Re: strange delays with ssl

From: Michał Jaszczyk <jasiu85#gmail.com>
Date: Tue, 17 Jun 2008 16:50:39 +0200


Hi,

Sorry for not answering quickly, it took me some time to find out all the answers to your questions...

> Which Version of haproxy do you use?

1.3.15.1

> Which Version of stunnel do you use?

I don't use stunnel. I use Haproxy in the TCP layer and forward SSL requests to the backends.

> On which OS do you use haproxy?

Linux 2.6.18-5-xen-amd64

> haproxy -f YOUR_CONFIG_FILE -Vd

Available polling systems : 

     sepoll : pref=400,  test result OK
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK

Total: 4 (4 usable), will use sepoll.
Using sepoll() as the polling mechanism. 
00000000:lb.accept(0004)=0006 from [89.78.36.130:57436]
00000000:lb.srvcls[0006:0007]
00000000:lb.clicls[0006:0007]
00000000:lb.srvcls[0006:0007]
00000000:lb.closed[0006:0007]
00000001:lb.accept(0004)=0006 from [89.78.36.130:53985]
00000001:lb.srvcls[0006:0007]
00000001:lb.clicls[0006:0007]
00000001:lb.srvcls[0006:0007]
00000001:lb.closed[0006:0007]

The long delay happens between printing of accept and srvcls.

> Can you send us some entries from the logs, when this happen?

Some example entries from the logs: 

Jun 17 16:43:04 127.0.0.1 haproxy-gr[28084]: 193.0.96.129:38279


[17/Jun/2008:16:43:04.395] lb lb/grr-4 0/1/+1 +0 -- 1/1/1/1/0 0/0

Jun 17 16:43:04 127.0.0.1 haproxy-gr[28084]: 193.0.96.129:38283


[17/Jun/2008:16:43:04.531] lb lb/grr-5 0/0/+0 +0 -- 1/1/1/1/0 0/0

Jun 17 16:43:04 127.0.0.1 haproxy-gr[28084]: 193.0.96.129:38287


[17/Jun/2008:16:43:04.860] lb lb/grr-6 0/0/+0 +0 -- 1/1/1/1/0 0/0

Jun 17 16:43:04 127.0.0.1 haproxy-gr[28084]: 193.0.96.129:38289


[17/Jun/2008:16:43:04.974] lb lb/grr-7 0/0/+0 +0 -- 1/1/1/1/0 0/0

Jun 17 16:43:06 127.0.0.1 haproxy-gr[28084]: 89.78.36.130:57384


[17/Jun/2008:16:43:06.761] lb lb/grr-10 0/0/+0 +0 -- 2/2/2/1/0 0/0

Jun 17 16:43:08 127.0.0.1 haproxy-gr[28084]: 193.0.96.129:38291

[17/Jun/2008:16:43:05.085] lb lb/grr-8 0/2998/+2998 +0 -- 2/2/2/1/0
0/0 
Jun 17 16:43:29 127.0.0.1 haproxy-gr[28084]: 89.78.36.130:57385


[17/Jun/2008:16:43:29.694] lb lb/grr-1 0/0/+0 +0 -- 1/1/1/1/0 0/0

Jun 17 16:43:32 127.0.0.1 haproxy-gr[28084]: 89.78.36.130:57387


[17/Jun/2008:16:43:32.908] lb lb/grr-2 0/0/+0 +0 -- 1/1/1/1/0 0/0

Jun 17 16:43:36 127.0.0.1 haproxy-gr[28084]: 89.78.36.130:57389


[17/Jun/2008:16:43:36.119] lb lb/grr-3 0/0/+0 +0 -- 1/1/1/1/0 0/0

Jun 17 16:43:39 127.0.0.1 haproxy-gr[28084]: 89.78.36.130:57391

[17/Jun/2008:16:43:39.316] lb lb/grr-4 0/0/+0 +0 -- 1/1/1/1/0 0/0

> Is there a fw between haproxy and ssl machines?

None, both are in the same LAN.

Thanks,

Mike Received on 2008/06/17 16:50

This archive was generated by hypermail 2.2.0 : 2008/06/17 17:00 CEST