Re: Upgrading from 1.7 to 2.0 causes connection spam

2019-09-12 Thread Elias Abacioglu
ersation to a separate thread) /Elias On Thu, Sep 12, 2019 at 8:04 AM Willy Tarreau wrote: > Hi guys, > > On Wed, Sep 11, 2019 at 09:28:23PM +0200, Lukas Tribus wrote: > > Hello Elias, > > > > On Wed, Sep 11, 2019 at 11:52 AM Elias Abacioglu > > wrote: > > &

Upgrading from 1.7 to 2.0 causes connection spam

2019-09-11 Thread Elias Abacioglu
Hi! I have an issue which I've don't know how to go ahead with. So first I will describe my setup. We have a pair of haproxy v2.0.5 that only takes HTTP traffic and relays HTTPS traffic down to a pair of haproxys v1.7.11 doing SSL termination. Here is a more "graphical" layout: Internet

maxconn threaded vs multiproc

2019-08-29 Thread Elias Abacioglu
Hi How does maxconn work when you switch from multi process (nbproc) to to multithreaded (nbthread). So I had in multiproc global maxconn 224288 default maxconn 131072 So now I've switched to multithreaded mode. And I used to believe it was maxconn per process. So does it mean I should actually

Re: 2.0.3 High CPU Usage

2019-07-25 Thread Elias Abacioglu
Hi Nick, I've experienced increased CPU usage going from v1.7 to v1.9+v2.0. Don't know if it's for the same reason as your workload. My thread subject is "Upgrade from 1.7 to 2.0 = increased CPU usage". Also there is a similar conversation on discourse,

Re: Upgrade from 1.7 to 2.0 = increased CPU usage

2019-07-24 Thread Elias Abacioglu
that the "http-reuse always" might help performance in 2.0, it's not fair comparing a better performance tuned v2.0 vs a less tuned v1.7. Thanks Elias On Wed, Jul 24, 2019 at 8:07 PM Willy Tarreau wrote: > Hi Elias, > > On Wed, Jul 24, 2019 at 11:01:22AM +0200, Elias Abacioglu

Re: Upgrade from 1.7 to 2.0 = increased CPU usage

2019-07-24 Thread Elias Abacioglu
Hi Lukas, 2.0.3 still has the same issue, after 1-3 minutes it goes to using 100% of it's available cores. I've created a new strace file. Will send it to you and Willy. Thanks, Elias On Tue, Jul 23, 2019 at 8:31 PM Lukas Tribus wrote: > Hello Elias, > > > could you try 2.0.3 please? > > > It

Re: Upgrade from 1.7 to 2.0 = increased CPU usage

2019-07-23 Thread Elias Abacioglu
Hi Lukas, I will send the strace to you and Willy so I don't spam the entire maillist with a 10MB tarball. /Elias On Fri, Jul 19, 2019 at 12:11 AM Lukas Tribus wrote: > Hello Elias, > > > On Wed, 17 Jul 2019 at 17:52, Elias Abacioglu > wrote: > > > > Ok, I just tri

Re: Upgrade from 1.7 to 2.0 = increased CPU usage

2019-07-17 Thread Elias Abacioglu
Elias Abacioglu < elias.abacio...@deltaprojects.com> wrote: > Ok, thanks, I'll wait for 2.0.2 then. > > On Thu, Jul 11, 2019 at 7:57 PM Lukas Tribus wrote: > >> Hello Elias, >> >> On Thu, 11 Jul 2019 at 17:05, Elias Abacioglu >> wrote: >>

Re: Upgrade from 1.7 to 2.0 = increased CPU usage

2019-07-12 Thread Elias Abacioglu
Ok, thanks, I'll wait for 2.0.2 then. On Thu, Jul 11, 2019 at 7:57 PM Lukas Tribus wrote: > Hello Elias, > > On Thu, 11 Jul 2019 at 17:05, Elias Abacioglu > wrote: > > > > I just reverted back to haproxy 1.7 now. > > To be more accurate, CPU idle is around ~4

Re: Upgrade from 1.7 to 2.0 = increased CPU usage

2019-07-11 Thread Elias Abacioglu
I just reverted back to haproxy 1.7 now. To be more accurate, CPU idle is around ~48% for core 2-3. On Thu, Jul 11, 2019 at 4:38 PM Elias Abacioglu < elias.abacio...@deltaprojects.com> wrote: > Hi, > > I just upgraded HAproxy from 1.7.11 to 2.0.1. > > After the

Upgrade from 1.7 to 2.0 = increased CPU usage

2019-07-11 Thread Elias Abacioglu
Hi, I just upgraded HAproxy from 1.7.11 to 2.0.1. After the upgrade with the same configuration as in 1.7 CPU went from 35-40% idle for core 2-3 to ~0% using a setup like this: # (P#0) - process 1 - NIC/IRQ # (P#1) - process 2 - NIC/IRQ # (P#2) - process 3 - HAP # (P#3) - process

Re: haproxy and solarflare onload

2018-06-13 Thread Elias Abacioglu
Hi Emeric, On Tue, Jun 12, 2018 at 2:14 PM, Emeric Brun wrote: > > Yes, we are always interested testing hardware with our soft to advise the > end users if they could have some benefits. > But currently we are very busy and t thing we can't test your NIC before > the last quarter of year. > >

Re: haproxy and solarflare onload

2018-05-28 Thread Elias Abacioglu
Hi Willy and HAproxy folks! Sorry for bumping this old thread. But Solarflare recently released a new Onload version. http://www.openonload.org/download/openonload-201805-ReleaseNotes.txt Here is a small excerpt from the Release Notes: " A major overhaul to clustering and scalable filters

%tr or %trg in unix time?

