Re: HAproxy and instant messagers (Ym)
On Mon, Feb 14, 2011 at 05:54:08PM +0200, Florescu, Dan Alexandru wrote: > Hi Willy, > > Thank you for the explanations. In fact I had assumed that CD/cD was > something related to timing out and connection closing, > and so I increased contimeout from 5000 (5ms) to 5 (5s) (BTW, I think > that was a typo in my config). This has solved my problem. Just for the record, 5000 is 5000ms = 5s. 5 is 50s. In theory you should not have to increase the contimeout. The only reason you might want to do so is if you're queuing when connecting to the server, in which case you'd better increase the queue timeout. But the server should always immediately accept new incoming connections. > Although, looking at the timers from those three lines, nothing is below 5 > seconds (6, 50003, 57935). Maybe I missed the specific lines in the log. > Anyway, it works now. Keep an eye on that anyway, timeouts are something that can appear and disappear due to various environmental issues. Regards, Willy
RE: HAproxy and instant messagers (Ym)
Hi Willy, Thank you for the explanations. In fact I had assumed that CD/cD was something related to timing out and connection closing, and so I increased contimeout from 5000 (5ms) to 5 (5s) (BTW, I think that was a typo in my config). This has solved my problem. Although, looking at the timers from those three lines, nothing is below 5 seconds (6, 50003, 57935). Maybe I missed the specific lines in the log. Anyway, it works now. Cheers. -Original Message- From: Willy Tarreau Sent: Monday 14, February 02, 2011 12:41 Subject: Re: HAproxy and instant messagers (Ym) Hi, On Mon, Feb 14, 2011 at 10:35:15AM +0200, Florescu, Dan Alexandru wrote: > Anyone willing to help? It's possible that people are not much skilled in this application :-/ > Also, if I can get some help interpreting the following lines extracted from > haproxy.log: It's a good point you got the logs. Here are the explanations : > balance roundrobin/ proxy 0/0/1/26004/6 200 2054 - - CD-- > 470/470/456/456/0 0/0 "POST http://98.139.60.242/ HTTP/1.1" > balance roundrobin/ proxy 0/0/1/-1/50003 504 194 - - sH-- 490/490/489/489/0 > 0/0 "POST http://98.139.60.242/ HTTP/1.1" > balance roundrobin/ proxy 0/0/0/2/57935 407 47897 - - cD-- 531/531/528/528/0 > 0/0 "GET http://i1.ytimg.com/i/ HTTP/1.1" > specifically, what do those flags mean? e.g. CD, sH, cD CD means the Client closed the connection during the Data phase. I don't know how Ym works but it's possible that both sides exchange small chunks, and the client has actively stopped doing so (eg: click Stop, close the browser window, ...). sH means the server has failed to respond to a request within the configured timeout. In your case, the server did not say anything within 50 seconds. Since you're connecting through Squid, I suspect that in fact squid failed to establish a connection to the server (server may be overloaded) and that haproxy timed out first. You can increase your haproxy timeouts if you want, so that you get the Squid's error in the response. cD means the client timed out during the data phase. Most likely there were data to read in the buffer but the client did not care to read them, and haproxy timed out after 58 seconds. Since haproxy is between a browser and a squid, it needs to be configured to look for the Proxy-Connection header instead of the Connection header. I think it is what is causing these issues, because the client and squid can't agree on what scheme to use (close/keep-alive). You have to enable "option http-use-proxy-header" for that. Also, you'd better use "option http-server-close" than "httpclose", as it will maintain the connection alive on the client side. Regards, Willy The information contained herein is intended for its addressee(s) only and it is privileged or otherwise confidential. Any unauthorized distribution, amendment or disclosure hereof is strictly forbidden by the law. Please find complete and translated versions at http://www.rompetrol.com/disclaimer.html
Re: HAproxy and instant messagers (Ym)
