Re: Timeouts issues
On 16/07/2015 05:56 μμ, Łukasz Tasz wrote: > Hi Guys, > > I need some help with handling timeouts. > I'm using haproxy in tcp mode. > What is the issue? > client connects proxy, client is trying to sent something, it is > reaching client timeout on haproxy, > but connection on client side is still in ESTABLISHED state until it > will reach local connection timeout which is quite high. > This is definitely issue on client - server communitation, but for > time being, how to asure that when client timeout happen, connection > will be reseted? > Have you tried to adjust 'timeout client' ? HAProxy will initiate the closure of the connection with a FIN/ACK process, rather with TCP-RST, when client timeout has expired. Cheers, Pavlos signature.asc Description: OpenPGP digital signature
Re: can I get the uptime per server in csv stats
On 17/07/2015 06:02 πμ, Ruoshan Huang wrote: > hi, > I found that the html stats page has a column of status which comes with > the uptime of a server or backend, > but in the csv stats I couldn’t find the uptime accordingly. > Can I get the uptime of servers without parsing the html? Thanks. > > -- > Good day! > ruoshan > > I believe it is the lastchg field name, 23. lastchg [..BS]: number of seconds since the last UP<->DOWN transition sudo haproxytool server -m lastchg node1 --backend=b1 # backendname servername b1 node1 53856 Cheers, Pavlos signature.asc Description: OpenPGP digital signature
can I get the uptime per server in csv stats
hi, I found that the html stats page has a column of status which comes with the uptime of a server or backend, but in the csv stats I couldn’t find the uptime accordingly. Can I get the uptime of servers without parsing the html? Thanks. -- Good day! ruoshan
Re: Mailer does not work
It looks to me as if the dot is send in the wrong place. Attached patch would fix that. https://www.ietf.org/rfc/rfc2821.txt the character sequence "." ends the mail text. Could you guy's take a look? mlist schreef op 15-7-2015 om 14:23: At the end of each smtp session, we see a packet with Reset + Acknowledge nits set: tcp.flags = RST + ACK Roberto -Original Message- From: Baptiste [mailto:bed...@gmail.com] Sent: mercoledì 15 luglio 2015 12.01 To: mlist Cc: haproxy@formilux.org Subject: Re: Mailer does not work On Wed, Jul 15, 2015 at 9:48 AM, mlist wrote: We compiled from source haproxy-1.6-dev2.tar.gz. New Mailers mechanism does not seems to work, we configured as on manual: mailers apsmailer1 mailer smtp1 :10025 … … backend somebackend_https mode http balance roundrobin … email-alert mailers apsmailer1 email-alert from email-alert to email-alert level info … We see in haproxy.log server status change: Jul 15 09:42:00 localhost.localdomain haproxy[3342]: Server …/ is UP, reason: Layer4 check passed, check duration: 0ms. 2 active and 0 backup servers online. 0 sessions requeued, 0 total in queue. Jul 15 09:42:00 localhost.localdomain haproxy[3342]: Server …/ is UP, reason: Layer6 check passed, check duration: 1ms. 2 active and 0 backup servers online. 0 sessions requeued, 0 total in queue. But no mail alerts are sent, no error or warning logged about sending mail. haproxy -f /etc/haproxy/haproxy.cfg –c does not return any error. All seems to be right, but mail alerts are not sent. Roberto Hi Roberto, Could you please take a tcpdump on port 10025 and confirm HAProxy tries to get connected to the SMTP server? Baptiste From ba3e1593b313752e0a3ff54aae06b18ba17c1435 Mon Sep 17 00:00:00 2001 From: Pieter Baauw Date: Thu, 16 Jul 2015 22:38:19 +0200 Subject: [PATCH] mailer, DATA part must be terminated with CRLF.CRLF --- src/checks.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/checks.c b/src/checks.c index 2179d4f..e386bee 100644 --- a/src/checks.c +++ b/src/checks.c @@ -3243,8 +3243,8 @@ static int enqueue_one_email_alert(struct email_alertq *q, const char *msg) "Subject: [HAproxy Alert] ", msg, "\n", "\n", msg, "\n", - ".\r\n", "\r\n", + ".\r\n", NULL }; -- 1.9.5.msysgit.1
Re: Problems compiling HAProxy with Lua Support
