We have clients that connect using 300-400 connections parallely and we have a src_conn_cur reject set to only if client hits 1000 connections.
When ever we have the clients connect during that period we see there is a spike in response time for approximately 1-2% of messages.
Is this common? config
global
chroot /var/lib/haproxy
daemon
log 127.0.0.1:12000 local0
maxcompcpuusage 90
maxcomprate 1000000
maxconn 340000
pidfile /var/run/haproxy.pid
stats socket /var/run/haproxy.sock mode 777 level admin
tune.ssl.cachesize 1000000
tune.ssl.default-dh-param 2048
defaults
log global
mode http
option httplog
option redispatch
option http-no-delay
retries 3
timeout connect 5000
timeout server 1800000
timeout client 1800000
frontend XXXXX
bind 10.XXXX:443 ssl crt /etc/pki/tls/certs/XXX
mode http
default_backend bk_xms
maxconn 340000
option forwardfor header X-Real-IP
option httplog
option http-ignore-probes
stick-table type ip size 100k expire 30s store conn_cur
tcp-request connection reject if { src_conn_cur ge 1000 }
tcp-request connection track-sc1 src
backend XXX
mode http
balance roundrobin
http-check expect status 200
http-reuse aggressive
option allbackups
server XXXXX1 10.xx.xx.xx:8080 check fall 3 rise 5 inter 2000 weight 10
server XXXXX2 10.xx.xx.xx:8080 check fall 3 rise 5 inter 2000 weight 10
Need urgent help