Hi all,
sorry for being late here.
On Fri, Nov 13, 2020 at 04:08:18PM +0100, Bartosz wrote:
> > I don't think you can setup sockets this way, I think this is an
> > incorrect configuration leading to undefined behavior. The fact the
> > behavior then changes across different kernels is not a surprise.
>
> Hmmm, as mentioned this has always worked, across different kernels. I
> think we've been using this since HAProxy 1.4-dev/Kernel 2.6.x or so.
> I guess you're saying we were lucky all this time. Only with this most
> recent vm does it indeed "fail".
I've been hit with exactly the same a few years ago, with a minor
variant, I was using transparent mode. The kernel's behavior changed at
some point regarding this. I *seem* to remember that a long time ago,
depending on the ordering you'd see this:
- either you first bind the precise address then it would fail to
bind the one on 0.0.0.0 ;
- or you first bind 0.0.0.0 and then bind the precise one and it
would always work as desired.
I *suspect* that this changed when SO_REUSEPORT was reintroduced to
perform load balancing. SO_REUSEPORT was present in linux 2.2, it
was removed during 2.3 and reintroduced in 3.9 or so. HAProxy used
to always set it opportunistically. So I wouldn't be that much
surprised that having it succeed again on 3.9+ actually resulted in
the change in behavior.
> > I'd suggest you run haproxy with noreuseport [1] temporarily, and
> > check if your kernel refuses to bind() to those IP's - it likely will.
> > This indicates an unsupported configuration (by your kernel, not by
> > haproxy).
>
> It indeed does fail. Hmmm, that's a shame as this was a really nice
> "feature" to have this fallback. I guess it's back to the drawing board
> unless you or anyone else have any other suggestions.
OK so that confirms it. Well, you didn't lose anything it's just that
before the moment noreuseport was introduced, you simply did not benefit
from it. Note that for two sockets to support binding with SO_REUSEPORT,
*both* need to have it. So in your case if you value having it for whatever
reason, you may want to keep it enabled for one of the bind lines and
remove it on the other ones.
Willy
