Thank you, Lukas. I would investigate it a bit more.
Simon
20160821
Hi Lukas,
Hi Simon,
Am 19.08.2016 um 12:41 schrieb k simon:
Hi,List:
Haproxy's throughput is much less than nginx or squid on FreeBSD and
it's high cpu usage often. When I investigate it a bit more, I found
haproxy does not correctly handle MSS on FreeBSD.
Your kernel d
Hi,List:
Haproxy's throughput is much less than nginx or squid on FreeBSD and
it's high cpu usage often. When I investigate it a bit more, I found
haproxy does not correctly handle MSS on FreeBSD.
1. When haproxy bind to a physical interface and change
net.inet.tcp.mssdflt to a large value.
Hi,List:
Haproxy's throughput is much less than nginx or squid on FreeBSD and
it's high cpu usage often. When I investigate it a bit more, I found
haproxy does not correctly handle MSS on FreeBSD.
1. When haproxy bind to a physical interface and change
net.inet.tcp.mssdflt to a large value. H
Hi, lists,
I noticed that haproxy 1.6.5 hog the cpu periodiclly on FreeBSD 10
with 800K-1M syscalls. I change the balance algo to "uri" and delete all
the regular expressions can work around it. There maybe some bug with
PCRE on FreeBSD or some bug in haproxy, but I can't confirm it.
And d
Thank you, Lukas. Maybe I can workaround it on the front router.
Regards
Simon
于 14-5-13 23:29, Lukas Tribus 写道:
Hi Simon,
Hi,Lists,
I found haproxy 1.4.25 can not set mss on FreeBSD 10-stable as below:
# /usr/local/sbin/haproxy -f /opt/etc/haproxy.conf
[WARNING] 132/170407 (71806) : Starti
Hi,Willy,
Oh and BTW, are you running with PF ? I have some old memories of PF
abusively randomizing sequence numbers and preventing new connections
from being initiated using a same source port from the came client. It
was so odd that I had to disable it on my home reverse-proxy running
OpenBSD
Hi,Lists,
I found haproxy 1.4.25 can not set mss on FreeBSD 10-stable as below:
# /usr/local/sbin/haproxy -f /opt/etc/haproxy.conf
[WARNING] 132/170407 (71806) : Starting frontend http-in: cannot set MSS
# haproxy -vv
HA-Proxy version 1.4.25 2014/03/27
Copyright 2000-2014 Willy Tarreau
Build
Hi,Lists,
I found I can not share the same regex txt for haproxy and squid. And
I noticed that haproxy use OS libc's regex by default, and can change it
with compile parameters "REGEX=pcre".
Should I recompile haproxy and share the same regex txt?
Regards
Simon
于 14-4-16 21:35, Willy Tarreau 写道:
On Wed, Apr 16, 2014 at 02:32:03PM +0100, Simon Dick wrote:
On 16 April 2014 13:41, Ghislain wrote:
Le 16/04/2014 08:39, Willy Tarreau a écrit :
On a personal note, I'd say that I consider the support for strace and
tcpdump as absolute prerequisite when i
:40, Willy Tarreau 写道:
Hi Simon,
On Wed, Apr 16, 2014 at 10:25:46AM +0800, k simon wrote:
Hi,Willy,
You must never have timewaits on a client, only on a server. So if
on your haproxy box you're seeing timewaits for connections going
to the backend servers, there's something wrong. H
Hi,Willy,
> You must never have timewaits on a client, only on a server. So if
> on your haproxy box you're seeing timewaits for connections going
> to the backend servers, there's something wrong. Haproxy deploys
> great efforts at avoiding them by doing a setsockopt(SO_LINGER) to
> force the sy
900+, is TW state really a problem ? I have set the portrange from
12000 to 6.
Simon
于 14-4-15 18:15, Willy Tarreau 写道:
Hi Simon,
On Tue, Apr 15, 2014 at 04:22:35PM +0800, k simon wrote:
Hi,List,
I got a 1.5 dev22 issue on freebsd 10-stable. It reported like below,
it's gene
Hi,List,
I got a 1.5 dev22 issue on freebsd 10-stable. It reported like below,
it's generate about 2-3 errors per minute when using "http-keep-alive"
,it's about 5-8 errors per minute with "http-server-close". I tried use
"source ip:port1-port2" in "server" section, but nothing helped. Then I
st
Hi,lists,
I tested dev22 on FreeBSD 10-stable recently, and found:
1. "ipfw fwd" works well with dev22+tproxy. It's have a nice guide in
the /usr/local/share/examples.
But pf's divert-to and divert-reply can't work with haproxy. Maybe
haproxy does not use "getsockname(2)" and "setsockopt(2)".
2.
Is it possible add X-Foward-For for each request in http-tunnel mode ?
Simon
于 14-3-11 11:53, k simon 写道:
> Hi,List,
>
> I am puzzled with "set a header" for each request in "tunnel mode".
> As I know, tunnel mode only analyze the first transaction
Hi,List,
I am puzzled with "set a header" for each request in "tunnel mode".
As I know, tunnel mode only analyze the first transaction. But the
"tcp-request content" documented it can be evaluated again by the rules
being evaluated again for the next request.
As "tcp-request content" only ca
We got the simlar problem, then capture the traffic and found it's
result in websocket. So we had to kill the old process manually when
finished graceful restart.
于 28/1/14 下午2:37, Willy Tarreau 写道:
On Mon, Jan 27, 2014 at 11:24:46PM +, Wei Kong wrote:
We use
/usr/sbin/haproxy -f /e
"man ip" on the freebsd box:
If the IP_RECVTTL option is enabled on a SOCK_DGRAM socket, the
recvmsg(2) call will return the IP TTL (time to live) field for a UDP
datagram. The msg_control field in the msghdr structure points to a
buffer that contains a cmsghdr structure followed by the TTL. The
-haproxy is a good tcp proxy ,now it can classify http traffic, and it's
cool to classify other type traffic such as telnet\ssh\ftp etc.
? 17/12/13 ??4:14, Annika Wickert ??:
Hi all,
we did some thinking about how to improve haproxy and which features
we’d like to see in next versions.
I ran a haproxy(nbproc=6) on freebsd 10-beta2, each frontend bind to a
socket and share the same backend. Context switch normally 60k+. But the load
and throughput is confused me, in the past days I ran a haproxy instance
(nbproc=1), it can handle up to 500Mbps traffic .
The info below
Hi, All:
In the past day, I want use pf’s “reply-to” on freebsd to solve ip address
overlapping problem. But it’s seems that pf’s “divert-to” and “divert-reply”
cannot work with haproxy on the same machine. Does haproxy in transparent mode
support FreeBSD’s divert mechanism ?
Regards
Si
Hi, All:
In the past day, I want use pf’s “reply-to” on freebsd to solve ip address
overlapping problem. But it’s seems that pf’s “divert-to” and “divert-reply”
cannot work with haproxy on the same machine. Does haproxy in transparent mode
support FreeBSD’s divert mechanism ?
Regards
Sim
option transparent
option abortonclose
Regards
Simon
在 2013-7-21,下午6:32, k simon 写道:
> Hi all,
>
> We changed the "http-server-close" to "http-close", and found we resolved
> the problem. Now haproxy can accurate distinguished
Hi all,
We changed the "http-server-close" to "http-close", and found we resolved
the problem. Now haproxy can accurate distinguished the "http" and "non http"
traffic. Obviously content inspection works well with short connection, but not
long connection. And now, 20k+ "fin_wait_2" and "clo
26 matches
Mail list logo
