On Sat, Feb 22, 2014 at 07:54:00PM +0700, Denis Malyshkin wrote: > Hi Willy, > > Thank you a lot for your help. > > >>>Alternately, you can use the "source" parameter either on each server > >>>or in the backend to fix a port range. Haproxy will then use an explicit > >>>bind. This is normally used when you want to have more than 64k conns on > >>>multiple servers. But here you could try this : > >>> > >>> source 0.0.0.0:32678-61000 > >>> > >>Great! As I understand we can set port range to exclude listening ports > >>and so eliminate such errors? Probably it may be a good workaround. > >>Thank you again for the idea. > >> > >Yes, but the range is contiguous, so you cannot puch holes in it. > > > Tried to configure but have some questions. We have several 'listen' > sections with 'server' keyword in our config file (and so there are no > 'backend' sections).
A "listen" is in fact the union of a "frontend" and a "backend", so whatever you're suggested to put in a "backend" will also apply to a "listen". > 1. As I understand 'source' should be put into each of our 'listen' > section. Should we divide port ranges between several 'listen' sections > or may use the same wide range for all? It depends if you have some servers in common or not. The system will always allow multiple outgoing connections to share the same local source ip:port as long as they don't go to the same destination ip:ports since a connection is defined by (proto,srcip,sport,dstip,dport). So if the servers in your "listen" sections are all different, there is no problem. Otherwise you might indeed have to use separate ranges. > 2. Will there be EADDRNOTAVAIL errors if several 'listen' section use > the same source port range and two connections choose the same port? Only if they try to connect to the same destination ip:port. This subject comes back from time to time in fact. It was planned to work on a per- destination port range, but this is a bit complex, at least in terms of configuration, so nothing has been done in this direction yet. This would allow multiple similar servers from different backends to share the same source ip:port ranges without ever colliding. But this creates new issues (resource sharing). Regards, Willy
