Re: HAProxy returning 502 with SH--

On Wed, 9 Oct 2024 at 20:48, BJ Taylor wrote: > > So, we tried all of these options and then some, but we are still having > issues. I was hopeful when I thought about using retries, thinking the issue > is rare enough that if it just retries when it does happen that we could move > past this.

Re: HAProxy returning 502 with SH--

So, we tried all of these options and then some, but we are still having issues. I was hopeful when I thought about using retries, thinking the issue is rare enough that if it just retries when it does happen that we could move past this. Unfortunately, it doesn't seem to honor the retries when it

Re: HAproxy load balancing query

Hi Shehan, On Fri, Oct 04, 2024 at 06:41:23AM +, Shehan Jayawardane wrote: > Hi Josh, > > Nice. Thank you for the information. > And we are going to deploy this for one of our critical production > environment. Where there will be around 7000 TPS. And we hope to have virtual > machine as the

Re: HAproxy load balancing query

anced. > > Best Regards, > Shehan Jayawardane > *Head of Engineering* > *sheh...@nvision.lk * > www.thryvz.com > > > -- > *From:* Joshua Turnbull > *Sent:* 03 October 2024 13:54 > *To:* Shehan Jayawardane > *Cc:* haproxy@formilux.org ;

Re: HAproxy load balancing query

ttp://www.thryvz.com/> [cid:8fbf6625-437c-4f4b-869b-5680d4d23776] From: Joshua Turnbull Sent: 03 October 2024 13:54 To: Shehan Jayawardane Cc: haproxy@formilux.org ; Dev Ops Subject: Re: HAproxy load balancing query Hi Shehan, If you're referring

Re: HAproxy load balancing query

Hi Shehan, If you're referring to Session Persistence, then absolutely. *Session persistence means that the load balancer routes a client to the same backend server once they have been routed to that server once. It avoids the overhead of re-establishing a client’s state on a new server with each

Re: HAproxy load balancing query

Hi. On 2024-10-03 (Do.) 08:08, Shehan Jayawardane wrote: Hi Team, We are considering to deploy HAproxy as our load balancer to our AAA solution. Is there any option to save connection session, where we can use the same path for the session period? What exactly do you mean with "save connect

Re: haproxy-3.x.x - Ubuntu Focal

Thank you for your help Vincent. Regards, On Tue, 24 Sept 2024 at 07:04, Vincent Bernat wrote: > On 2024-09-23 12:34, Alexis Vachette wrote: > > > It seems that version 3.0.5-1 build is broken because of systemd-dev > > package missing. > > > > Inspecting the log file I do see mention of severa

Re: haproxy-3.x.x - Ubuntu Focal

On 2024-09-23 12:34, Alexis Vachette wrote: It seems that version 3.0.5-1 build is broken because of systemd-dev package missing. Inspecting the log file I do see mention of several others packages: The following packages have unmet dependencies: sbuild-build-depends- main-dummy : Depends:

Re: haproxy-3.x.x - Ubuntu Focal

On Mon, Sep 23, 2024 at 01:33:27PM +0200, William Lallemand wrote: > On Mon, Sep 23, 2024 at 12:34:54PM +0200, Alexis Vachette wrote: > > Hi Vincent, > > > > Thank you. > > > > It seems that version 3.0.5-1 build is broken because of systemd-dev > > package missing. > > > > Inspecting the log fi

Re: haproxy-3.x.x - Ubuntu Focal

Hello, On Mon, Sep 23, 2024 at 12:34:54PM +0200, Alexis Vachette wrote: > Hi Vincent, > > Thank you. > > It seems that version 3.0.5-1 build is broken because of systemd-dev > package missing. > > Inspecting the log file I do see mention of several others packages: > > The following packages h

Re: haproxy-3.x.x - Ubuntu Focal

Hi Vincent, Thank you. It seems that version 3.0.5-1 build is broken because of systemd-dev package missing. Inspecting the log file I do see mention of several others packages: The following packages have unmet dependencies: sbuild-build-depends-main-dummy : Depends: liblua5.4-dev but it is no

Re: haproxy-3.x.x - Ubuntu Focal

On 2024-09-11 08:40, Alexis Vachette wrote: Just wanted to know if you had a plan to release package for Ubuntu 20.04 Focal. Mostly because of OpenSSL 3.0 regression performance. The question is more for Vincent Bernat. I've just pushed a build for Ubuntu Focal.

