@tcprbs wrote:
Hi,
I was doing some experiments with HAProxy 2.0 with pool-max-conn and pool-purge-delay options for connection pooling.
Usage:
I have an application making external calls to some backend. I am evaluating using HAProxy between the application and the vendor so that HAProxy would manage connection pool with the backend.
The setup would be: HAProxy would perform SSL connection verification on the backend as part of connection establishment and maintain a connection pool with the backend. The backend does not have TLS SNI extension enabled.
Config:
# Removed log related config for brevity and actual backend addresses. global stats socket /var/run/haproxy.sock ca-base /etc/ssl/certs defaults mode http timeout connect 5s timeout client 10s timeout server 10s timeout http-keep-alive 100s option redispatch option prefer-last-server option http-keep-alive retries 3 compression algo gzip timeout http-request 10s frontend http_internal bind *:80 name http_internal # stats stats enable stats uri /stats stats refresh 5s acl haproxy_stats url_beg /stats use_backend bk_haproxy_stats if haproxy_stats acl host_example hdr(host) -i example.com use_backend bk_test if host_example default_backend bk_test backend bk_test mode http http-reuse aggressive # tried different values {safe, aggressive, always} server server-1 example.com:443 ssl verify required ca-file ca-certificates.crt pool-max-conn -1 pool-purge-delay 200sObservations:
As described in https://www.haproxy.com/blog/haproxy-1-9-has-arrived/#connection-management, if connection between application and HAProxy closes, it should not affect connection between HAProxy and backend server.
I tested by giving a series of requests (20,30,40 etc) via curl to the HAProxy with a gap between each request. I noticed that it does not always reuse the backend connection and creates a new connection again. Each request is from a new curl process.
One such run’s output (total of 40 requests):
Got this data by running packet capture and Lua script: The "Connection" below is each unique connection between HAProxy and Backend server (identified by the 4-tuple of {IP, port}) and number of times it got used for requests. First 2 connections got used 7 times (**not for consecutive requests** though) Connection -> Number of times used. Connection 1 -> 7 # used 7 times. Connection 2 -> 7 Connection 3 -> 1 # used 1 time and closed. Connection 4 -> 1 Connection 5 -> 1 Connection 6 -> 1 Connection 7 -> 1 Connection 8 -> 1 Connection 9 -> 1 Connection 10 -> 1 Connection 11 -> 1 Connection 12 -> 1 Connection 13 -> 1 Connection 14 -> 1 Connection 15 -> 1 Connection 16 -> 1 Connection 17 -> 1 Connection 18 -> 1 Connection 19 -> 1 Connection 20 -> 1 Connection 21 -> 1 Connection 22 -> 1 Connection 23 -> 1 Connection 24 -> 1 Connection 25 -> 1 Connection 26 -> 1 Connection 27 -> 1 Connection 28 -> 1My understanding is it should not create new connection for every new request to HAProxy and use the connections in pool. The backend server’s response has “Connection: Keep-alive” too.
After the tests, when I ran ss command, it showed only the first 2 connections in ESTABLISHED mode. Also in packet capture, I notice that HAProxy is sending RST to the backend after the response for the other connections except the initial 2 connections.
Is this expected or am I missing anything?
Thanks.
Posts: 1
Participants: 1