hi marc,
yes, netfilter with conntrack is running. I saw errors some weeks ago, but i fixed them with:
echo "Tuning network settings according to haproxy..." echo 1048576 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max echo 2000 60000 > /proc/sys/net/ipv4/ip_local_port_range
from that time on all iptables errors in the syslog were gone. the proxy box is a dual opteron, 0.25 uptime.
by the way: which timeout values uses haproxy for the httpchk option?
corin
Marc schrieb:
> Do you by any chance have netfilter running on your haproxy box? We
> had that at one point and were seeing that it would run out of slots
> in ip_conntrack. When that happened, I would see behaviors similar to
> what you're seeing.
>
> On Dec 4, 2007 3:29 PM, Corin Langosch <corinl#gmx.de
> <mailto:corinl#gmx.de>> wrote:
>
> Hi all!
>
> I run a medium php site with currently 10 web-servers and one haproxy.
> All webservers are dual or even dual dual-core servers. PHP5
> accelerated
> with XCache. HAProxy shows about 100-200 req/s, which is not really a
> lot for the number of servers I think.
>
> Each php page normally takes only about 0.1s - 0.3s to generate, as
> stated in the html-code. My problem is that haproxy shows a lot of
> Resp-Errors and Retr-Warnings. Even worse some backend checks fail
> although these hit a static page! All webservers are always accessible
> trough their IP and show no overload in their extended status pages.
> Using top shows a load average of 0.5 - 2.0 (50% idle).
>
> Sometimes all servers get loaded up to their haproxy max limit for
> some
> seconds, but when I access the apache status page the servers are
> still
> almost idle.
>
> I really tried everything to find the errors, but I'm stuck. no
> entries
> in the syslog, no apache error logs. How can I track the errors down?
>
> I really appreciate any help on this strange behavior.
>
> Corin
>
>
>
Received on 2007/12/04 21:42
This archive was generated by hypermail 2.2.0 : 2007/12/04 22:30 CET