Re: haproxy-3.x.x - Ubuntu Focal

On Wed, Sep 11, 2024 at 10:14:13AM +0200, ??? wrote: > ??, 11 . 2024 ?. ? 08:44, Alexis Vachette : > > > Hi, > > > > Just wanted to know if you had a plan to release package for Ubuntu 20.04 > > Focal. > > > > Mostly because of OpenSSL 3.0 regression performance. > > > > The question

Re: haproxy-3.x.x - Ubuntu Focal

ср, 11 сент. 2024 г. в 08:44, Alexis Vachette : > Hi, > > Just wanted to know if you had a plan to release package for Ubuntu 20.04 > Focal. > > Mostly because of OpenSSL 3.0 regression performance. > > The question is more for Vincent Bernat. > I wonder what are your expectation of SSL lib for t

Re: HAProxy returning 502 with SH--

Ok, will do. Thanks. BJ On Tue, Aug 27, 2024 at 10:42 AM Lukas Tribus wrote: > Also, before doing anything else, try using: > > tune.disable-zero-copy-forwarding or tune.h1.zero-copy-fwd-recv off > > as there is currently an open bug that doesn't fully match your case > but is still close enou

Re: HAProxy returning 502 with SH--

Also, before doing anything else, try using: tune.disable-zero-copy-forwarding or tune.h1.zero-copy-fwd-recv off as there is currently an open bug that doesn't fully match your case but is still close enough that it may be worth a try: https://github.com/haproxy/haproxy/issues/2665 Lukas

Re: HAProxy returning 502 with SH--

Hello, On Tue, 27 Aug 2024 at 18:09, BJ Taylor wrote: > > Here are the 502 logs from the last run after the config changes. > > 2024-08-26T09:29:02.547581-06:00 testserver haproxy[284569]: <134>Aug 26 > 09:29:02 haproxy[284569]: 192.168.69.101:45382 [26/Aug/2024:09:29:02.545] > www~ front3/pdaf

Re: HAProxy returning 502 with SH--

Here are the 502 logs from the last run after the config changes. 2024-08-26T09:29:02.547581-06:00 testserver haproxy[284569]: <134>Aug 26 09:29:02 haproxy[284569]: 192.168.69.101:45382 [26/Aug/2024:09:29:02.545] www~ front3/pdafront32 0/0/0/-1/1 502 208 - - SH-- 5/5/3/3/0 0/0 { front3.domain.com|

Re: HAProxy returning 502 with SH--

I will make the suggested changes and try again. Here are the failure logs for the last run. Queues are 0, current connections are not all that high. Aug 22 01:12:12 haproxy[87118]: > {"host":"testserver","ident":"haproxy","pid":87118,"timestamp":"22/Aug/2024:01:12:12 > -0600","haproxy":{"connecti

Re: HAProxy returning 502 with SH--

On Fri, 23 Aug 2024 at 18:55, BJ Taylor wrote: > > We are trying to deploy HAProxy into our environment. We have a script that > does some 600k api calls during approximately 24 hours. How many concurrent connections / transactions though? > During that time, when haproxy is in place, there ar

Re: HAProxy 3.0 for Debian Bullseye?

Hi On 6/16/24 14:39, Vincent Bernat wrote: Yes, that's possible. I didn't want to do that unless there is at least one user. I'll do it later today. Thank you, greatly appreciated. Best regards Tim Düsterhus

Re: HAProxy 3.0 for Debian Bullseye?

On 2024-06-16 14:37, Tim Düsterhus wrote: Hi Vincent, On 5/29/24 17:07, Willy Tarreau wrote: HAProxy 3.0.0 was released on 2024/05/29. It added 21 new commits after version 3.0-dev13. I do appreciate that everything was only cosmetic. I'm seeing that HAProxy 3.0 is already available on haprox

Re: haproxy backend server template service discovery questions

I couldn't find this behavior described in the documentation, indeed. I am not sure to what extent documentation should cover this. For us it is important to understand how it works, so we can build more predictable/reliable setup of the load-balancing layer. Also, if the behavior has changed

Re: haproxy backend server template service discovery questions

am I right that you consider that as a documentation bug ? пн, 8 апр. 2024 г. в 10:44, Andrii Ustymenko : > Yes, for the 1) question indeed. > Basically I have tested with local "out of sync" custom nameserver. And I > was observing some inconsistent results of the backend-servers table. That > l

