Some notes playing with HAProxy(ymichael.com) |
Some notes playing with HAProxy(ymichael.com) |
To me it makes sense to set this value fairly high. There is not a great cost to holding a connection open: typically a few dozen bytes, but this way you can simply have your service working slower and catching up once the number of requests decreases. Say you set maxconn to 4096 globally and say the backend can process only 32 requests at a time. In this case you essentially buffer the client connections in the HAProxy (or whatever you use on the front-end) queue instead of outright refusing them. You still get all the benefits from the backend's maxconn so the backend doesn't start thrashing, but you accept a lot more connections before your users start seeing "Server refused connection" errors. Of course if you routinely need to process more than 32 concurrent requests your backend will never catch up, so in that case you want to increase its performance or add more backends.
Additionally, HAProxy is, AFAIK, the only HTTP/TCP server that has the option to log when a connection is first established, not when it is finalized, making it a lot easier to debug certain types of problems, as well as detecting Slowlaris attacks.
It's really weird to have these settings to cripple your load balancer, which already is an idea that gives me an involuntary shudder, and to cap it off the idea is that this is somehow a performance hack.
I posit a different idea. Trust the fact that web servers are written by folks who actually realized that their code would be on the internet, serving up web pages, and that some thought has gone into optimizing things already. Artificially shaping traffic and guessing that things run faster because you just figured it would is why ops people will not give you access to machines in production.
Crank the load balancer up to 11. If your code can't handle traffic, don't break the rest of the network to protect it from traffic. Fix the back end problems.