sysctl net.ipv4.tcp_max_syn_backlog
 net.ipv4.tcp_max_syn_backlog = 2048

In practice, I'm used to increase somaxconn to ~1 and max_syn_backlog
to ~2, but it's a bit more tricky as you don't want somaxconn to be
larger than haproxy's listen queue, otherwise the system will disable SYN
cookies. In practice, 1024 should already be OK (about 51ms to fill it).

 I removed the tcp_tw_recycle, but this did not change anything

OK. If things do not improve with the settings above, you'll have to
check if you're running netfilter and to see if your contrack table is
never full :

  # dmesg | grep -i full

You also need to check if your network card or driver is not dropping packets :

  # netstat -i

Regards,
Willy

Re: Huge performance issues with Haproxy + SSL

2013-10-10 Thread Willy Tarreau

On Fri, Oct 11, 2013 at 02:43:35AM +, steve wrote:
 I have been working on trouble shooting Haproxy 1.5 dev 19 with SSL for the 
 last day or so on Cent OS 6.4 64bit.
 
 Lastest OpenSSL compiled 1.0.1e, recompiled haproxy with this make -s 
 TARGET=linux2628 USE_EPOLL=1 USE_OPENSSL=1 ARCH=x86_64 clean all
 
 SSL cert wild card, plus godaddy intermediate and our key.
 
 Our current set of issues we are seeing:
 *Massive amounts of connection refused when running the test with ssl
 *Very High usage of CPU on this 8 core 32 gig box with 100 gig ssd and 1gb 
 nic
 *Maybe 1/4 the amount of traffic we can push though, compaired to a non ssl 
 test
 
 We are using Jmeter to load test and blazemeter to do up to 40k jmeter 
 threads for a full hour.

Are you sure your haproxy settings support these 40k concurrent connections ?

 Here is a list of the errors that are spit back after the test is done
 Response codes
 
 response codecountresponse message
 400 29 Bad request

This means SSL could pass through but that it's the tester which is sending
bad requests. Quite concerning in fact because from this point it's permitted
to doubt about everything else...

 Non HTTP response code: javax.net.ssl.SSLPeerUnverifiedException
 86069 Non HTTP response message: peer not authenticated

Possibly aborted handshakes.

 Non HTTP response code: org.apache.http.conn.HttpHostConnectException 27229 
 Non HTTP response message: Connection to https://.com: refused

Huh ? did you stop and restart haproxy during the test ? Are you sure
the connectivity between the client and haproxy is OK ? A connection
refused can only happen when either the server is stopped or when there
is one component between the client and the server which explicitly sends
RST packets (eg: a firewall), or some ICMP admin prohibited packets (eg:
a router).

 Non HTTP response code: java.net.SocketException
 88 Non HTTP response message: Connection reset

 4122 Precondition Failed
 Non HTTP response code: org.apache.http.NoHttpResponseException270Non HTTP 
 response message: The target server failed to respond
 
 So this is what we are facing and we are not haproxy experts and think we 
 have taken it to the best of what we understand about haproxy config and 
 settings.
   
 special note: we do not have a web site on the backend, its user server for 
 an upcoming game we are working on so the stack is quite simple from haproxy 
 - node.js -- db and back.

 Json data is posted to the user server and returned.

OK. Anyway this is like a website and it must work!

You need to check haproxy's logs to see if it *receives* the requests that
are reported to fail, or if it logs failed handshakes.

Since you're reporting a high CPU usage, it is also possible that the client
renegociates a new key for each request, which might or might not match what
you expect from your target. For example, if each of your clients does only
one request and leaves, this is OK. But if you have only 40k concurrent
clients which do a number of requests, they will only negociate once at the
beginning of their session.

Regards,
Willy

Re: Need help with 1.5 crashing when browser refreshed

2013-10-10 Thread Willy Tarreau

Hi Kevin,

On Thu, Oct 10, 2013 at 08:28:07PM -0500, Kevin wrote:
 So after some more troubleshooting the problem seems to be related to PCRE.
 If I compile without it I don?t see the problem. In 1.4 there  does not
 appear to be any issue using PCRE.

OK, thanks for tracking this down. I'm not seeing changes specific to
PCRE in 1.5 except the support for the JIT version which is not enabled
by default (you need USE_PCRE_JIT for this).

Just a quick question, are you using the GNU make file (Makefile) or
the OSX Makefile (Makefile.osx) to build haproxy ?

Could you please send the complete output of haproxy -vv ?

It's also possible that you're hitting a completely different bug
that is triggerred by the use of PCRE but not related to it (eg: a
use after free or something like this).

Thanks,
Willy

Re: webdav

L'investissement le plus rentable et le plus sure

Load Balancer Replacement

Delays from HAProxy

Re: Delays from HAProxy

Fwd: Delays from HAProxy

Re: Delays from HAProxy

Need help with 1.5 crashing when browser refreshed

Re: Need help with 1.5 crashing when browser refreshed

Huge performance issues with Haproxy + SSL

Re: Huge performance issues with Haproxy + SSL

Re: Delays from HAProxy

Re: Huge performance issues with Haproxy + SSL

Re: Need help with 1.5 crashing when browser refreshed

14 matches

Site Navigation

Mail list logo

Footer information