Re: haproxy backend server template service discovery questions

Yes, for the 1) question indeed. Basically I have tested with local "out of sync" custom nameserver. And I was observing some inconsistent results of the backend-servers table. That led to this question. Most of the time I was seeing the state of only from the local nameserver. However someti

Re: haproxy backend server template service discovery questions

and particularly your question is "does HAProxy merge all responses or pick the first one or use some other approach" ? пн, 8 апр. 2024 г. в 10:23, Andrii Ustymenko : > I guess indeed it is not a case of consul-template specifically, but more > of rendered templates and how haproxy maintains it.

Re: haproxy backend server template service discovery questions

I guess indeed it is not a case of consul-template specifically, but more of rendered templates and how haproxy maintains it. On 06/04/2024 20:15, Илья Шипицин wrote: Consul template is something done by consul itself, after that haproxy.conf is rendered Do you mean "how haproxy deals with re

Re: haproxy backend server template service discovery questions

On Sat, 6 Apr 2024 at 20:17, Илья Шипицин wrote: > > Consul template is something done by consul itself, after that haproxy.conf > is rendered > > Do you mean "how haproxy deals with rendered template"? > He doesn't use that method of discovery, he uses DNS resolvers so haproxy gets the SRV reco

Re: haproxy backend server template service discovery questions

On Fri, 5 Apr 2024 at 15:00, Andrii Ustymenko wrote: > > Dear list! > > My name is Andrii. I work for Adyen. We are using haproxy as our main > software loadbalancer at quite large scale. > Af of now our main use-case for backends routing based on > server-template and dynamic dns from consul as s

Re: haproxy backend server template service discovery questions

Consul template is something done by consul itself, after that haproxy.conf is rendered Do you mean "how haproxy deals with rendered template"? On Fri, Apr 5, 2024, 15:02 Andrii Ustymenko wrote: > Dear list! > > My name is Andrii. I work for Adyen. We are using haproxy as our main > software lo

Re: Haproxy accross LDAPS

ind regards, Willy *De :* Aleksandar Lazic *Envoyé :* jeudi 15 février 2024 15:20 *À :* TINK-LONG-KI Willy *Cc :* haproxy@formilux.org *Objet :* Re: Haproxy accross LDAPS Hi Willy. On 2024-02-15 (Do.) 09:07, TINK-LONG-KI Willy wrote: Hello All, I trying  to confi

Re: Haproxy accross LDAPS

Hi Willy. On 2024-02-15 (Do.) 09:07, TINK-LONG-KI Willy wrote: Hello All, I trying  to configure a backend on a HAPROXY (release 2.4.25) with LDAPS in order to authenticate user by the LDAPS. Any chance to use the latest 2.8 or 2.9? Below informations about my configuration : -Port use on

Re: HAProxy Technologies NERC CIP 13 Vendor Questionnaire

On Tue, Jan 23, 2024 at 12:11:56PM +0100, ??? wrote: > how can HAProxy be related, for example, to "NERC requires CORE to revoke > access within 24 hours when remote or onsite > access is no longer needed by your personnel to CORE systems or > facilities." ? Ilya, please avoid responding

Re: HAProxy Technologies NERC CIP 13 Vendor Questionnaire

how can HAProxy be related, for example, to "NERC requires CORE to revoke access within 24 hours when remote or onsite access is no longer needed by your personnel to CORE systems or facilities." ? вт, 23 янв. 2024 г. в 00:58, Robert Dillabough : > Hi Support, > > For NERC compliance, CORE need

Re: Haproxy 2.9 and malformed requests

Le 05/01/2024 à 18:17, Christopher Faulet a écrit : Le 05/01/2024 à 14:45, Marcello Lorenzi a écrit : yes we did it and we didn't notice the issue. So I suggest you stay on the 2.9.1 without zero-copy forwarding for now. A new release will be emitted soon, fixing the CPU issue. Could you t

Re: Haproxy 2.9 and malformed requests

Le 05/01/2024 à 14:45, Marcello Lorenzi a écrit : yes we did it and we didn't notice the issue. So I suggest you stay on the 2.9.1 without zero-copy forwarding for now. A new release will be emitted soon, fixing the CPU issue. Il giorno ven 5 gen 2024 alle ore 14:35 Christopher Faulet

Re: Haproxy 2.9 and malformed requests

Le 05/01/2024 à 11:47, Marcello Lorenzi a écrit : * haproxy 2.9.0 : truncated response and CPU ok * haproxy 2.9.0 (with disabled zero-copy forwarding)  : response ok and CPU ok * haproxy 2.9.1 : response ok and CPU issue Just to be sure, have you tested 2.9.1 without the zero-copy forwarding ?

