HA Proxy Confg Long Timeout


#1

Hi… what are Pro & Con for Long time out?
defaults
log global
timeout server 5s
timeout connect 5s
timeout client 5s

Vs.

defaults
log global
timeout server 50000s
timeout connect 5000s
timeout client 50000s


#2

Its pretty much always a bad idea to set high timeouts.

Cons are:

  • as more concurrent sessions are used, you need higher maxconn values and therefor more memory
  • if set maxconn higher than your box has RAM for it, your kernel will OOM kill haproxy
  • if set maxconn too low, you will saturate maxconn and new connections attempts won’t be answered
  • whatever maxconn, the higher the timeouts are, the easier it is for an attacker to DDoS your setup

#3

I would add to Lukas response that there is no good reason to have a long “timeout connect”.
This value matches the time between a TCP SYN and a SYN/ACK on the network between HAProxy and the server.


#4

Thank you both of you.