❦ 13 juillet 2015 19:58 +0200, Vincent Bernat : > I suppose that either -ldl could be added to OPTIONS_LDFLAGS append, > like this is done for -lm. Or USE_DL section could be moved towards the > end. I think the first solution is better since libdl seems to be a > dependency of lua. > > Note that this is not an Ubuntu-specific but they enforce --as-needed by > default directly in the linker. Here is a proposition. An alternative would be to move the ifneq ($(USE_DL),) section at the end of the Makefile. >From 698116edb22ce8b56db3669314d50faf88daf77e Mon Sep 17 00:00:00 2001 From: Vincent Bernat Date: Thu, 16 Jul 2015 20:52:51 +0200 Subject: [PATCH] BUILD: link with libdl if needed for Lua support On platforms where the dl*() functions are not part of the libc, a program linking Lua also needs to link to libdl. Moreover, on platforms using a gold linker with the --as-needed flag, the libdl library needs to be linked after linking Lua, otherwise, it won't be marked as needed and will be discarded and its symbols won't be present at the end of the linking phase. Ubuntu enables the --as-needed flag by default. Other distributions may advertise its use, like Gentoo. --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 6ab7d5469d90..a1383a38c539 100644 --- a/Makefile +++ b/Makefile @@ -606,6 +606,9 @@ endif endif OPTIONS_LDFLAGS += $(LUA_LD_FLAGS) -l$(LUA_LIB_NAME) -lm +ifneq ($(USE_DL),) +OPTIONS_LDFLAGS += -ldl +endif OPTIONS_OBJS+= src/hlua.o endif -- 2.1.4 -- Keep it right when you make it faster. - The Elements of Programming Style (Kernighan & Plauger)
Call Request
Hi, We maintain the newly updated Online marketing list with complete contact information. We wanted to check if you would be interested in it Online marketing are one of your major targets, this is purely a limited period proposition. Please let me know and I shall get back to you with counts, list details and a sample file for your review. Note: We also maintain other industry lists, if you are not interested in the Online marketing list, send us your target requirements details ,so that we can send you the counts and few samples at no cost. Target industry: Target geography:___ Target job titles: Await your response. Best Regards, Virginia Baker| Business Developer virginia.ba...@b2bcontactinfo.com l Ph : (302)752-4265) If you do not wish to receive any further emails from us, please reply "Unsubscribe" in the subject line.
Re: How to disable backend servers without health check
Thanks Pavlos, this looks very promising, I will take a look on how we can use this. Regards, - Krishna Kumar On Thu, Jul 16, 2015 at 8:36 PM, Pavlos Parissis wrote: > > > On 16/07/2015 04:02 μμ, Krishna Kumar (Engineering) wrote: > > Hi John, > > > > Your suggestion works very well, and exactly what I was looking for. > > Thank you very much. > > > > > You could also try https://github.com/unixsurfer/haproxytool > > Cheers, > Pavlos > > -- -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although Flipkart has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments
Timeouts issues
Hi Guys, I need some help with handling timeouts. I'm using haproxy in tcp mode. What is the issue? client connects proxy, client is trying to sent something, it is reaching client timeout on haproxy, but connection on client side is still in ESTABLISHED state until it will reach local connection timeout which is quite high. This is definitely issue on client - server communitation, but for time being, how to asure that when client timeout happen, connection will be reseted? I'm using version 1.5 thanks in advance Łukasz Tasz
Re: IP binding and standby health-checks
oh, i think this comment thread explains it: http://comments.gmane.org/gmane.comp.web.haproxy/20366. I'll see about assigning CAP_NET_ADMIN On Wed, Jul 15, 2015 at 4:56 PM Nathan Williams wrote: > Hi Baptiste, > > Sorry for the delayed response, had some urgent things come up that > required more immediate attention... thanks again for your continued > support. > > > > Why not using proxy-protocol between HAProxy and nginx? > > Sounds interesting; I'd definitely heard of it before, but hadn't looked > into it since what we've been doing has been working. My initial impression > is that it's a pretty big change from what we're currently doing (looks > like it would at least require a brief maintenance to roll out since it > requires coordinated change between client and load-balancer), but I'm not > fundamentally opposed if there's significant advantages. I'll definitely > take a look to see if it satisfies our requirements. > > > > I disagree, it would be only 2: the 'real' IP addresses of the > load-balancers only. > > OK, fair point. Maybe it's just being paranoid to think that unless we're > explicitly setting the source, we should account for *all* possible > sources. The VIP wouldn't be the default route, so we could probably get > away with ignoring it. Come to think of it... maybe having keepalived > change the default route on the primary and skipping hardcoding the source > in haproxy would address what we're aiming for? seems worth further > investigation, as I'm not sure whether it supports this out of the box. > > > > there is no 0.0.0.0 magic values neither subnet values accepted in nginx > XFF module? > > I wouldn't use 0.0.0.0 whether there is or not, as i wouldn't want it to > be that open. It might be a different case for a subnet value, if we were > able to put the load-balancer cluster in a separate subnet, but our current > situation (managed private openstack deployment) doesn't give us quite that > much network control. maybe someday soon with VXLAN or another overlay (of > course, that comes with performance penalties, so maybe not). > > > > Then instead of using a VIP, you can book 2 IPs in your subnet that > could be used, whatever the LB is using. > > Pre-allocating network IPs from the subnet that aren't permitted to be > assigned to anything other than whatever instance is currently filling the > load-balancer role would certainly work (I like this idea!); that's > actually pretty similar to what we're doing for the internal VIP currently > (the external VIP is just an openstack floating IP, aka a DNAT in the > underlying infrastructure), and then adding it as an allowed address for > the instance-associated network "port" instance in Neutron's > allowed-address-pairs... It'd be an extra step when creating an LB node, > but a pretty reasonable one I think, and we're already treating them > differently from "generic" instances anyways... definitely food for thought. > > > HAProxy rocks ! > > +1 * 100. :) > > > > Can you start it up with strace ?? > > Yep! https://gist.github.com/nathwill/ea52324867072183b695 > > So far, I still like the "source 0.0.0.0 usesrc 10.240.36.13" solution the > best, as it seems the most direct and easily understood. Fingers crossed > the permissions issue is easily overcome. > > Cheers, > > Nathan W > > On Tue, Jul 14, 2015 at 2:58 PM Baptiste wrote: > >> > As for details, it's advantageous for us for a couple of reasons... the >> > realip module in nginx requires that you list "trusted" hosts which are >> > permitted to set the X-Forwarded-For header before it will set the >> "source" >> > address in the logs to the x-forwarded-for address. as a result, using >> > anything other than the VIP means: >> >> Why not using proxy-protocol between HAProxy and nginx? >> http://blog.haproxy.com/haproxy/proxy-protocol/ >> >> So you can get rid of X-FF header limitation in nginx. (don't know if >> proxy-protocol implementation in nginx suffers from the same >> limitations). >> >> > - not using the vip means we have to trust 3 addresses instead of 1 to >> set >> > x-forwarded-for >> >> I disagree, it would be only 2: the 'real' IP addresses of the >> load-balancers only. >> >> > - we have to update the list of allowed hosts on all of our backends any >> > time we replace a load-balancer node. We're using config management, so >> it's >> > automated, but that's still more changes than should ideally be >> necessary to >> > replace a no-data node that we ideally can trash and replace at will. >> >> there is no 0.0.0.0 magic values neither subnet values accepted in >> nginx XFF module? >> If not, it deserves a patch ! >> >> > - there's a lag between the time of a change(e.g. node replacement) >> and the >> > next converge cycle of the config mgmt on the backends, so for some >> period >> > the backend config will be out of sync, incorrectly trusting IP(s) that >> may >> > now be associated with another host, or wrongly refusing to set the >> "source" >> > ip
Re: How to disable backend servers without health check
On 16/07/2015 04:02 μμ, Krishna Kumar (Engineering) wrote: > Hi John, > > Your suggestion works very well, and exactly what I was looking for. > Thank you very much. > You could also try https://github.com/unixsurfer/haproxytool Cheers, Pavlos signature.asc Description: OpenPGP digital signature
Full HD1080P SJ7000 NTK96655+AR0330 2.0inch LCD usd47.5/set
