ersation to a separate thread)
On Thu, Sep 12, 2019 at 8:04 AM Willy Tarreau wrote:
> Hi guys,
> On Wed, Sep 11, 2019 at 09:28:23PM +0200, Lukas Tribus wrote:
> > Hello Elias,
> > On Wed, Sep 11, 2019 at 11:52 AM Elias Abacioglu
> > wrote:
> > &
I have an issue which I've don't know how to go ahead with.
So first I will describe my setup.
We have a pair of haproxy v2.0.5 that only takes HTTP traffic and relays
HTTPS traffic down to a pair of haproxys v1.7.11 doing SSL termination.
Here is a more "graphical" layout:
How does maxconn work when you switch from multi process (nbproc) to to
So I had in multiproc
global maxconn 224288
default maxconn 131072
So now I've switched to multithreaded mode. And I used to believe it was
maxconn per process. So does it mean I should actually
I've experienced increased CPU usage going from v1.7 to v1.9+v2.0.
Don't know if it's for the same reason as your workload. My thread subject
is "Upgrade from 1.7 to 2.0 = increased CPU usage".
Also there is a similar conversation on discourse,
that the "http-reuse always" might help performance in 2.0, it's
not fair comparing a better performance tuned v2.0 vs a less tuned v1.7.
On Wed, Jul 24, 2019 at 8:07 PM Willy Tarreau wrote:
> Hi Elias,
> On Wed, Jul 24, 2019 at 11:01:22AM +0200, Elias Abacioglu
2.0.3 still has the same issue, after 1-3 minutes it goes to using 100% of
it's available cores.
I've created a new strace file. Will send it to you and Willy.
On Tue, Jul 23, 2019 at 8:31 PM Lukas Tribus wrote:
> Hello Elias,
> could you try 2.0.3 please?
I will send the strace to you and Willy so I don't spam the entire maillist
with a 10MB tarball.
On Fri, Jul 19, 2019 at 12:11 AM Lukas Tribus wrote:
> Hello Elias,
> On Wed, 17 Jul 2019 at 17:52, Elias Abacioglu
> > Ok, I just tri
Elias Abacioglu <
> Ok, thanks, I'll wait for 2.0.2 then.
> On Thu, Jul 11, 2019 at 7:57 PM Lukas Tribus wrote:
>> Hello Elias,
>> On Thu, 11 Jul 2019 at 17:05, Elias Abacioglu
Ok, thanks, I'll wait for 2.0.2 then.
On Thu, Jul 11, 2019 at 7:57 PM Lukas Tribus wrote:
> Hello Elias,
> On Thu, 11 Jul 2019 at 17:05, Elias Abacioglu
> > I just reverted back to haproxy 1.7 now.
> > To be more accurate, CPU idle is around ~4
I just reverted back to haproxy 1.7 now.
To be more accurate, CPU idle is around ~48% for core 2-3.
On Thu, Jul 11, 2019 at 4:38 PM Elias Abacioglu <
> I just upgraded HAproxy from 1.7.11 to 2.0.1.
> After the
I just upgraded HAproxy from 1.7.11 to 2.0.1.
After the upgrade with the same configuration as in 1.7 CPU went from
35-40% idle for core 2-3 to ~0% using a setup like this:
# (P#0) - process 1 - NIC/IRQ
# (P#1) - process 2 - NIC/IRQ
# (P#2) - process 3 - HAP
# (P#3) - process
On Tue, Jun 12, 2018 at 2:14 PM, Emeric Brun wrote:
> Yes, we are always interested testing hardware with our soft to advise the
> end users if they could have some benefits.
> But currently we are very busy and t thing we can't test your NIC before
> the last quarter of year.
Hi Willy and HAproxy folks!
Sorry for bumping this old thread. But Solarflare recently released a new
Here is a small excerpt from the Release Notes:
A major overhaul to clustering and scalable filters
Is there a way to get variables %tr or %trg in unix timestamp with
Maybe this should be a warning when starting haproxy? So people doesn't
configure h2 wrong?
