Re: trouble with sc0_conn_cur

2016-11-28 Thread Willy Tarreau 
Hi Patrick,

On Sun, Nov 27, 2016 at 11:43:14PM -0500, Patrick Hemmer wrote:
> I'm trying to limit concurrent connections but having trouble getting it
> working with sc0_conn_cur.
> The relevant portion of my config looks like:
> 
> frontend www
>   log-format %ac\ %tsc\ %[sc0_conn_cur]
>   stick-table type ip size 1 expire 10s peers cluster store conn_cur
>   tcp-request connection track-sc0 src
>   tcp-request connection reject if { sc0_conn_cur gt 16 }
> 
> And then I fire off 50 simultaneous requests to test. None of the
> requests are closed, and the resulting log entries look like this:
> 50  -
> 
> What am I missing here? Why does it seem like the track isn't working?
> 
> This is with haproxy 1.6.9

I cannot reproduce this problem, both with 1.6.9 and 1.6.10. Here's what
I have in my logs with the same config :

<133>Nov 28 18:20:31 haproxy[5654]: Proxy www started.
<134>Nov 28 18:20:36 haproxy[5654]: 15 CR-- 16
<134>Nov 28 18:20:36 haproxy[5654]: 14 CR-- 15
<134>Nov 28 18:20:36 haproxy[5654]: 13 CR-- 14
<134>Nov 28 18:20:36 haproxy[5654]: 12 CR-- 13
<134>Nov 28 18:20:36 haproxy[5654]: 11 CR-- 12
<134>Nov 28 18:20:36 haproxy[5654]: 10 CR-- 11
<134>Nov 28 18:20:36 haproxy[5654]: 9 CR-- 10
<134>Nov 28 18:20:36 haproxy[5654]: 8 CR-- 9
<134>Nov 28 18:20:36 haproxy[5654]: 7 CR-- 8
<134>Nov 28 18:20:36 haproxy[5654]: 6 CR-- 7
<134>Nov 28 18:20:36 haproxy[5654]: 5 CR-- 6
<134>Nov 28 18:20:36 haproxy[5654]: 4 CR-- 5
<134>Nov 28 18:20:36 haproxy[5654]: 3 CR-- 4
<134>Nov 28 18:20:36 haproxy[5654]: 2 CR-- 3
<134>Nov 28 18:20:36 haproxy[5654]: 1 CR-- 2
<134>Nov 28 18:20:36 haproxy[5654]: 0 CR-- 1

The extra clients are immediately rejected and only a max of 16 are accepted
(and logged). Note, for this I added a bind line and removed the reference to
the peers. I enabled mode http so that haproxy waits and I can calmly observe
the traffic. But if I remove "mode http", I just see a flood of numbers between
0 and 16 with flags "SC". I don't know what else to look for. Are you certain
you're looking to the correct process ? (ie you don't have an old zombie lying
around and cheating on you) ?

Willy

trouble with sc0_conn_cur

2016-11-27 Thread Patrick Hemmer 
I'm trying to limit concurrent connections but having trouble getting it
working with sc0_conn_cur.
The relevant portion of my config looks like:

frontend www
  log-format %ac\ %tsc\ %[sc0_conn_cur]
  stick-table type ip size 1 expire 10s peers cluster store conn_cur
  tcp-request connection track-sc0 src
  tcp-request connection reject if { sc0_conn_cur gt 16 }

And then I fire off 50 simultaneous requests to test. None of the
requests are closed, and the resulting log entries look like this:
50  -

What am I missing here? Why does it seem like the track isn't working?

This is with haproxy 1.6.9

-Patrick