ActionCameraPromotionalon=July SJ7000WifiPrice:us=d47.5/set App=lyforwonderfultimeforvehicledaterecording,photo-shootin=g,outdoorsport,homesecurity.Fun=ction:Motiondetection,Automaticnightvisionenhancement,Ant=i-shake,FPV,Slowmotion. Descripti=on:SOC: &nb=sp; &=nbsp; NTK96655Sensor=5306; =; AR0330WI-FI: &=nbsp; =; Built Lens: &=nbsp; =; 170° wide-angle/ =6G+IR/ F/NO=3D2.8 lens Focus: &nb=sp; &=nbsp; 12cm~InfiniteDisplay:= &nbs=p; 2.0inchlcdPhoto: = &nbs=p; 2M /5M/8M/12M Shooti=ng Mode: Single Shot&nbs=p;/ Continuous Shooting/ = &nbs=p; &n=bsp; Self-timer (2s / 5s&=nbsp;/ 10s /20s/30s/60s)Videoresolution:1920*=108030fps@MOV(H.264) = &nbs=p; &n=bsp; =1080*720 60fps@MOV(H.264)Audio: &=nbsp; =; WAVFormat(Bitrate:176kbps)Input/output: USB2.0&=;MiniHDMI(TypeD)Storage:&nbs=p; M=icroSDHCClass4+upto32GBShutter: &nb=sp; &=nbsp;ElectronicBattery: &nb=sp; =Built-in900mAhlithiumbatteryPowerlife: &nb=sp; Max&nb=sp;90mins Contactwithusfor theSportactioncamer=aorGoproaccessories pricelistifyouinterestedin.ThanksandBestRegard!Cathy=Skype=:Syytech=SenyuleLimitedAddress:Building86,XinshaRoad,Shajing,Shenzh=en,China.Email.:=sportactioncamera@gmail=.comWhatsApp:18138261218Tel.:86&nbs=p;18138261218Skype:SyytechPhotore=ference: facebook.com/actioncamerasy
Re: How to disable backend servers without health check
Hi John, Your suggestion works very well, and exactly what I was looking for. Thank you very much. Regards, - Krishna Kumar On Thu, Jul 16, 2015 at 5:48 PM, John Skarbek wrote: > Krishna, > > I've recently had to deal with this as well. Our solution involves a > couple of aspects. Firstly, one must configure an admin socket per > process. In our case we run with 20 processes, so we've got a > configuration that looks similar to this in our global section: > > stats socket /var/run/haproxy_admin1.sock mode 600 level admin process 1 > stats socket /var/run/haproxy_admin2.sock mode 600 level admin process 2 > stats socket /var/run/haproxy_admin3.sock mode 600 level admin process 3 > stats socket /var/run/haproxy_admin4.sock mode 600 level admin process 4 > > Counting all the way up to 20... > > After that we can do a simple one liner that disables a single server; > using bash: > > for i in {1..20}; do echo 'disable server the_backend/the_server' | socat > /var/run/haproxy_admin$i.sock stdio; done > > This loops through each admin socket and disables 'the_server' from > 'the_backend'. > > I hope this gets you started in looking for a solution. > > I like your route of accomplishing this though. With our 20 proc > configuration we've decided to deal with the pain of 20 health checks which > has caused us some issues, but nothing being a show stopper. > > On Thu, Jul 16, 2015 at 5:53 AM, Krishna Kumar (Engineering) < > krishna...@flipkart.com> wrote: > >> Hi all, >> >> We have a large set of machines running haproxy (1.5.12), and each of >> them have hundreds of backends, many of which are the same across >> systems. nbproc is set to 12 at present for our 48 core systems. We are >> planning a centralized health check, and disable the same in haproxy, to >> avoid each process on each server doing health check for the same >> backend servers. >> >> Is there any way to disable a single backend from the command line, such >> that each haproxy instance finds that this backend is disabled? Using >> socat with the socket only makes the handling process set it's status of >> the >> backend as MAINT, but others don't get this information. >> >> Appreciate if someone can show if this can be done. >> >> Regards, >> - Krishna Kumar >> >> >> >> -- >> >> This email and any files transmitted with it are confidential and >> intended solely for the use of the individual or entity to whom they are >> addressed. If you have received this email in error please notify the >> system manager. This message contains confidential information and is >> intended only for the individual named. If you are not the named addressee >> you should not disseminate, distribute or copy this e-mail. Please notify >> the sender immediately by e-mail if you have received this e-mail by >> mistake and delete this e-mail from your system. If you are not the >> intended recipient you are notified that disclosing, copying, distributing >> or taking any action in reliance on the contents of this information is >> strictly prohibited. Although Flipkart has taken reasonable precautions to >> ensure no viruses are present in this email, the company cannot accept >> responsibility for any loss or damage arising from the use of this email or >> attachments >> > > > > -- > > [image: rally-logo-68x68.jpg] > > John T Skarbek | jskar...@rallydev.com > > Infrastructure Engineer, Engineering > > 1101 Haynes Street, Suite 105, Raleigh, NC 27604 > > 720.921.8126 Office > -- -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although Flipkart has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments
