Hi Patrick, Patrick Kaeding wrote: > I have one frontend, listening on port 443, and two backends, which send > traffic to either port 5050 or 5051. The haproxy stats screen is > showing many more frontend connections than backend (in one case, 113k > on the frontend, 97k on one backend, and 3k on the other backend).
Most browser nowadays speculatively create more than one connection to the server (HAProxy in this case) to use them for parallel downloading of assets. Now, such a connection to the frontend will only result in a connection to the backend once the full HTTP request have been received and parsed by HAProxy. Since some of these speculative connections will just sit idle and will eventually get closed without having received any data, the number of frontend-connections is almost always higher than the sum of backend-connections. In addition to that, you might observe more connections accepted by the kernel than are shown in HAProxy's frontend. This is due to the fact that a new connection is only forwarded to HAProxy from the kernel once it is fully established and HAProxy has actively accepted in. If you are running against your maxconn or generally on high load, some connections might be accepted by the kernel already but not yet handled by HAProxy. Cheers, Holger