We are using haproxy to provide public services, and found unexpected FIN/RST sent by haproxy, which caused the connection disconnected.
server public ip(as haproxy): 139.198.y.y
server private ip (as backend) : 172.19.12.82
Please check attachment for more details:
Haproxy has enabled transparent proxy, so we’ve seen two TCP streams:
- stream 597: client -> haproxy
- stream 598: haproxy -> backend
after normal TLS handshake interfaction between client->haproxy->backend, haproxy sent FIN (#21872) and RST (#21874) to backend directly.
These cause the connection to be interupted, request failed, and client reported:
Exception org.apache.http.NoHttpResponseException ERROR 调用customerHttpClient.execute(request)方法失败，Signals that an I/O exception of some sort has occurred. This class is the general class of exceptions produced by failed or interrupted I/O operations. org.apache.http.NoHttpResponseException: https://xxx:443 failed to respond
And since we don’t see any related packets recieved from client(src client -> dst haproxy), can we say that the haproxy sent the FIN/RST to backend all by itself? Does anybody has any clue why this happened?
haproxy version used:
HA-Proxy version 1.6.13 2017/06/18
Copyright 2000-2017 Willy Tarreau email@example.com
BTW, this behavior happened rarely, can not be reproduced manually.