Willy Tarreau <w <at> 1wt.eu> writes: > > Hi, > > On Wed, Jul 27, 2011 at 11:19:30AM -0400, Jed Smith wrote: > > In flight, I was able to track down that a RST is immediately sent back. > > What I suspect is that your max number of orphans is too low. For > instance : > > $ cat /proc/sys/net/ipv4/tcp_max_orphans > 65536 > > An orphan is a connection that is closed with haproxy but still being sending > data to the client. If your site is heavily loaded, chances are that the > default number of orphans is too low and that some of them randomly get > killed. You should see an intermittent message "Too many orphans" in your > dmesg. > > The primary solution is to increase this number to at least 4 times the > max number of concurrent connections you're planning on serving. The 4 > comes from the fact that most browsers will open up to 4 connections to > a host on average. Warning, an orphan can consume memory for the last > send buffer, since all responses have to be buffered for being sent. So > don't go too high if your machine has limited amount of memory (consider > at least 4kB per connection). > > Another common workaround is to replace "option httpclose" with > "option http-server-close", which will re-enable keep-alive with the > clients. That way your connection rate drops and the number of orphans > drops too. This is only valid for sites where it is useful to maintain > persistent connections, of course. If your site only receives one request > per client, it will not bring anything. > > Regards, > Willy > >
Hello, I have similar problem. When I stress testing haproxy and reload it with -sf option: "The server is now under siege...[error] socket: unable to connect sock.c:222: Connection reset by peer [error] socket: unable to connect sock.c:222: Connection refused ... ... " my sysctl option: net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_max_tw_buckets = 631056 net.ipv4.tcp_max_orphans = 631056 Regards, Dominik
