HAproxy slow on WAN jagged throughput

  • I'm having issues with HAproxy or HAproxy dev with the throughput with SSL offloading on the wan side. Backends with HTTP or HTTPs.

    Screenshot 2020-04-13 17.47.10.png

    This behaviour only happens on with HAproxy (two frontends on 443 and upper port) and works ok with port forward. (Not wan problem). 300/300 fullduplex.

    With NAT reflection I got the full Gigabit throughput on the HAproxy
    Screenshot 2020-04-13 17.23.07.png

    I don't have any traffic shaper configured.

    Hardware: Dell R210II , E3-1220L v2, 16gb and i350-t4

    Adding more info:
    Screenshot 2020-04-14 15.09.25.png
    Screenshot 2020-04-14 15.10.58.png

    Enabled: Use "forwardfor" option.
    Use "httpclose" option : httpclose

    I tried keep alive and same behaviour.

  • I'm trying to debug the congestion problem between my proxy and my ISP. I tried with a client connected on the network of the ISP with the same speed and the throughput was almost the same as without proxy.

    So the problem lies with the ISP an HA proxy. Also with a client connected with Fast ethernet the throughput didn't throttle so badly.

    Without HA proxy I don't have such problems.

  • Still getting the same performance drop when through HAproxy. Any idea how to tweak the congestion mechanism?

  • You have TCP retransmissions... Where you see retransmission's - between pfSense and backend? between pfSense and outside client or internal client?
    Why you see retransmission? This you need to explain, this isn't normal flow and I doesn't think they flow can be tuned as it not designed to drop packages 😅 .
    Why you speak about ISP? What service you try to proxy? Do you see errors in HAproxy logs or in haproxy socat status?

Log in to reply