Re: Haproxy 2.9 and malformed requests

* haproxy 2.9.0 : truncated response and CPU ok * haproxy 2.9.0 (with disabled zero-copy forwarding) : response ok and CPU ok * haproxy 2.9.1 : response ok and CPU issue Marcello Il giorno ven 5 gen 2024 alle ore 09:09 Christopher Faulet < cfau...@haproxy.com> ha scritto: > Le 05/01/2024 à 08:1

Re: Haproxy 2.9 and malformed requests

Le 05/01/2024 à 08:18, Marcello Lorenzi a écrit : Hi Christopher, thanks for the response. The first issue is related to the zero-copy forwarding configuration and we noticed the issue https://github.com/haproxy/haproxy/issues/2387  and we applie

Re: Haproxy 2.9 and malformed requests

Hi Christopher, thanks for the response. The first issue is related to the zero-copy forwarding configuration and we noticed the issue https://github.com/haproxy/haproxy/issues/2387 and we applied the version 2.9.1 and the first problem has been fixed, but we noticed an high usage of CPU with this

Re: Haproxy 2.9 and malformed requests

Le 04/01/2024 à 14:55, Marcello Lorenzi a écrit : Hi all, we installed haproxy 2.9 on our development environment and we noticed an issue on a zip download request. If we tried to download a 27 MB file passing through haproxy the request has been served to the client with a 200 response but the

Re: Haproxy running on ipv6 and http-in/

Hi Christoph, Christoph Kukulies wrote on 2023-12-01 09:59: >> Seems normal, status code is 301 and you have "redirect scheme https code >> 301 if !{ ssl_fc }" >> Is this what you expect or do you think there're some errors ? > > But the http-in/is bugging me. This tells you that the request was

Re: Haproxy running on ipv6 and http-in/

Thanks, Jarno, for sorting this out. Running on ipv6 is probably obvious due to the bind :::80 and bind :::443 statements. This v4v6 extension I got from somewhere and is supposed to be Linux kernel specific. > Am 01.12.2023 um 07:56 schrieb Jarno Huuskonen : > > Hi, > > On Tue, 2023-11-28 a

Re: Haproxy running on ipv6 and http-in/

Hi, On Tue, 2023-11-28 at 16:29 +0100, Christoph Kukulies wrote: > I'm wondering why I see haproxy running on ipv6 (Ubuntu 22.04): > > Excerpt from haproxy.cfg: > > frontend http-in > #    bind *:80 >     bind :::80 v4v6 > #    bind *:443 ssl crt /etc/haproxy/certs/xx.pem  >     bind :::443

Re: HAProxy and musl (was: Re: HAproxy Error)

Hi. Resuscitate this old thread with a musl lib update. https://musl.libc.org/releases.html ``` musl-1.2.4.tar.gz (sig) - May 1, 2023 This release adds TCP fallback to the DNS stub resolver, fixing the longstanding inability to query large DNS records and incompatibility with recursive n

Re: HaProxy does not updating DNS cache

Hi. On 2023-09-13 (Mi.) 14:39, Henning Svane wrote: Hi I have tried using a DNS with a TTL of 600 sec. and the DNS changes once in a while, but every time I have to restart Haproxy to get the updated DNS to work. Even if I wait for hours. I can see with nslookup that the server can see the

Re: HaProxy does not updating DNS cache

On Wed, Sep 13, 2023 at 12:39:36PM +, Henning Svane wrote: > Hi > > I have tried using a DNS with a TTL of 600 sec. and the DNS changes > once in a while, but every time I have to restart Haproxy to get the > updated DNS to work. Even if I wait for hours. I can see with > nslookup that the se

Re: Haproxy 2.8 with Proxy Protocol v2 does not close connections

On Thu, 7 Sept 2023 at 14:03, Tom Braarup wrote: > > Hello, > > After upgrading Haproxy from 2.7 to 2.8, with Nginx (1.25.0) as > backends and Proxy Protocol v2, the connections are not closed, > CLOSE_WAIT is increasing over time. No configuration changes apart from > the Haproxy version. 2.8.3

