Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Support for TCP_KEEPCNT functionality in haproxy?

Tags:

tcp

sockets

haproxy

I have a TCP based application which relies on TCP keep-alive behavior for its functionality. I would like to proxy and load balance this application using haproxy.

Everything seems fine using haproxy except for the application's dependence upon TCP keepalive behavior. The application depends upon the TCP_KEEPCNT socket option to close connections when a certain number of keepalives have not been replied to. It seems like this functionality is not available in haproxy and as a result the application's functionality around connection states is wrong.

Is it possible with haproxy to influence the TCP_KEEPCNT setting on a connection, or for that matter related options like TCP_KEEPIDLE and TCP_KEEPINTVL? Thanks!

like image 705
zdv Avatar asked May 19 '26 19:05

zdv

2 Answers

You can enable the sending of TCP keepalive packages in HAProxy using the following options:

  • option clitcpka – enable the sending of keepalive packages between the client and HAProxy, to be used in the frontend
  • option srvtcpka – enable the sending of keepalive packages between haproxy and the backend server, to be used on the backend

Note though that you can't send the keepalive packages all the way from the backend server to the client. This is because HAProxy always has two independent TCP connections: one between the client and HAProxy and one between HAProxy and the server. As the keepalive packages don't reach the application but are handled completely by the TCP stack (and thus the kernel), they can't be forwarded by an application.

like image 175
Holger Just Avatar answered May 23 '26 00:05

Holger Just

With option clitcpka or option srvtcpka or option tcpka the inactive connection is detected and killed by OS, not by haproxy. I see no way to tune it on haproxy 1.5.x.

 sysctl net.ipv4.tcp_keepalive_time=110  # if no data sent for 110 seconds, enable KA, then immediately send the first KA, don't kill connection yet
 sysctl net.ipv4.tcp_keepalive_intvl=30  # wait for 30 seconds after each KA, once they're enabled
 sysctl net.ipv4.tcp_keepalive_probes=3  # send 3 KAs unacknowledged, then kill the TCP connection

When packets stop coming these OS settings collectively kill the connection after 200 seconds.

like image 24
kubanczyk Avatar answered May 23 '26 00:05

kubanczyk
Sign in to Comment

Related questions

MQTT socket error after around a minute of connection
Replacement for SocketUtils.findAvailableTcpPort()?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!