Do you have haproxy between your web servers and the 3rd party? If not (ie: only to your servers), perhaps that is what you should do. Trying to throttle the maximum connections to your web servers sounds pointless given that it's not a very good correlation to the traffic to the third party servers.
If you need to rate limit the connections per second, you could always do that with iptables on linux, or pf on bsd, etc... but it sounds like it's something the third party needs to fix. > -----Original Message----- > From: Boštjan Merčun [mailto:bostjan.mer...@dhimahi.com] > Sent: Monday, August 10, 2009 9:32 AM > To: Willy Tarreau > Cc: haproxy@formilux.org > Subject: Re: Connection limiting & Sorry servers > > On Wed, 2009-08-05 at 18:26 +0200, Willy Tarreau wrote: > > On Wed, Aug 05, 2009 at 05:52:50PM +0200, Bo??tjan Mer??un wrote: > > > Hi Willy > > > > > > On Mon, 2009-08-03 at 09:21 +0200, Willy Tarreau wrote: > > > > > > > why are you saying that ? Except for rare cases of huge bugs, a > server > > > > is not limited in requests per second. At full speed, it will > simply use > > > > 100% of the CPU, which is why you bought it after all. When a > server dies, > > > > it's almost always because a limited resource has been exhausted, > and most > > > > often this resource is memory. In some cases, it may be other > limits such > > > > as sockets, file descriptors, etc... which cause some unexpected > exceptions > > > > not to be properly caught. > > > > > > We have a problem that our servers open connections to some 3rd > party, > > > and if we get too many users at the same time, they get too many > > > connections. > > > > So you're agreeing that the problem comes from "too many > connections". This > > is exactly what "maxconn" is solving. > > The whole story is like that: during the process on our servers, we > have > to open a few connections for every user to some 3rd party and the > process for the user finishes. > If any of the connections is unsuccesful, so is everything that user > did > before that (if he does not try again and eventually succeeds). > The 3rd party limits total concurrent connections and connections per > second. > The number of connections that users make to the 3rd party depends on > what users do on our pages. User can just browse the site for 10 > minutes > and open no connections or he can finish his process in a minute and > open more then 10 connections during that time. > > As you probably see, my problem is the difference between the user, > that > comes the check the site and the user that knows exactly what he wants > on the site. > > The factor is at least 20 (probably more) which means that one setting > is not good for all scenarios, either it will be to high and users will > flood the 3rd patry with too many connections or few users will be able > to browse the site and the rest will wait even though server will be > sleeping. > > I know that these problems should be solved on different levels like > application, 3rd party connection limiting etc... but the problem is > actually more of political nature and what I am trying to do is just > solving the current situation with the tools and options I have. One of > them is HAProxy and it's connection limiting and with it I would like > to > help myself as much as I can. > > I hope that clarified my situation a bit. > > I will not be able to test anything for a week or more likely two, but > I > will continue as soon as possible and if I come to any useful > conclusions, I will also notify the list. > > Thank you again and best regards > > > Bostjan > > > Checked by AVG - www.avg.com > Version: 8.5.392 / Virus Database: 270.13.25/2256 - Release Date: > 08/07/09 06:22:00