Hi, On Mon, Feb 14, 2011 at 10:35:15AM +0200, Florescu, Dan Alexandru wrote: > Anyone willing to help? It's possible that people are not much skilled in this application :-/ > Also, if I can get some help interpreting the following lines extracted from > haproxy.log: It's a good point you got the logs. Here are the explanations : > balance roundrobin/ proxy 0/0/1/26004/6 200 2054 - - CD-- > 470/470/456/456/0 0/0 "POST http://98.139.60.242/ HTTP/1.1" > balance roundrobin/ proxy 0/0/1/-1/50003 504 194 - - sH-- 490/490/489/489/0 > 0/0 "POST http://98.139.60.242/ HTTP/1.1" > balance roundrobin/ proxy 0/0/0/2/57935 407 47897 - - cD-- 531/531/528/528/0 > 0/0 "GET http://i1.ytimg.com/i/ HTTP/1.1" > specifically, what do those flags mean? e.g. CD, sH, cD CD means the Client closed the connection during the Data phase. I don't know how Ym works but it's possible that both sides exchange small chunks, and the client has actively stopped doing so (eg: click Stop, close the browser window, ...). sH means the server has failed to respond to a request within the configured timeout. In your case, the server did not say anything within 50 seconds. Since you're connecting through Squid, I suspect that in fact squid failed to establish a connection to the server (server may be overloaded) and that haproxy timed out first. You can increase your haproxy timeouts if you want, so that you get the Squid's error in the response. cD means the client timed out during the data phase. Most likely there were data to read in the buffer but the client did not care to read them, and haproxy timed out after 58 seconds. Since haproxy is between a browser and a squid, it needs to be configured to look for the Proxy-Connection header instead of the Connection header. I think it is what is causing these issues, because the client and squid can't agree on what scheme to use (close/keep-alive). You have to enable "option http-use-proxy-header" for that. Also, you'd better use "option http-server-close" than "httpclose", as it will maintain the connection alive on the client side. Regards, Willy
RE: HAproxy and instant messagers (Ym)
Anyone willing to help? Also, if I can get some help interpreting the following lines extracted from haproxy.log: balance roundrobin/ proxy 0/0/1/26004/6 200 2054 - - CD-- 470/470/456/456/0 0/0 "POST http://98.139.60.242/ HTTP/1.1" balance roundrobin/ proxy 0/0/1/-1/50003 504 194 - - sH-- 490/490/489/489/0 0/0 "POST http://98.139.60.242/ HTTP/1.1" balance roundrobin/ proxy 0/0/0/2/57935 407 47897 - - cD-- 531/531/528/528/0 0/0 "GET http://i1.ytimg.com/i/ HTTP/1.1" specifically, what do those flags mean? e.g. CD, sH, cD Thank you. Sent: Friday 11, February 02, 2011 13:09 To: 'haproxy@formilux.org' Subject: HAproxy and instant messagers (Ym) Hello, I'm using Haproxy to balance HTTP requests to Squid servers for web access. Http requests seem to work fine but when I connect to Yahoo messenger, I am randomly kicked out and logged in again. If I connect directly through Squid, I do not encounter these disconnects, so I am assuming it has something to do with my Haproxy config. Maybe it timeouts the connection.. I can't figure it out. Here is my config: defaults log global modehttp option httplog option dontlognull option redispatch option abortonclose retries 3 maxconn 9000 contimeout 5000 clitimeout 5 srvtimeout 5 frontend front bind 0.0.0.0: mode http option forwardfor default_backend back backend roundrobin mode http option httpclose balance roundrobin server proxy 192.168.100.5:3128 check inter 2000 fall 3 server proxy_bkp 192.168.100.6:3128 check inter 2000 fall 3 backup I also tried using server proxy 192.168.100.5:3128 cookie 2 check. Any suggestions (adding / removing options from the config)? Scope: being used by several hundred people for http browsing, voip and IM. The information contained herein is intended for its addressee(s) only and it is privileged or otherwise confidential. Any unauthorized distribution, amendment or disclosure hereof is strictly forbidden by the law. Please find complete and translated versions at http://www.rompetrol.com/disclaimer.html