Re: Question about TCP balancing

From: Willy Tarreau <w#1wt.eu>
Date: Mon, 3 Aug 2009 21:46:47 +0200


Hello Dmitry,

On Mon, Aug 03, 2009 at 02:24:47PM +0400, Dmitry Sivachenko wrote:
> Hello!
>
> I am trying to setup haproxy 1.3.19 to use it as
> TCP load balancer.
>
> Relevant portion of config looks like:
>
> listen test 0.0.0.0:17000
> mode tcp
> balance roundrobin
> server srv1 srv1:17100 check inter 20000
> server srv2 srv2:17100 check inter 20000
> server srv3 srv3:17100 check inter 20000
>
> Now imagine the situation that all 3 backends are down
> (no program listen on 17100 port, OS responds with Connection Refused).
>
> In that situation haproxy still listens port 17100 and closes connection
> immediately:
> > telnet localhost 17101
> Trying 127.0.0.1...
> Connected to localhost.
> Escape character is '^]'.
> Connection closed by foreign host.
>
> Is it possible to configure haproxy so it will stop listening the port
> when all backends are down? So clients will receive
> Connection Refused as if none listens TCP port at all?

No it's not, and it's not only a configuration issue, it's an OS limitation. The only way to achieve this is to stop listening to the port then listen again to re-enable the port. On some OSes, it is possible. On other ones, you have to rebind (and sometimes close then recreate a new socket). But once your process has dropped privileges, you can't always rebind if the port is <1024 for instance.

So instead of having various behaviours for various OSes, it's better to make them behave similarly.

I have already thought about adding an OS-specific option to do that, but I have another problem with that. Imagine that your servers are down. You stop listening to the port. At the same time, someone else starts listening (eg: you start a new haproxy without checking the first one, or an FTP transfer uses this port, ...). What should be done when the servers are up again ? Haproxy will not be able to get its port back because someone else owns it.

So, by lack of a clean and robust solution, I prefer not to experiment in this area.

Regards,
Willy Received on 2009/08/03 21:46

This archive was generated by hypermail 2.2.0 : 2009/08/03 22:00 CEST