0

I have below port range configured

cat /proc/sys/net/ipv4/ip_local_port_range
32768 61000

So, 28232 will be no.of available ports

I have HAProxy Configured to take 5000 connection with 2 processor So, HAProxy will take 10,000 concurrent connections

sample haproxy.conf file

frontend main
bind *:80
acl is_app_user -i ^/myApp/app/.*/user.*
acl is_app_members path_reg -i ^/myApp/.*

use_backend user if is_app_user
use_backend member if is_app_members

backend user
   server app1 127.0.0.1:8081

backend member
   server app2 member.app.com:443 ssl verify none check

How many Ports that machine running HAProxy opens?

28232 x 2 = 56,464. Since, backend is different IP address or irrespective of backend server, source port always remains at 28,232?

Karthik
  • 1

1 Answers1

0

Just to clarify: Your issue is one of source port exhaustion when establishing connections to your respective backends, correct?

A workaround might be to assign more IP addresses to the network interface(s) of the HAProxy and assign the same backend server multiple times using the source directive in your backend server definitions:

backend foo
    server appsrv1-1 member.app.com:443 source 10.0.0.10 ssl verify none check 
    server appsrv1-2 member.app.com:443 source 10.0.0.11 ssl verify none check 
    server appsrv1-3 member.app.com:443 source 10.0.0.12 ssl verify none check 
    ...

This should give you a bunch more ports to use.

Mikael H
  • 5,031
  • 2
  • 9
  • 18
  • Yes, my issue with source port exhaustion. So, no.of ports availability is based on the source IP not how many different backend servers (different IP address) that we have? – Karthik Nov 19 '19 at 19:06
  • I frankly don't know what happens if you manage to open several tens of thousands of connections to a single backend IP/port - I suspect you would see performance degradation long before that with most kinds of web applications - but at least this should be a valid way to exceed your configured number of source ports. – Mikael H Nov 21 '19 at 13:00