Welcome! Log In Create A New Profile

Advanced

trying to undestand (via netstat) how many connections haproxy opens to backends

Posted by John Cherouvim 
I'm trying to understand the output of netstat when haproxy is handling
requests waiting for the backend to finish processing. My setup is a VM
with LAN IP 192.168.10.50 hosting one haproxy and one apache httpd instance:
- apache httpd is listening on 127.0.0.1:12345 (not accessible from
outside) serving a page which needs 10 seconds to render.
- haproxy 1.8 which listens with "bind :::80 v4v6" with a backend
"server apache_backend 127.0.0.1:12345"


The relevant part of netstat output when the 2 services are running is
naturally the following:
tcp6 :::80 :::* LISTEN 14973/haproxy off
tcp 127.0.0.1:12345 0.0.0.0:* LISTEN 15020/apache2 off

I then execute "curl http://192.168.10.50/ &" 3 times from a different
host. I validate in the haproxy stats page that there are 3 concurrent
processings taking place both on the haproxy frontend section and on the
haproxy backend section (Cur: 3, Max 3).

The following groups of connections appear on netstat:

1)
tcp6 192.168.10.50:80 192.168.10.1:62942 ESTABLISHED 14973/haproxy off
tcp6 192.168.10.50:80 192.168.10.1:62941 ESTABLISHED 14973/haproxy off
tcp6 192.168.10.50:80 192.168.10.1:62940 ESTABLISHED 14973/haproxy off

2)
tcp 127.0.0.1:35154 127.0.0.1:12345 ESTABLISHED 14973/haproxy off
tcp 127.0.0.1:35156 127.0.0.1:12345 ESTABLISHED 14973/haproxy off
tcp 127.0.0.1:35158 127.0.0.1:12345 ESTABLISHED 14973/haproxy off

3)
tcp 127.0.0.1:12345 127.0.0.1:35154 ESTABLISHED 15023/apache2 keepalive
tcp 127.0.0.1:12345 127.0.0.1:35156 ESTABLISHED 15090/apache2 keepalive
tcp 127.0.0.1:12345 127.0.0.1:35158 ESTABLISHED 15099/apache2 keepalive

I understand that connections in group #1 are the ones originating from
outside the VM, initiated by the 3 parallel curl commands, which end up
on the ipv6 endpoint of haproxy, managed by its front end component. I
suppose that the haproxy backend component must then start 3 connections
to send the requests to apache. Are these connections shown in group #2
or #3? And if that is either group #2 or #3, what is the other group
supposed to be doing?

Thanks
John,

Am 06.02.2018 um 17:20 schrieb John Cherouvim:
> suppose that the haproxy backend component must then start 3 connections
> to send the requests to apache. Are these connections shown in group #2
> or #3? And if that is either group #2 or #3, what is the other group
> supposed to be doing?
>

TCP connections are identified by the 4-tuple of (src ip, src port, dst
ip, dst port). If you look closely you'll notice that both groups
represent the same TCP connections as the IP addresses and ports match up:

Once as an outgoing connection from haproxy to Apache, once as an
incoming connection to Apache, from haproxy.

Best regards
Tim Düsterhus
Sorry, only registered users may post in this forum.

Click here to login