When to use httpclose or http-server-close in haproxy

https haproxy keep-alive
forestclown picture forestclown · Jan 17, 2016 · Viewed 19.3k times · Source

I have inherited a system where it has some performance issues due to network latency. We are using CentOS 5.x, and haproxy 1.5x

The reason is that there is a lot of time spent on each API requests due to time spent on "initial connection"

Example

Ignore the rest of the timing as this is just an example taken from web, the rest of the timing is fine from my end except for "initial connection" where all API calls are timed around 150 - 250ms for "initial connection".

After removing the settings "option httpclose" from haproxy, the performance has improved significantly as all the waiting time from "initial connection" are gone.

After going through some articles, I have found this one http://killtheradio.net/technology/haproxys-keep-alive-functionality-and-how-it-can-speed-up-your-site/

Where it suggest to remove: 

option httpclose

and replace with

timeout client  5000
option http-server-close

So my questions are:

  • When to use option httpclose?
  • The server using haproxy is responsible for all our Restful API calls, are there any other considerations I need to be aware of after removing the config "option httpclose"?
  • Should I use "option http-server-close" and what are the impacts?

Answer

anine.io picture anine.io · Jul 5, 2016

You should actually be using

option http-keep-alive

You need to ensure that the frontend limits are high enough (be careful of the memory requirements) that they can accommodate the increase in number of active sessions, which will be higher due to the fact that connections will no longer be closed after each request.

Next thing is making sure that your backend supports keep alive towards HAproxy, otherwise the above is useless and you can switch back to http-server-close mode.

Depending on the rate of your requests and the number of parallel clients, you need to adjust timeout http-keep-alive to make sure you have enough connection slots on the frontend while still retaining good connection reuse percentage. Good value to start with is a few seconds.

The httpclose option should only be used if you want to close the connection towards both the server and the client, which is almost never the case unless the clients are broken. If you have a server that cannot cope well with a lot of idle requests, you might want to use http-server-close option, but all modern web servers to it well.

This will also help with the SSL part as it is representing a significant chunk of the connection phase (given that it won't need an SSL handshake on every request), but you might want to look into SSL session cache performance and if you have more than one HAproxy server active, RFC5077 support (requires v1.6+).

https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#tune.ssl.cachesize https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#3.2-tune.ssl.lifetime

Related questions

HAProxy redirecting http to https (ssl)

I'm using HAProxy for load balancing and only want my site to support https. Thus, I'd like to redirect all requests on port 80 to port 443. How would I do this? Edit: We'd like to redirect to the same url on …

Read More
How can I enable HTTP/2 on HAProxy?

We have recently shifted from HTTP to HTTPS. As we have already moved to HTTPS, we are thinking of moving to HTTP/2 to get performance benefits. As explained above that requests between browser and LB are secured (HTTPS) while communication …

Read More
HAproxy with multiple https sites

We have couple of http sites running behind load balancer ( with failover capability using hearbeat) and one https site. Everything is running fine but now i want to add another https site. I couldn't find any references for hosting multiple …

Read More