Re: How to disable backend servers without health check
Krishna, I've recently had to deal with this as well. Our solution involves a couple of aspects. Firstly, one must configure an admin socket per process. In our case we run with 20 processes, so we've got a configuration that looks similar to this in our global section: stats socket /var/run/haproxy_admin1.sock mode 600 level admin process 1 stats socket /var/run/haproxy_admin2.sock mode 600 level admin process 2 stats socket /var/run/haproxy_admin3.sock mode 600 level admin process 3 stats socket /var/run/haproxy_admin4.sock mode 600 level admin process 4 Counting all the way up to 20... After that we can do a simple one liner that disables a single server; using bash: for i in {1..20}; do echo 'disable server the_backend/the_server' | socat /var/run/haproxy_admin$i.sock stdio; done This loops through each admin socket and disables 'the_server' from 'the_backend'. I hope this gets you started in looking for a solution. I like your route of accomplishing this though. With our 20 proc configuration we've decided to deal with the pain of 20 health checks which has caused us some issues, but nothing being a show stopper. On Thu, Jul 16, 2015 at 5:53 AM, Krishna Kumar (Engineering) < krishna...@flipkart.com> wrote: > Hi all, > > We have a large set of machines running haproxy (1.5.12), and each of > them have hundreds of backends, many of which are the same across > systems. nbproc is set to 12 at present for our 48 core systems. We are > planning a centralized health check, and disable the same in haproxy, to > avoid each process on each server doing health check for the same > backend servers. > > Is there any way to disable a single backend from the command line, such > that each haproxy instance finds that this backend is disabled? Using > socat with the socket only makes the handling process set it's status of > the > backend as MAINT, but others don't get this information. > > Appreciate if someone can show if this can be done. > > Regards, > - Krishna Kumar > > > > -- > > This email and any files transmitted with it are confidential and intended > solely for the use of the individual or entity to whom they are addressed. > If you have received this email in error please notify the system manager. > This message contains confidential information and is intended only for the > individual named. If you are not the named addressee you should not > disseminate, distribute or copy this e-mail. Please notify the sender > immediately by e-mail if you have received this e-mail by mistake and > delete this e-mail from your system. If you are not the intended recipient > you are notified that disclosing, copying, distributing or taking any > action in reliance on the contents of this information is strictly > prohibited. Although Flipkart has taken reasonable precautions to ensure no > viruses are present in this email, the company cannot accept responsibility > for any loss or damage arising from the use of this email or attachments > -- [image: rally-logo-68x68.jpg] John T Skarbek | jskar...@rallydev.com Infrastructure Engineer, Engineering 1101 Haynes Street, Suite 105, Raleigh, NC 27604 720.921.8126 Office
How to disable backend servers without health check
Hi all, We have a large set of machines running haproxy (1.5.12), and each of them have hundreds of backends, many of which are the same across systems. nbproc is set to 12 at present for our 48 core systems. We are planning a centralized health check, and disable the same in haproxy, to avoid each process on each server doing health check for the same backend servers. Is there any way to disable a single backend from the command line, such that each haproxy instance finds that this backend is disabled? Using socat with the socket only makes the handling process set it's status of the backend as MAINT, but others don't get this information. Appreciate if someone can show if this can be done. Regards, - Krishna Kumar -- -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although Flipkart has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments
