HAProxy Performance Tweaks: sysctl and config

If you’re running a high-performance HAProxy setup, there are many tweaks and settings that you can benefit from. Some of these can be complex, but there are many that can quite easily increase your performance. We’ll give you some tips here to get that extra bit of performance you need!

Warning: These are mostly kernel changes and can cause unknown issues. Please Google any changes you are unsure of, or ask us!

Sysctl.conf Changes

sysctl is a program used to tweak kernel settings on your OS. These can allow you to optimize specifically the way your kernel is handling things — specifically, networking. If you are using Snapt, for HAProxy you can navigate to the Setup > Configuration > Performance menu. Alternatively, you can manually edit the /etc/sysctl.conf file.

These are specifically designed to optimize your Linux installation forhaproxy, allowing it to perform better under peak loads and allowing you to get more requests per second.

You can apply our selected tweaks by pasting the below into your /etc/sysctl.conf file, and then running  sysctl -p" to apply the changes.

# Increase the max OS recv/send buffer size
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

# Increase the connection track table size
net.ipv4.netfilter.ip_conntrack_max = 999999

# Widen the local port range to allow more ports
net.ipv4.ip_local_port_range = 1024 65023

# Lower the TCPFIN timeout
net.ipv4.tcp_fin_timeout = 30

# Increase the max backlog, syn tweaks
net.core.netdev_max_backlog = 10000
net.ipv4.tcp_max_syn_backlog = 2048
net.ipv4.tcp_synack_retries = 3

# Enable syn cookies vs syn floods, RP filter
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.rp_filter = 1

# Increase to handle spikes of traffic
net.core.somaxconn = 60000

# Increase the TIME WAIT buckets pool size for DoS/performance
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_reuse = 1

# Adjust TCP orphan limit
net.ipv4.tcp_max_orphans = 262144

If any give you an error it may be because of a kernel version or anything else, just remove the relevant line. Remember to reboot or run sysctl -p” to apply this.

Haproxy.cfg Config Changes

Below are several tips to keep in mind when creating or adjusting your haproxy.cfg file.

Mode Selection

TCP mode groups are much less load than HTTP. Check your "mode" setting under a listen, frontend, or backend section of the config. If you don't need to do any HTTP level adjustments then TCP mode will be much faster.

HTTP Tweaks

There are a lot of configuration changes that effect performance, but there are (as always) some easy tweaks to get more out of your server farm. Firstly, consider adding option httpclose to all your HTTP groups. In Snapt, this is called “Force HTTP Close.” This will stop keepalives, but that will be to your advantage. Also, add  option abortonclose – this will close aborted requests.

Maxconn Setting

HAProxy limits connections on a global level as well as a frontend/listen level to the maxconn setting. It restricts the maximum number of connections HAProxy will accept (at a time), so make sure it’s high enough. You can use this in groups as well as globally. In Snapt, this is called “Maximum Connections.”

Make sure you don't have it set high in the "global" section of the config, but not high enough in the "listen" or "frontend" section!

Balance Method

Only use what you require when choosing a balance method. Remember that roundrobin is going to be much faster, so if there is no requirement for a more advanced method don’t use it (in performance sensitive situations).

Compression

HTTP compression uses a lot of CPU, and if you are in a high-performance environment, you will want to disable it. This obviously has pluses and minuses.