Understand scur statistic (frontend vs backend)

I am monitoring my haproxy. It has a frontend for https and redirects to two backends.

One of the statistics that I have in graph is scur stat (current sessions).

I understand that this value tells me the number of current active sessions by my users.

The problem is in the data obtained and that I can not understand. In the frontend I get values of active sessions much greater than the sum of the sessions in the backends. Should not the number of sessions in the frontend be rigged to the sum of the sessions in the backend?

If not, what values are correct? What does the value of the fronted refer to? and especially, what does the value of the frontend refer to?

Attached two images, the first is the frontend, the second the two backends

image

image

No, that’s not at all the case. You’ll have to provide your configuration to understand the behavior exactly, but I assume this is simply caused by http-keep-alive.

I can provide you my “global” and “defaults”, but I can tell you that I don’t use the http-keep-alive option:

global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/proxy.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
maxconn 2048

    ca-base /etc/ssl/c
    crt-base /etc/ssl/p

defaults
log global
mode http
option forwardfor
option http-server-close
option httplog
option dontlognull
option log-health-checks
timeout connect 5000
timeout client 50m
timeout server 50m
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

Anyway, I need to understand the “scur” statistic, what it means in the frontend and what it means in the backend.

If you need any additional information about the configuration of haproxy let me know.

Thanks

You are using option http-server-close, you did not set timeout http-keep-alive or timeout http-request and have timeout client set to 50 minutes.

What this means is that you don’t do any kind of keep-alive on the server side (backend), but you DO keep-alive in the frontend with a timeout of 50 minutes.

Please read about http-server-close and timeout http-keep-alive in the docs.

It is the counter of the currently open (TCP) connections, both on the frontend and the backend. Your keep-alive use on the frontend with an effective 50 minutes timeout and disabled keep-alive on the backend causes the mismatch you are seeing.

Thanks for the help, I made some changes in the configuration, but the mismatch continues to occur.

I add the new configuration in “defaults”. Is there something that is still wrong?

defaults
log global
mode http
option forwardfor
option http-keep-alive
option httplog
option dontlognull
option log-health-checks
timeout connect 5000
timeout client 30m
timeout server 30m
timeout http-keep-alive 30m
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

I’m not sure what you are trying to achieve.

Are you deliberately trying to make performance worse, just so that 2 counters that have not much to do with each other match? If that is the case, then you need to remove option http-keep-alive and set option httpclose.

I do not try to make performance worse, I just try to understand the “scur” statistic in order to have a correct value of active connections (to have an idea of active users). Is the “scur” value in the backends really worth anything? Should I take into account only the frontend in this case? I still do not have this answer clear.

Of course the main thing is performance, is there anything wrong with the current configuration?

I will try to reexplain then.

The frontend handles connections between the browser and haproxy. The frontend scur counter is the amount of open connections on the frontend.

The backend handles connections between haproxy and the backend servers. The backend scur counter is the amount ofopen connections on the backend.

Those are 2 different things, and based on keep-alive handling, http reuse and keep-alive handling of the particular browser used and keep-alive handling in the backend server, they will be different. Your conclusion that those 2 different counters need to match is completely wrong.

Reduce the timeout http-keep-alive to a few seconds.

Then you cannot set the keep-alive timeout to half an hour. Set it to something like 3 - 5 seconds.