2018-03-26 Thread Elias Abacioglu
Hi, Is there a way to get variables %tr or %trg in unix timestamp with milliseconds? Thanks Elias

Re: Haproxy 1.8.4 400's with http/2

2018-02-25 Thread Elias Abacioglu
Maybe this should be a warning when starting haproxy? So people doesn't configure h2 wrong? On Thu, Feb 22, 2018 at 11:24 AM, Sander Klein wrote: > Thanks Lukas, > > It was indeed the option httpclose enabled only on that backend. > > Greets, > > Sander > > > On 2018-02-21

Re: haproxy and solarflare onload

2017-12-20 Thread Elias Abacioglu
> > Apparently I'm not graphing conn_rate (i need to add it, but I have no > values now), cause we're also sending all SSL traffic to other nodes using > TCP load balancing. > Update: I'm at around 7,7k connection rate.

Re: haproxy and solarflare onload

2017-12-20 Thread Elias Abacioglu
On Wed, Dec 20, 2017 at 2:10 PM, Willy Tarreau <w...@1wt.eu> wrote: > On Wed, Dec 20, 2017 at 11:48:27AM +0100, Elias Abacioglu wrote: > > Yes, I have one node running with Solarflare SFN8522 2p 10Gbit/s > currently > > without Onload enabled. > > it has 17.5K htt

Re: haproxy and solarflare onload

2017-12-20 Thread Elias Abacioglu
On Wed, Dec 20, 2017 at 3:27 PM, Christian Ruppert wrote: > Oh, btw, I'm just reading that onload documentation. > > > Filters > Filters are used to deliver packets received from the wire to the > appropriate > application. When filters are exhausted it is not possible to create

Re: haproxy and solarflare onload

2017-12-20 Thread Elias Abacioglu
On Wed, Dec 20, 2017 at 1:11 PM, Christian Ruppert wrote: > Hi Elias, > > I'm currently preparing a test setup including a SFN8522 + onload. > How did you measure it? When did those errors (drops/discard?) appear, > during a test or some real traffic? > The first thing I did is

Re: haproxy and solarflare onload

2017-12-20 Thread Elias Abacioglu
manage to free up one server. Then we can do some synthetic benchmarks with a set of parameters of your choosing. Regards, /Elias On Wed, Dec 20, 2017 at 9:48 AM, Willy Tarreau <w...@1wt.eu> wrote: > Hi Elias, > > On Tue, Dec 19, 2017 at 02:23:21PM +0100, Elias Abaciogl

haproxy and solarflare onload

2017-12-19 Thread Elias Abacioglu
Hi, I recently bought a solarflare NIC with (ScaleOut) Onload / OpenOnload to test it with HAproxy. Have anyone tried running haproxy with solarflare onload functions? After I started haproxy with onload, this started spamming on the kernel log: Dec 12 14:11:54 dflb06 kernel: [357643.035355]

yahrt! (yet another hardware recommendation thread)

2017-10-12 Thread Elias Abacioglu
Hi guys I know HW recommendations are based on the type of load. We currently have a LB setup comprised of 3 Internet facing nodes used for transactional requests. Currently around 100k/s HTTP requests (+12k tcp session rate) This is split in 3 nodes and avg session time is 1.5s for HTTP traffic.

adding values from state samples

2017-09-08 Thread Elias Abacioglu
Hi, Is it possible to add the values of two be_sess_rate()? /Elias

Re: multiproc ssl recommendations

2016-12-27 Thread Elias Abacioglu
On Thu, Dec 22, 2016 at 11:06 AM, Willy Tarreau wrote: > > As for my multi proc ssl setup in case anyone was wondering: > > I did a ssl-offload listener that runs on all cores except core0 on each > > cpu + it's HT sibling. > > relaying via unix sockets to a frontend that runs on core0 on each

Re: ssl offloading and send-proxy-v2-ssl

2016-12-26 Thread Elias Abacioglu
Sorry just realized, src_is_local won't work when using proxy protocol. Proxy protocol will preserve initial source information. You can probably use dst_port like this instead: acl secure dst_port 443 if is secure On Mon, Dec 26, 2016 at 11:09 PM, Elias Abacioglu < elias.aba

Re: ssl offloading and send-proxy-v2-ssl

2016-12-26 Thread Elias Abacioglu
Perhaps you could use src_is_local. Something like this frontend web_plain acl is_local src_is_local http-response add-header X-External-Protocol https if is_local /Elias On Fri, Dec 23, 2016 at 3:28 PM, Arnall wrote: > Hi everyone, > > i'm using a nbproc > 1

Re: multiproc ssl recommendations

2016-12-21 Thread Elias Abacioglu
On Sat, Dec 10, 2016 at 8:52 AM, Willy Tarreau wrote: > On Fri, Dec 09, 2016 at 08:18:45PM +0100, Pavlos Parissis wrote: > > On 9 December 2016 at 20:07, Apollon Oikonomopoulos wrote: > (...) > > >> > I wonder if a `per-process' keyword would make sense here. I find > > >> > > > >> > bind :443

multiproc ssl recommendations

2016-12-01 Thread Elias Abacioglu
Hi, Similar to what Christian asked about a few days ago I would like help to summarize the recommendations for running a haproxy as a SSL LB on a multi cpu, multi core machine. I have a machine with two sockets equipped with Intel Xeon E5-2680 v4. 56 cores in total with HT enabled, 28 with HT

spaminfested mailinglist

2016-07-01 Thread Elias Abacioglu
Hi, Isn't there actions to take to reduce the spam in the mailinglist? It's gone so far that my gmail belives that almost all mail via haproxy mailling list is spam.