Re: haproxy 2.4 and Kafka sink/source connector issues

We've tested 2.3.21 and 2.2.30 successfully, so it appears to be a 2.4 addition. We've tested 2.4.23 and the latest 2.7 and 2.8 versions. *David GreenwaldSenior Site Reliability engineerdavid.greenw...@discogsinc.com * On Tue, Aug 1, 2023 at 9:16 PM Willy Tarreau wrote: > On Tue, Aug 01,

Re: haproxy 2.4 and Kafka sink/source connector issues

On Tue, Aug 01, 2023 at 08:38:24PM -0700, David Greenwald wrote: > Thanks for the response! That seems unlikely, we're doing an httpchk > to the clustercheck > utility > > following the pxc reference architecture, so not

Re: haproxy 2.4 and Kafka sink/source connector issues

Thanks for the response! That seems unlikely, we're doing an httpchk to the clustercheck utility following the pxc reference architecture, so not actually making a direct database request from haproxy. We're also accessi

Re: haproxy 2.4 and Kafka sink/source connector issues

Hi David, On Tue, Aug 01, 2023 at 05:11:48PM -0700, David Greenwald wrote: > Hi all, > > Looking for some help with a networking issue we've been debugging for > several days. We use haproxy to TCP load-balance between Kafka Connectors > and a Percona MySQL cluster. In this set-up, the connectors

Re: haproxy 2.4 and Kafka sink/source connector issues

hey, first, use "option mysql-check", for better service checking. you'll have to add a user and access to the database, and the howto is in the configuration.txt file (https://www.haproxy.org/download/2.1/doc/configuration.txt).  the "option httpchk" is doing you nothing because the backend

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi, Great, thanks for this. Will "option http-no-delay" be required to activate this particular tweak or is that general advice? We'll certainly mention it in our reverse proxy documentation either way. B. > On 28 Jun 2023, at 04:44, Willy Tarreau wrote: > > Hi Robert, > > On Tue, Jun 27, 2

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi Tim, On Wed, Jun 28, 2023 at 04:12:57PM +0200, Tim Düsterhus wrote: > Hi > > On 6/23/23 13:14, Willy Tarreau wrote: > > But you're aware that what you're asking for is a direct violation of > > basic HTTP messaging rules stating that no agent may depend on chunk > > delivery due to anything al

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi On 6/23/23 13:14, Willy Tarreau wrote: But you're aware that what you're asking for is a direct violation of basic HTTP messaging rules stating that no agent may depend on chunk delivery due to anything along the chain possibly having to buffer some of the data for analysis or transformation.

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi Robert, On Tue, Jun 27, 2023 at 01:19:20PM +0100, Robert Newson wrote: > Hi, > > i'm happy to confirm the two patches combined address the symptom I reported > at the start of the thread. I applied them to haproxy.git master after > confirming that the problem occurred there for a realistic se

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi, i'm happy to confirm the two patches combined address the symptom I reported at the start of the thread. I applied them to haproxy.git master after confirming that the problem occurred there for a realistic setup (couchdb with HAProxy in front configured to do compression). The CouchDB pro

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi Robert, On Sat, Jun 24, 2023 at 09:48:31PM +0100, Robert Newson wrote: > Hi, > > That sounds great, much appreciated. I'll be available all week to test any > patches you might propose. I gave it a try. There was already a flush call in the data block processing (I don't know why, to be hones

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi, That sounds great, much appreciated. I'll be available all week to test any patches you might propose. B. > On 24 Jun 2023, at 21:35, Willy Tarreau wrote: > > Hi Robert, > > On Sat, Jun 24, 2023 at 08:39:22PM +0100, Robert Newson wrote: >> So, the behaviour of the _changes endpoint when

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi Robert, On Sat, Jun 24, 2023 at 08:39:22PM +0100, Robert Newson wrote: > So, the behaviour of the _changes endpoint when used with the feed=continuous > and heartbeat=X (where X is number of milliseconds) is as follows; > > 1) when _changes is invoked, couchdb opens its internal "docs in updat

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi, Agree there are limitations to the various workarounds in my previous response, the only one that I'm confident in is disabling compression for these responses (for our particular setup only). So, the behaviour of the _changes endpoint when used with the feed=continuous and heartbeat=X (w

