HAProxy: Defer TCP connection to backend only after first data arrives

Alberto Pastore

7/4/23, 7:36 AM

I'm trying to understand if haproxy 2.2 or greater has a specific configuration that allows to defer opening the tcp connection to backend servers only after the first data segment is transmitted from the client.

I am running haproxy to balance long-lived tcp connections on a custom protocol where the client always speaks first.

However there are several incoming connections which do not send anything and just sit idle until they are timed-out by the backend nodes.

I'd like to avoid having haproxy opening the tcp connection immediately to the backend until the client has sent at least 1 byte.

I've tried to add the defer-accept option to the bind statements inside frontend sections but these seem not to have any effect.

My haproxy instance (v.2.2.20) is running on a Debian 10 VM with kernel 4.19.0.

Is there any other configuration option I am missing?

0 + 0

tcp

haproxy

Score:2

Server

Kyle Spier-Swenson

10/29/23, 5:24 AM

Was looking for this myself, found the answer in the the examples of the config reference: https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#4-tcp-request%20content

in the frontend:

tcp-request inspect-delay <whatever makes sense for your protocol>
tcp-request content accept if REQ_CONTENT
tcp-request content reject

+ 2

Alberto Pastore

10/30/23, 5:23 PM

Thank you Kyle that's exactly what I was looking for. I've just switched to a slightly different acl since every handshake on a new incoming connection is currently initiated on client side with two fixed header bytes, so I declared: `acl valid_hs_start req.payload(0,2) -m bin 0103` then `tcp-request inspect-delay 20s`, `tcp-request content accept if valid_hs_start` and finally used `tcp-request content silent-drop`. It looks like it's working nicely, I'll make further tests in a canary environment.

Mikko Rantalainen

1/27/24, 3:52 PM

Note that if you don't specify unit for the delay and simply write e.g. `20`, the timeout will be 20 milliseconds.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: HAProxy: Defer TCP connection to backend only after first data arrives

TH: HAProxy: เลื่อนการเชื่อมต่อ TCP เป็นแบ็กเอนด์หลังจากข้อมูลแรกมาถึงเท่านั้น

RO: HAProxy: Amânați conexiunea TCP la backend numai după ce sosesc primele date

RU: HAProxy: откладывать TCP-соединение с серверной частью только после поступления первых данных

VI: HAProxy: Trì hoãn kết nối TCP đến phụ trợ chỉ sau khi dữ liệu đầu tiên đến

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.