Problem with haproxy under testload

From: Valentino Volonghi <>
Date: Thu, 19 Feb 2009 11:04:21 -0800

Hash: SHA1

Hi, I've been trying to use haproxy in front of a couple of erlang mochiweb servers in EC2.

The server alone can deal with about 3000 req/sec and I can hit it directly with ab or siege or tsung and see a similar result.

I then tried using nginx in front of the system and it was about to reach about the same numbers although apparently it couldn't really improve performance as much as I expected and instead it increases latency quite a lot.

I then went on to try with haproxy but when I use ab to benchmark with 100k connection with 1000 concurrency after 30k requests I see haproxy jumping to 100% CPU usage. I tried looking into a strace of what's going on and there are many EADDRNOTAVAIL errors which I suppose means that ports are finished, even though I increased the available ports with sysctl.

haproxy configuration is the following:


     maxconn 25000
     user haproxy
     group haproxy

     log global
     mode    http
     option  dontlognull
     option httpclose
     option forceclose
     option forwardfor
     maxconn 25000
     timeout connect      5000
     timeout client       2000
     timeout server       10000
     timeout http-request 15000
     balance roundrobin

listen adserver
     bind :80
     server ad1 check inter 10000 fall 50 rise 1

stats enable
     stats uri /lb?stats
     stats realm Haproxy\ Stats
     stats auth admin:pass
     stats refresh 5s

Reading this list archives I think I have some of the symptoms explained in
these mails: This is caused by connect() failing for EADDRNOTAVAIL and thus considers the server down. I think I'm seeing exactly the same issue here.

A small strace excerpt:

socket(PF_INET, SOCK_STREAM, IPPROTO_TCP) = 18 fcntl64(18, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 setsockopt(18, SOL_TCP, TCP_NODELAY, [1], 4) = 0 connect(18, {sa_family=AF_INET, sin_port=htons(8000), sin_addr=inet_addr("")}, 16) = -1 EADDRNOTAVAIL (Cannot assign requested address)


recv(357, 0x9c1acb8, 16384, MSG_NOSIGNAL) = -1 EAGAIN (Resource temporarily unavailable)
epoll_ctl(0, EPOLL_CTL_ADD, 357, {EPOLLIN, {u32=357, u64=357}}) = 0

The last one mostly to show that I'm using epoll, in fact speculative epoll,
but even turning it off doesn't solve the issue.

An interesting problem is that if I use mode tcp instead of mode http this doesn't
happen, but since it doesn't forward the client IP address (and I can't patch
an EC2 kernel) I can't do it.

ulimit-n showed by haproxy is 50k sockets, well above maxconn and well above
the 30k wehere it breaks.

sysctl.conf has the following settings:

# the following stops low-level messages on console
kernel.printk = 4 4 1 7
fs.inotify.max_user_watches = 524288
# some spoof protection

# General gigabit tuning:

net.core.rmem_max = 33554432
net.core.wmem_max = 33554432
net.ipv4.tcp_rmem = 4096 16384 33554432
net.ipv4.tcp_wmem = 4096 16384 33554432
net.ipv4.tcp_mem = 786432 1048576 26777216
net.ipv4.tcp_max_tw_buckets = 360000
net.core.netdev_max_backlog = 2500

vm.min_free_kbytes = 65536
vm.swappiness = 0
net.ipv4.ip_local_port_range = 25000 65535

Everything runs on an ubuntu 8.04 with Is there anything that I get
spectacularly wrong? Do you need more strace output?

Version: GnuPG v1.4.9 (Darwin)

iEYEARECAAYFAkmdrTUACgkQ9Llz28widGXofwCfaLI1/BYqRxdyRBbuVTxjCgPS K1kAnRhe9c7gkHgR65kqULvVibHkl++T
-----END PGP SIGNATURE----- Received on 2009/02/19 20:04

This archive was generated by hypermail 2.2.0 : 2009/02/19 21:15 CET