Re: Debugging PH state

2023-03-03 Thread Christopher Faulet

Le 3/3/23 à 15:40, Christian Ruppert a écrit :

So I can reproduce it. I captured the response, extracted the data which
includes to entire header + payload. I put that into a file like foo.bin
and I start a "nc" that just serves that one response on every request.
It works fine, no 500, no PH. Even with the same request so I really
don't get it.

I really wonder if that's a HAProxy bug.



Hi Christian,

It is indeed possible. Could you share your configuration ? Is there any special 
in the response ?


--
Christopher Faulet




Re: tcp mode: client port selection

2023-03-03 Thread Amaury Denoyelle
On Fri, Mar 03, 2023 at 09:35:45AM +0100, Jack Bauer wrote:
> Am Do., 2. März 2023 um 17:52 Uhr schrieb Amaury Denoyelle <
> adenoye...@haproxy.com>:
> >
> > It seems you do not use 'option redispatch' in your configuration so a
> > retry will never be conducted on another server. Therefore, your problem
> > is probably not related to haproxy retries.
> >
> From the documentation (
> http://docs.haproxy.org/2.7/configuration.html#4-option%20redispatch) one
> could or should conclude, that option redispatch is only working in HTTP
> mode.

I confirm that it works also for proxy on TCP mode and that the
documentation is confusing.

> Even if it is also working in TCP mode and we are not using it in the
> configuration, haproxy makes connections with the same client ip port to
> another target server.
> Can anyone say sth. about client port allocation in haproxy? Is it done
> manually in some cases? Or is that a task that is completely done by the OS?

To my knowledge, haproxy does not explicitely select the port when
connecting to a backend server unless a specific "source" statement is
used, so this should be the responsibility of the OS. Have you checked
that your ephemeral port range is big enough ?

$ sysctl net.ipv4.ip_local_port_range net.ipv4.ip_local_reserved_ports

-- 
Amaury Denoyelle



Re: Debugging PH state

2023-03-03 Thread Christian Ruppert
So I can reproduce it. I captured the response, extracted the data which 
includes to entire header + payload. I put that into a file like foo.bin 
and I start a "nc" that just serves that one response on every request. 
It works fine, no 500, no PH. Even with the same request so I really 
don't get it.


I really wonder if that's a HAProxy bug.

--
Regards,
Christian Ruppert



Re: tcp mode: client port selection

2023-03-03 Thread Jack Bauer
Am Do., 2. März 2023 um 17:52 Uhr schrieb Amaury Denoyelle <
adenoye...@haproxy.com>:

>
> It seems you do not use 'option redispatch' in your configuration so a
> retry will never be conducted on another server. Therefore, your problem
> is probably not related to haproxy retries.
>

>From the documentation (
http://docs.haproxy.org/2.7/configuration.html#4-option%20redispatch) one
could or should conclude, that option redispatch is only working in HTTP
mode.

Even if it is also working in TCP mode and we are not using it in the
configuration, haproxy makes connections with the same client ip port to
another target server.
Can anyone say sth. about client port allocation in haproxy? Is it done
manually in some cases? Or is that a task that is completely done by the OS?

-Jack