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi Robert, On Fri, Jun 23, 2023 at 11:33:37PM +0100, Robert Newson wrote: > Hi, > > I underestimated. the heartbeat option was added back in 2009, 14 years ago, > but I don't want to fixate on whether we made this mistake long enough ago to > justify distorting HAProxy. OK! > The CouchDB dev te

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi, I underestimated. the heartbeat option was added back in 2009, 14 years ago, but I don't want to fixate on whether we made this mistake long enough ago to justify distorting HAProxy. The CouchDB dev team are discussing this internally at the moment and I'll update this thread if/when any c

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi Robert, On Fri, Jun 23, 2023 at 12:04:14PM +, Robert Newson wrote: > Hi Willy, > > thank you for this response. The behaviour in CouchDB is ancient (12 years > plus, essentially since before the 1.0 release), and yes it is clearly a bit > naughty, though it has also worked up to this point

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi Willy, thank you for this response. The behaviour in CouchDB is ancient (12 years plus, essentially since before the 1.0 release), and yes it is clearly a bit naughty, though it has also worked up to this point for us. The reason I raised this here is because it seemed inadvertent given the

Re: haproxy indefinitely delays the delivery of small http chunks with slz

Hi Robert, On Fri, Jun 23, 2023 at 11:01:30AM +0100, Robert Newson wrote: > Hi, > > We use HAProxy in front of Apache CouchDB. CouchDB has an endpoint with some > interesting characteristics called _changes. With certain parameters, that > are commonly used, the response is effectively endless, s

Re: haproxy -dKcnv output

Is it? In all the programming languages I use, the colon is followed by the return type (which for iif is str). my claim of mainstream-ness, was mainly meaning the ": in => out" order (one example would be most ML languages, Typescript, Java...) as opposed to ": out <= in" which I haven't s

Re: haproxy -dKcnv output

Tristan, On 5/31/23 12:28, Tristan wrote: If fetches already have the output type after the colon, then the converter should not have the input type after the colon, i.e.     iif(str,str): bool => str is confusing, because it looks like it returns a bool, ... I guess? While this is mainly

Re: haproxy -dKcnv output

If fetches already have the output type after the colon, then the converter should not have the input type after the colon, i.e.     iif(str,str): bool => str is confusing, because it looks like it returns a bool, ... I guess? While this is mainly a feelings thing, I'd say that it is more w

Re: haproxy -dKcnv output

Hi all, On Wed, May 31, 2023 at 10:02:45AM +0200, Tim Düsterhus wrote: > Aurelien, > > On 5/31/23 09:57, Aurelien DARRAGON wrote: > > would not fit properly with existing representation for converters > > within the doc > > > > > iif(str,str): str <= bool > > > > and > > > > > iif(str,str): bo

Re: haproxy -dKcnv output

Aurelien, On 5/31/23 09:57, Aurelien DARRAGON wrote: would not fit properly with existing representation for converters within the doc iif(str,str): str <= bool and iif(str,str): bool => str could be good candidates (fetches are already represented using "name(arg) : out"), although dcon

Re: haproxy -dKcnv output

> What I would find clear: > > bool => iif(str,str) => str You're right Tim But in the long term it could be great to share a common output format with the doc as well (to find all relevant info from -dKcnv in the doc, and vice versa) While > bool => iif(str,str) => str and > bool | iif(st

Re: haproxy -dKcnv output

Hi On 5/30/23 22:09, Aurelien DARRAGON wrote: $> haproxy -f test.conf -dKcnv | grep nbsrv iif(string,string): str => bool iif(string,string): bool => str I don't rely on it, but frankly I find both variants confusing, because it does not follow the logical processing order. What I woul

Re: haproxy -dKcnv output

On Tue, May 30, 2023 at 10:09:55PM +0200, Aurelien DARRAGON wrote: > Dear haproxy users, > > We recently noticed an inconsistency with haproxy -dKcnv output (which > may be used to dump all available sample converters from the cli). > > Here is how a converter is currently being represented in -d

Re: haproxy -dKcnv output

Pardon the few typos in the previous mail > $> haproxy -f test.conf -dKcnv | grep iif > iif(string,string): str => bool Replace iff with iif :) Regards, Aurelien

