Am 10.05.2018 um 18:27 schrieb Mihir Shirali: > Hi Team, > > We have haproxy installed on a server which is being used primarily for front > ending TLS. After session establishment it sets certain headers in the http > request and forwards it to the application in the backend. The back end > application is a tftp server and hence it can receive requests from a large > number of clients.
Why do you add http header for a tftp service? Do you really mean https://de.wikipedia.org/wiki/Trivial_File_Transfer_Protocol > What we observe on our server is that when we have large number of clients > haproxy gets quite busy and the CPU clocks pretty high. Since both haproxy and > our backend application run on the same server - this combined CPU can get > close > to the limit. > What we’d like to know is if there is a way to throttle the number of requests > per second. All the searches so far - seem to indicate that we could rate > limit > based on src ip or http header. However, since our client ips will be > different > in the real world we wont be able to use that (less recurrence) > Could you please help? Is this possible? What's the output of haproxy -vv ? There was some issues about high CPU Usage so maybe you will need to update. Could this be a option? https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-rate-limit%20sessions https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.3-src_updt_conn_cnt What's 'less recurrence' , hours, days? Regards Aleks
