Hi, > Recently, we use haproxy1.5-dev21 in our product.And we want to get > the benefit of http-keep-alive. But after we added the option > http-keep-alive and deployed new version of haproxy. We found that the > connection of FIN_WAIT_2 CLOSED ESTABLISHED increased quickly. when we > change to the tunnel mode, it decreased.
What release did you previously run? Please also specify your kernel release and the output of "./haproxy -vv". > root@Haproxy01:~ # session-count.sh > LISTEN 8 > FIN_WAIT_1 245 > FIN_WAIT_2 22836 > SYN_SENT 46 > LAST_ACK 943 > CLOSING 4 > CLOSE_WAIT 1151 > CLOSED 21940 > SYN_RCVD 11 > TIME_WAIT 255 > ESTABLISHED 13894 But we don't know where does high numbers are, backend or frontend (or both; equally distributed). Can you try (by matching your frontend port): netstat -nat | grep ":2001 " | wc -l > And some related configuration below. >From your configuration its not clear to me what was really enabled when you were having this problem, and what was later configured as a workaround: - you globablly enable "option http-keep-alive" - you disable "no option http-keep-alive" in your (only?) frontend tcp-in - you disable "no option http-keep-alive" in your backend Direct - your backend SquidCluster-tos02 doesn't mention http-keep-alive, but it will not use it since its disabled on the frontend. Please provide a consistent and complete configuration when your where having this problem, otherwise its very difficult for us to understand the situation. Also, if you disable keep-alive completely (which, it seems, you already did), without downgrading the release to the old one, does this fix the problem? I suspect there is some issue or limitation with keep-alive in combination with TPROXY/CTTPROXY. Regards, Lukas