Re: HAProxy 2.7.7: Unexpected messages during shutdown after upgrade

Hi Dominik, > The spikes seem to be fixed now Thanks for the update! However, we are now observing log messages during shutdown that weren’t there before: > > > > May 12, 2023 @ 11:56:24.000 Proxy health_check_http_tcp-scheduler > stopped (cumulated conns: FE: 0, BE: 0). > > May 12, 2

Re: HAProxy CE Docker Debian and Ubuntu images with QUIC

Dear community, We have been asked quite a few times to also provide haproxytech Docker images in GHCR (GitHub Container Registry), due to the sad fact that Docker Hub has been throttling image downloads (https://www.docker.com/increase-rate-limits/) for a while now. I am happy to announce we a

Re: HAProxy CE Docker Debian and Ubuntu images with QUIC

Hi Dinko. On 19.03.23 19:54, Dinko Korunic wrote: Dear community, As previously requested, we have also started building HAProxy CE  for 2.6, 2.7 and 2.8 branches with QUIC (based on OpenSSL 1.1.1t-quic Release 1) built on top of Debian 11 Bullseye and Ubuntu 22.04 Jammy Jellyfish base image

Re: HAProxy CE Docker Debian and Ubuntu images with QUIC

On 19.03.2023., at 19:54, Dinko Korunic wrote: > Images are available at the usual Docker Hub repositories: > - https://hub.docker.com/repository/docker/haproxytech/haproxy-debian-quic > - https://hub.docker.com/repository/docker/haproxytech/haproxy-ubuntu-quic Ah, my apologies, these seem to be

Re: HAProxy CE Docker Alpine image with QUIC

On Sat, 18 Mar 2023 at 20:01, Aleksandar Lazic wrote: > > Hi Dinko. > > On 17.03.23 20:59, Dinko Korunic wrote: > > Dear community, > > > > Upon many requests, we have started building HAProxy CE for 2.6, 2.7 and > > 2.8 branches with QUIC (based on OpenSSL 1.1.1t-quic Release 1) as > > Docker Alp

Re: HAProxy CE Docker Alpine image with QUIC

> On 18.03.2023., at 20:01, Aleksandar Lazic wrote: > > […] > ``` > My choice not to do TCP in musl's stub resolver was based on an > interpretation that truncated results are not just acceptable but better ux - > not only do you save major round-trip delays to DNS but you also get a > rea

Re: HAProxy CE Docker Alpine image with QUIC

Hi Dinko. On 17.03.23 20:59, Dinko Korunic wrote: Dear community, Upon many requests, we have started building HAProxy CE for 2.6, 2.7 and 2.8 branches with QUIC (based on OpenSSL 1.1.1t-quic Release 1) as Docker Alpine 3.17 images. That's great news :-). What should keep in mind is that A

Re: HAProxy CE Docker Alpine image with QUIC

On Fri, Mar 17, 2023 at 08:59:01PM +0100, Dinko Korunic wrote: > Dear community, > > Upon many requests, we have started building HAProxy CE for 2.6, 2.7 and 2.8 > branches with QUIC (based on OpenSSL 1.1.1t-quic Release 1) as Docker Alpine > 3.17 images. > All these are being built for several

Re: HAProxy performance on OpenBSD

On Wed, Jan 25, 2023 at 12:04:14AM +0100, Olivier Houchard wrote: > > 0x0af892c770b0 : mov%r12,%rdi > > 0x0af892c770b3 : callq 0xaf892c24e40 > > > > 0x0af892c770b8 : mov%rax,%r12 > > 0x0af892c770bb : test %rax,%rax > > 0x0af892c770be : je 0xa

Re: HAProxy performance on OpenBSD

On Tue, Jan 24, 2023 at 11:59:16PM -0600, Marc West wrote: > On 2023-01-24 23:04:14, Olivier Houchard wrote: > > On Tue, Jan 24, 2023 at 11:05:37PM +0100, Willy Tarreau wrote: > > > On Tue, Jan 24, 2023 at 02:15:08PM -0600, Marc West wrote: > > > > > Stupid question but I prefer to ask in order to

Re: HAProxy performance on OpenBSD

On 2023-01-24 23:04:14, Olivier Houchard wrote: > On Tue, Jan 24, 2023 at 11:05:37PM +0100, Willy Tarreau wrote: > > On Tue, Jan 24, 2023 at 02:15:08PM -0600, Marc West wrote: > > > > Stupid question but I prefer to ask in order to be certain, are all of > > > > these 32 threads located on the same

