Pavlo Zhuk <pavlo@...> writes:
>
>
> Hi,
> I am searching for help with understanding of qtime KPI nature for
haproxy, and possible optimization of my installation in this perspective.
> We are using haproxy 1.5.14 in TCP mode as a L4 load-balancer for HTTPS
endpoints for multiple domain hostnames. We are also using SNI inspection in
order to select proper backend for the request.
>
> And I've noticed that backend qtime stat vaue is pretty high (200-300ms),
which disturbs me a lot. qcur
> (current queue lengh) is zero at the same time. Are we basically slowing
down all our requests by 200ms-300ms at haproxy
> side? (not sure if I understood this value of qtime properly) Is it
related with SNI inspection? If yes - I
> am definitely searching the way to optimize it.
> All the installation - haproxy frontend as well as HTTPS backends are
living in AWS Cloud at the moment, and instance sizes are pretty big (c3,
c4), so we don't see any resource limitation.
> Example of the config below. Any feedback appreciated.
> ==global
> log 127.0.0.1 local2
> chroot /var/lib/haproxy
> pidfile /var/run/haproxy.pid
> maxconn 40000
> ulimit-n 100000
> user haproxy
> group haproxy
> daemon
> stats socket /var/lib/haproxy/stats
>
> defaults
> mode http
> log global
> option httplog
> option dontlognull
> option http-server-close
> retries 3
> timeout http-request 1s
> timeout queue 1m
> timeout connect 3s
> timeout client 1m
> timeout server 30s
> timeout http-keep-alive 2s
> timeout check 3s
> maxconn 40000
>
> frontend https-in *:443
> mode tcp
> option tcplog
> option socket-stats
>
> tcp-request inspect-delay 5s
> tcp-request content accept if { req_ssl_hello_type 1 }
>
> use_backend foo-ssl if { req_ssl_sni -m beg foo }
> use_backend bar-ssl if { req_ssl_sni -m beg bar }
>
> backend foo-ssl *:443
> balance leastconn
> mode tcp
> option ssl-hello-chk
>
> server foo1 x.x.x.x:443 maxconn 10000 check
> server foo2 x.x.x.x:443 maxconn 10000 check
>
> backend bar-ssl *:443
> balance leastconn
> mode tcp
> option ssl-hello-chk
>
> server bar1 x.x.x.x:443 maxconn 10000 check
> server bar2 x.x.x.x:443 maxconn 10000 check==--
> BR,
> Pavlo Zhuk+38093 2412222
>
>
hi friend!
Give you my config of haproxy.cfg zabbix
#cat /etc/zabbix/zabbix_agentd.d/haproxy.cfg
UserParameter=haproxy.discovery,/usr/local/check_openstack/zhaproxy.py -d
UserParameter=haproxy.allstatus,/usr/local/check_openstack/zhaproxy.py -c
UserParameter=haproxy.parameter[*],/usr/local/check_openstack/zhaproxy.py -p
$1 -s $2 -v $3
UserParameter=haproxy.mysql_galera_cluster,/usr/local/check_openstack/zhaproxy.py
-p mysql_galera_cluster -s FRONTEND -v status
(just ideas, not suggestions, not competent advice) serve up
from www.ledlightmake.com jimmy