Willy, >From your description, it could be an issue with some connection tracking somewhere caused by excess of source addr:ports.
Ohh ok.. Also I just found that as per the documentation in this link , it says that "it can cause problems when IP connection tracking is enabled on the machine, because a same connection may be seen twice with different states". Does this mean that I need to disable the nf_conntrack module by adding "net.netfilter.nf_conntrack_acct = 0" to "/etc/sysctl.conf" ? Bu default this module seems to be enabled. cat /proc/sys/net/netfilter/nf_conntrack_acct 1 Following are the answers to your questions: What's your haproxy version and kernel version ? - HA-Proxy version: 1.4.8 2010/06/16 - Kernel Version: 2.6.32-24-server - OS: Ubuntu 10.04 Are you sure all your servers route back through your haproxy box ? - Yes the default gateway of all the real servers is HAProxy server. - On real servers I have multiple IPs of two different networks - One which we use for communication between HAproxy server and Real servers. - And One which is used by the real servers to communicate with our internal application servers Did you test only from one source machine or did you have many clients ? - This issue occurs intermittently from one or two different source IPs - At the same time when I check the functionality from another source IP, it works fine. Thanks Rahul N. On Thu, Aug 9, 2012 at 10:56 PM, Willy Tarreau <w...@1wt.eu> wrote: > Hello Rahul, > > On Thu, Aug 9, 2012 at 12:13 AM, Rahul Nair <rahul.n...@finicity.com> > wrote: > > Guys, > > I am in process of implementing HAProxy with TPROXY in our setup for > "mode tcp". > > All of a sudden the website stops working and gives out error in > browser: "Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error." > > When I remove/comment "source 0.0.0.0 usesrc clientip" the website > starts working fine. > > And later on when I again enable "source 0.0.0.0 usesrc clientip" it > starts working fine, It seems that the issue is intermittent. > > Please help me understand what exactly the problem could be. > > Hardware configuration of HAProxy server: > > RAM:256MB > > Processor:Single core > > Thanks, > > Rahul N. > > From your description, it could be an issue with some connection tracking > somewhere caused by excess of source addr:ports. But it could be many > things. > What's your haproxy version and kernel version ? Are you sure all your > servers route back through your haproxy box ? Did you test only from one > source machine or did you have many clients ? > > Willy > > -- -Rahul N. IT Department In2M Technologies Pvt Ltd. (Finicity) Website: www.finicity.com/india