Re: HAProxy performance on OpenBSD

On Tue, Jan 24, 2023 at 11:05:37PM +0100, Willy Tarreau wrote: > On Tue, Jan 24, 2023 at 02:15:08PM -0600, Marc West wrote: > > > Stupid question but I prefer to ask in order to be certain, are all of > > > these 32 threads located on the same physical CPU ? I just want to be > > > sure that locks

Re: HAProxy performance on OpenBSD

On Tue, Jan 24, 2023 at 02:15:08PM -0600, Marc West wrote: > > Stupid question but I prefer to ask in order to be certain, are all of > > these 32 threads located on the same physical CPU ? I just want to be > > sure that locks (kernel or user) are not traveling between multiple CPU > > sockets, as

Re: HAProxy performance on OpenBSD

On 2023-01-24 06:58:57, Willy Tarreau wrote: > Hi Marc, Hi Willy, > See the difference ? There seems to be an insane FD locking cost on this > system that simply wastes 40% of the CPU there. So I suspect that in your > first tests you were stressing the locking while in the last ones you > were s

Re: HAProxy performance on OpenBSD

Hi Marc, On Mon, Jan 23, 2023 at 11:36:48PM -0600, Marc West wrote: (...) > I tested flooding bogus UDP traffic from two other machines with random > source ports (nsd listening on 53). Within 1 second PF had ~130k states > and load was minimal: (...) OK at least at this point we can rule out any

Re: HAProxy performance on OpenBSD

On 2023-01-23 07:58:24, Willy Tarreau wrote: > Hi Marc, Hi Willy, Thanks for your reply and all of your work on haproxy! > I think you should try to flood the machine using UDP traffic to see > the difference between the part that happens in the network stack and > the part that happens in the

Re: HAProxy performance on OpenBSD

Hi Marc, On Mon, Jan 23, 2023 at 12:13:13AM -0600, Marc West wrote: > Hi, > > We have been running HAProxy on OpenBSD for serveral years (currently > OpenBSD 7.2 / HAProxy 2.6.7) and everything has been working perfect > until a recent event of higher than normal traffic. It was an unexpected > f

Re: HAProxy performance on OpenBSD

On Mon, Jan 23, 2023 at 02:22:45PM +0600, ??? wrote: > also, I wonder what is LibreSSL <--> OpenSSL perf. > I'll try "openssl speed" (I recall LibreSSL has the same feature), but I'm > not sure I can get OpenBSD machine. It wouldn't have caused that much system if it was the cause, the sy

Re: HAProxy performance on OpenBSD

gmail decided to put original message to spam. I replied to first reply. indeed it was mentioned. sorry пн, 23 янв. 2023 г. в 14:22, Willy Tarreau : > Hi Ilya, > > On Mon, Jan 23, 2023 at 02:11:56PM +0600, ??? wrote: > > I would start with big picture view > > > > 1) are CPUs utilized a

Re: HAProxy performance on OpenBSD

Hi Ilya, On Mon, Jan 23, 2023 at 02:11:56PM +0600, ??? wrote: > I would start with big picture view > > 1) are CPUs utilized at 100% ? > 2) what is CPU usage in details - fraction of system, user, idle ... ? > > it will allow us to narrow things and find what is the bottleneck, either >

Re: HAProxy performance on OpenBSD

also, I wonder what is LibreSSL <--> OpenSSL perf. I'll try "openssl speed" (I recall LibreSSL has the same feature), but I'm not sure I can get OpenBSD machine. can you try haproxy + openssl-1.1.1 (it is considered the most performant these days) ? пн, 23 янв. 2023 г. в 14:17, Илья Шипицин : >

Re: HAProxy performance on OpenBSD

and fun fact from my own experience. I used to run load balancer on FreeBSD with OpenSSL built from ports. somehow I chose "assembler optimization" to "no" and OpenSSL big numbers arith were implemented in slow way I was able to find big fraction of BN-functions using "perf" tool. something like 2

Re: HAProxy performance on OpenBSD

I would start with big picture view 1) are CPUs utilized at 100% ? 2) what is CPU usage in details - fraction of system, user, idle ... ? it will allow us to narrow things and find what is the bottleneck, either kernel space or user space. пн, 23 янв. 2023 г. в 14:01, Willy Tarreau : > Hi Marc,

  1   2   3   4   5   6   7   8   9   10   >