Hi, On Wed, May 26, 2010 at 11:18:03AM +1200, Srdan Dukic wrote: > The actual error message is as follows: > > Insufficient winsock resources available to complete socket connection > initiation.
For connection *initiation* : so it means that it's not an accept() which fails, but a connect(). Is your server trying to connect to any other backend server ? Or maybe you're running the load tester on the same machine as the server and the error you see is in fact for the load tester ? In this case, this can clearly be attributed to the number of TIME_WAIT sockets. I don't know if there is a tunable in windows to allow reuse of them, otherwise you'd end up with a server which is limited by the max number of possible source ports and the connection rate. (...) > The WCF windows client which connects directly to the server is configured > to disable HTTP keepalives and cookies. Well, if it does not do HTTP keepalives either when connecting directly to the server, then I really wonder what the difference can be ! > Also the WCF service running on the > web server is stateless. Does this make a difference or are you saying that > HAProxy closes TCP/IP connections every time as opposed to HTTP connections? Could you explain what difference you make between "HTTP connections" and "TCP connections" ? Both are the same since HTTP is transported over TCP. > If so, is there a way to get HAProxy to not close the connection after every > exchange? You may remove "option httpclose" and it will let your client maintain keep-alive with the server, but since you said that your client disables keep-alive, this should not make any difference. Maybe it will indicate that your client does keep-alive regardless of its settings ? > Another thing I should mention is that when we tried the setup with > NLB<http://en.wikipedia.org/wiki/Network_Load_Balancing_Services>(configured > with "Multiple Host", "Affinity: none") we didn't see this > problem. Would you happen to know if NLB closes connections on each request > or keeps them open and reuses them? >From what I've heard of NLB, it should not interfer with HTTP, so if your client uses keep-alives, it will let them pass. > > Are you sure you don't have iptables > > loaded on your load balancer, which would have its state stable filled > > after > > a few thousand tests and which would refuse to let new connections pass ? > > > > The setup is a default Debain Lenny install. The iptables firewall does not > have any rules in it, although the firewall itself is not completely > disabled. OK, anyway, from your message, the problem is a lack of source ports on the server to connect to somewhere else. Still you should be very careful with iptables, if the nf_conntrack (or ip_conntrack) module is loaded, most often it's loaded with default settings which are OK for a desktop PC but not for a server, and the connection table can be filled after just a few seconds of tests. In this case, you'd see "Conntrack table full" in "dmesg". But for now you need to figure what the server is trying to connect to and see if by any chance your client would do keep-alives by default which would explain why the server would in turn establish less connections to the remote point. Regards, Willy