On Thu, Feb 22, 2018 at 11:24 AM, Sander Klein wrote:
> Thanks Lukas,
> It was indeed the option httpclose enabled only on that backend.
> On 2018-02-21
> Apparently I'm not graphing conn_rate (i need to add it, but I have no
> values now), cause we're also sending all SSL traffic to other nodes using
> TCP load balancing.
Update: I'm at around 7,7k connection rate.
On Wed, Dec 20, 2017 at 2:10 PM, Willy Tarreau <w...@1wt.eu> wrote:
> On Wed, Dec 20, 2017 at 11:48:27AM +0100, Elias Abacioglu wrote:
> > Yes, I have one node running with Solarflare SFN8522 2p 10Gbit/s
> > without Onload enabled.
> > it has 17.5K htt
On Wed, Dec 20, 2017 at 3:27 PM, Christian Ruppert wrote:
> Oh, btw, I'm just reading that onload documentation.
> Filters are used to deliver packets received from the wire to the
> application. When filters are exhausted it is not possible to create
On Wed, Dec 20, 2017 at 1:11 PM, Christian Ruppert wrote:
> Hi Elias,
> I'm currently preparing a test setup including a SFN8522 + onload.
> How did you measure it? When did those errors (drops/discard?) appear,
> during a test or some real traffic?
> The first thing I did is
manage to free up one server.
Then we can do some synthetic benchmarks with a set of parameters of your
On Wed, Dec 20, 2017 at 9:48 AM, Willy Tarreau <w...@1wt.eu> wrote:
> Hi Elias,
> On Tue, Dec 19, 2017 at 02:23:21PM +0100, Elias Abaciogl
I recently bought a solarflare NIC with (ScaleOut) Onload / OpenOnload to
test it with HAproxy.
Have anyone tried running haproxy with solarflare onload functions?
After I started haproxy with onload, this started spamming on the kernel
Dec 12 14:11:54 dflb06 kernel: [357643.035355]
I know HW recommendations are based on the type of load.
We currently have a LB setup comprised of 3 Internet facing nodes used for
Currently around 100k/s HTTP requests (+12k tcp session rate)
This is split in 3 nodes and avg session time is 1.5s for HTTP traffic.
Is it possible to add the values of two be_sess_rate()?
On Thu, Dec 22, 2016 at 11:06 AM, Willy Tarreau wrote:
> > As for my multi proc ssl setup in case anyone was wondering:
> > I did a ssl-offload listener that runs on all cores except core0 on each
> > cpu + it's HT sibling.
> > relaying via unix sockets to a frontend that runs on core0 on each
Sorry just realized,
src_is_local won't work when using proxy protocol.
Proxy protocol will preserve initial source information.
You can probably use dst_port like this instead:
acl secure dst_port 443
if is secure
On Mon, Dec 26, 2016 at 11:09 PM, Elias Abacioglu <
Perhaps you could use src_is_local.
Something like this
acl is_local src_is_local
http-response add-header X-External-Protocol https if is_local
On Fri, Dec 23, 2016 at 3:28 PM, Arnall wrote:
> Hi everyone,
> i'm using a nbproc > 1
On Sat, Dec 10, 2016 at 8:52 AM, Willy Tarreau wrote:
> On Fri, Dec 09, 2016 at 08:18:45PM +0100, Pavlos Parissis wrote:
> > On 9 December 2016 at 20:07, Apollon Oikonomopoulos wrote:
> > >> > I wonder if a `per-process' keyword would make sense here. I find
> > >> >
> > >> > bind :443
Similar to what Christian asked about a few days ago I would like help
to summarize the recommendations for running a haproxy as a SSL LB on
a multi cpu, multi core machine.
I have a machine with two sockets equipped with Intel Xeon E5-2680 v4.
56 cores in total with HT enabled, 28 with HT
Isn't there actions to take to reduce the spam in the mailinglist?
It's gone so far that my gmail belives that almost all mail via haproxy
mailling list is spam.
Mail list logo