❦ 22 janvier 2015 11:47 +0800, "hu.zhang" <[email protected]> :
> Thank you for your quick reply. I did a test in this way. I found the > maximum connection time into 3S. Our client is particularly concerned > about the http response time. Do you have another way to add/remove > the servers? [...] > Please see http://www.mail-archive.com/[email protected]/msg06885.html > > The summary being > > iptables -I INPUT -p tcp --dport $PORT --syn -j DROP > sleep 1 > service haproxy restart > iptables -D INPUT -p tcp --dport $PORT --syn -j DROP You should remove the sleep. If a SYN is received at the very beginning of the sleep, the next one will be received at the very end (or during the restart) and the next one one second later hence the 3 seconds. Without the sleep, you should get a maximum connection time of 1s (given the whole set of commands run under one second). -- If one cannot enjoy reading a book over and over again, there is no use in reading it at all. -- Oscar Wilde