Best Discount !!! iPhone LCD Assembly (4/4S/5/5C/5S/6/6 PLUS)
Hey there, Today we got some new stocks for iPhone LCD, and the Price is Very Competitive! Recently the Price of 5/5c/5s LCD raised a lot because of very few stocks in the market, if you want to buy some stocks at good pricing, please contact us ASAP, as our stock is also Limited, and the Price will probably Raise again Very Soon! Any other request please don't hesitate to let us know, thank you very much! Best regards,Tony --- CnBest Tech CO.,Limited Shenzhen Office: Room C, 16/F, Block A, First World Plaza, Futian District, Shenzhen, China HeadQuarter: UNIT B RM06, 29/F, Legend Tower, 7 Shing Yip St, Kwun Tong, Kowloon, Hong Kong Email / Skype:sale...@cnbest-tech.net WhatsApp: 0086 183 2099 5238 Tel: 86 (755) 8887 9870 Fax: 86 (755) 2271 1992 Website: www.cnbest-tech.net On 2015.6.11, Tony(CnBest) wrote: Hi, Today we have a Special Offer for Original Apple MD827 Earpod. Pls contact us, as the Best Price & Stock Photo will be sent to you ASAP. Many thnx! If you need any other Original Accessories, also welcome to send us your request. What we can supply for you: Battery, Charger, Cable, Handsfree and etc. Brands we are dealing: Apple, Samsung, LG, BlackBerry, HTC, Nokia, Sony, and etc. Best regards,Tony --- CnBest Tech CO.,Limited Shenzhen Office: Room C, 16/F, Block A, First World Plaza, Futian District, Shenzhen, China HeadQuarter: UNIT B RM06, 29/F, Legend Tower, 7 Shing Yip St, Kwun Tong, Kowloon, Hong Kong Email / Skype:sale...@cnbest-tech.net WhatsApp: 0086 183 2099 5238 Tel: 86 (755) 8887 9870 Fax: 86 (755) 2271 1992 Website: www.cnbest-tech.net
Re: Strange system behaviour of during haproxy run
On Tue, Jul 7, 2015 at 2:31 PM, Willy Tarreau wrote: Hi Willy, Thank you once again for the quick response, and apologize for my tardiness. Unless I'm wrong, for me ixgbe does its own RSS and uses the Rx queues. Each > Rx queue is bound to an IRQ, and each IRQ may be delivered to a set of > CPUs. > I'd say that I've never seen even a iota of CPU usage on the wrong CPU when > using ixgbe, so I'm quite sure that some of your IRQs are not properly > bound, > which could be verified by simply running "grep eth" in /proc/interrupts, > though I can easily undertand that it's not easy to read with 48 columns The irq counts increase for all cores though haproxy runs only on even cores. And smp_affinity is set correctly, going from 1, 2, 4, 8, 10, 20, 40, 80, 100 (all in hex), etc. I have not seen this issue under lower load, but when cpu's are at 100%, I am getting this behavior. I will try to recreate with low and high load and validate this statement. No it's not that small because a flow is something ephemeral. Even when > you run with hundreds of thousands of concurrent connections, the time > between an outgoing ACK and the next data packet is short enough for the > flow to be matched, especially on a local network when it's a matter of > hundreds of microseconds at worst. > Yes, that seems reasonable. But if the 8K flows are exhausted during a single tx iteration, I assume RX for some flows will not find the flow cached for RSS. Just out of curiosity, why not configure the lab to reproduce the same > setup as the prod, ie 12 processes as well ? > Yes, I will try this in a little while, as we are busy with production setup at present. > At the very least, check the interrupts per CPU. There I'm sure you'll > find that you missed some of them and that they're still delivered to > the wrong socket. Also keep in mind that a down-up cycle on an interface > unbinds the IRQs, so you have to rebind them by hand. This is something > which easily happens by mistake during troubleshooting sessions. > Since we are doing this for hundreds of systems, the IRQ's are being set at boot time through a rc2 script. Thanks once again for your inputs. Regards, - Krishna Kumar -- -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Although Flipkart has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments