You can always dynamically remove servers via the stats socket by downing them. If your server pool is relatively well behaved you can just pre-allocate and up and down as needed.
If you need to add new servers, afaik you have to reload, which won't drop existing connections but may drop new connections for a very brief moment (10-20ms). Old instances of HAProxy will hang around until all connections through them drain so you have to be careful if you're restarting a lot with long timeouts not to run out of memory. See https://engineeringblog.yelp.com/2015/04/true-zero-downtime-haproxy-reloads.html for a deep dive into why reloading is a tricky problem. You'll note that existing connections are never dropped with -sf , but there are a very small number of new connections that are. The community has been working on it though! Most notably within HAProxy the DNS work Baptiste is doing will hopefully eventually allow complete dynamic re-assignment of the hosts and ports within a backend, meaning you just have to reload when your pool size is too high. I believe changing host is supported and port is in the works (double check me on this, might have changed). Willy nearly had a Linux kernel patch in to 4.2 that fixed the underlying problem with the Linux kernel, but then it got a bit derailed by the BPF changes that got merged. See https://marc.info/?t=144331405900001&r=1&w=2 for the story there. From what I can tell efforts there have stalled a bit, but some progress was made! Fwiw I think the refactor mentioned in that thread fixed a major source of dropped connections during hot reload (incorrect assignment of 3whs), but it still doesn't solve the accept -> close race. -Joey On Sep 28, 2016 8:11 PM, "Hayden James" <hayden.ja...@gmail.com> wrote: > Does haproxy currently have the ability to be able to alter the backends > (add servers, remove servers, etc) without having to restart the process > and potentially dropping existing connections? > > I've read online about various techniques to get around dropped > connections like starting a new instance, dropping SYN packets, etc, but it > seems like a hack to workaround this current limitation. Is this an > existing feature yet or one that is planned for the near future by anyone? > > Thanks! >