HA Proxy Confg Long Timeout

stevepe · July 28, 2017, 11:58am

Hi… what are Pro & Con for Long time out?
defaults
log global
timeout server 5s
timeout connect 5s
timeout client 5s

Vs.

defaults
log global
timeout server 50000s
timeout connect 5000s
timeout client 50000s

lukastribus · July 30, 2017, 7:24pm

Its pretty much always a bad idea to set high timeouts.

Cons are:

as more concurrent sessions are used, you need higher maxconn values and therefor more memory
if set maxconn higher than your box has RAM for it, your kernel will OOM kill haproxy
if set maxconn too low, you will saturate maxconn and new connections attempts won’t be answered
whatever maxconn, the higher the timeouts are, the easier it is for an attacker to DDoS your setup

Baptiste · July 31, 2017, 8:14am

I would add to Lukas response that there is no good reason to have a long “timeout connect”.
This value matches the time between a TCP SYN and a SYN/ACK on the network between HAProxy and the server.

stevepe · August 27, 2017, 5:43am

Thank you both of you.

Topic		Replies	Views
Turn off all timeouts Help!	5	6970	February 8, 2019
Set up timeout http-request caused connect and read timeouts Help!	5	2034	August 16, 2018
Understanding maxconn and maxonnrate and delays Help!	12	5591	February 4, 2019
Haproxy cause to full nf_conntrack_max Help!	0	678	November 1, 2020
How to know default settings Help!	2	130	July 27, 2023

HA Proxy Confg Long Timeout

Related Topics