Haproxy stays bound to frontend port when all backends are down


#1

HI everyone. Perhaps my expectations are incorrect, but I figured haproxy would unbind from the listening port when a “tcp-request connection reject” is in place and the condition is currently true.

My use case is that I have five backend servers and one haproxy listening on port X. When all five backends are down (such as for maintenance), I had hoped this rule:

tcp-request connection reject if { nbsrv(xyz) lt 1 }

would cause haproxy to stop listening. Unfortunately I have to deal with some exceptionally stupid software on the other end that uses a “dump and go” policy whereby it connects and just blindly dumps its data. If it connects successfully it assumes the data was delivered. I know, it is tremendously bad behaviour but unfortunately not under my control.

Is my expectation correct? netstat shows haproxy still listening and I can connect with telnet, though it disconnects as soon as I send data.

Thanks,
Sean


#2

I should have said, I was using version 1.6.3.

I have upgraded to 1.6.13 and now haproxy is still listening, but connections to it behave differently. I got different results on consecutive telnet attempts:

[sean@dev ~]$ telnet localhost 54054
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
Connection closed by foreign host.

[sean@dev ~]$ telnet localhost 54054
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection reset by peer

which I find a little odd. It smells like timing to me. Is there any way to guarantee the latter behaviour?

Thanks again


#3

Haproxy will always keep listening on the frontend. It can only close the socket on exit.

tcp-request connection reject will close the socket asap, however it will still accept the connection in the first place (the 3 way handshake succeeds).

No and I think the latter behavior is a consequence of something else. Maybe haproxy shutdown or reloaded or crashed while you where testing it; I don’t have an explanation for the “Connection reset by peer” behavior.