HAProxy关闭长寿命的TCP连接，而忽略TCP keepalive [英] HAProxy closes long living TCP connections ignoring TCP keepalive

问题描述

我已经配置了HAProxy(1.5.4，但我也尝试了1.5.14)，以在TCP模式下平衡两个服务器在5672端口上公开的AMQP协议(WSO2消息代理). 客户端通过HAProxy创建并使用与AMQP服务器的永久连接.

I have configured HAProxy (1.5.4, but I tried also 1.5.14) to balance in TCP mode two server exposing AMQP protocol (WSO2 Message Broker) on 5672 port. The clients create and use permanent connection to the AMQP Servers, via HAProxy.

我更改了客户端和服务器的TCP keepalive超时，设置为net.ipv4.tcp_keepalive_time = 120(CentOS 7).

I've changed the client and server TCP keepalive timeout, setting net.ipv4.tcp_keepalive_time=120 (CentOS 7).

在HAProxy中，我已将客户端/服务器超时设置为200秒(> 120秒的keepalive数据包)，并使用了选项clitcpka.

In HAProxy I've setted timeout client/server to 200 seconds (>120 seconds of the keepalive packets) and used the option clitcpka.

然后，我开始进行有线通信并嗅探所有tcp流量:在客户端发出最后一个请求之后，定期发送tcp keepalived数据包120秒，但是在客户端发出最后一个请求200秒之后，连接被关闭(因此忽略了保持活动的数据包).

Then I've started wireshark and sniffed all the tcp traffic: after the last request from the clients, the tcp keepalived packets are sente regularly after 120 seconds, but after 200 seconds after the last request from the clients the connection are closed (thus ignoring the keepalived packet).

下面的配置:

haproxy.conf

haproxy.conf

global
    log 127.0.0.1   local3
    maxconn 4096
    user haproxy
    group haproxy
    daemon
    debug

listen messagebroker_balancer 172.19.19.91:5672
    mode tcp
    log global
    retries 3
    timeout connect 5000ms
    option redispatch
    timeout client 200000ms
    timeout server 200000ms
    option tcplog
    option clitcpka 
    balance leastconn
    server s1 172.19.19.79:5672 check inter 5s rise 2 fall 3
    server s2 172.19.19.80:5672 check inter 5s rise 2 fall 3

推荐答案

TCP处于活动状态处于传输层，仅用于在连接上进行一些通信，因此像包过滤器这样的 intermediate 系统不会不会丢失任何状态，并且终端系统可以注意到与另一侧的连接是否断开(可能是由于某些故障或网络电缆断开了).

TCP keep alive is at the transport layer and is only used to do some traffic on the connection so intermediate systems like packet filters don't loose any states and that the end systems can notice if the connection to the other side broke (maybe because something crashed or a network cable broke).

TCP保持活动状态与您已明确设置为200s的应用程序级空闲超时无关:

TCP keep alive has nothing to do with the application level idle timeout which you have set explicitly to 200s:

timeout client 200000ms
timeout server 200000ms

如果连接空闲(即没有数据传输)，则会触发此超时. TCP保持活动状态不传输任何数据，这些数据包的有效负载为空.

This timeouts gets triggered if the connection is idle, that is if no data get transferred. TCP keep alive does not transport any data, the payload of these packets is empty.

这篇关于HAProxy关闭长寿命的TCP连接，而忽略TCP keepalive的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！