Re: haproxy bug or wrong kernel settings?

From: Craig <craig#haquarter.de>
Date: Thu, 01 Jul 2010 00:42:52 +0200


Hi,

at 30.06.2010 23:08, Willy Tarreau wrote
> I'm seeing that you have nf_conntrack loaded on the server, are
> you absolutely sure that the session table never fills up ? You can
> check that with "dmesg". I'm asking because this is an extremely common
> issue. Just in doubt, you should check if you can disable it.
I had already ruled conntrack out - sorry, I forgot to mention it. It's a really common problem I had on my radar. ;)

>> maxconn 75000
>> ulimit-n 192000
>
> you can safely remove ulimit-n above, it's correctly computed from
> maxconn.

Thanks for the hint.

> OK I see. You have no "maxconn" setting in your frontend. So it's
> limited to the default value (2000). You should set it slightly
> below the global maxconn setting (which is for the whole process).
I was always of the opinion (not sure from where I got that, though), that setting the maxconn at the beginning would set it as default for every frontend and backend. Oh was I wrong. Next time it's probably a good idea to read documentation on every configuration option again.

> your sysctls look correct overall.

Thanks!

I'm relatively certain maxconn that was the issue, some tests will verify it...thank you very much Willy!

Bests,

Craig Received on 2010/07/01 00:42

This archive was generated by hypermail 2.2.0 : 2010/07/01 00:45 CEST