Hi,
HAProxy 3.2-dev9 was released on 2025/04/02. It added 58 new commits
after version 3.2-dev8.
This one was pretty calm in terms of fixes, indicating that everyone might
be busy trying to finish what needs to be merged before we close the doors.
In this version, we'll find:
- a rework of the leastconn algorithm to better scale with CPUs. On
large systems, we observe a significant performance drop on this
algorithm caused by the numerous writes to the tree that contains
the servers positions. The implementation was revamped to combine
mt_lists and mostly-persistent tree nodes so as to almost never
write-lock the tree and perform instant pickups of servers from
the lists. This resulted in around +80% request rate on 64 core
systems where fwlc_srv_reposition() now takes ~10% CPU versus 75%
previously. The gains are more important with large farms than with
small ones. A nice bonus is that some of the previous optimizations
we used to do to save CPU resulted in some imbalance in max numbers
of connections which are corrected now. Typically on a 500-server
farm we used to see max values around 65-70 connections for each
server while now the max is around 16-20, indicating a much smoother
balancing.
- the consistent-hash balancing algorithm now supports a new option
hash-preserve-affinity, which allows to decide whether or not to
stay on the same server or to overflow when maxconn is reached or
maxqueue is reached. The idea is that for some fast servers it can
be better to stay on the same server when the queue is small, while
in other cases some might prefer to overflow to adjacent servers.
- health checks can now be performed on existing idle connections. For
quite some time we've wanted to offer this possibility to test the
application more than the network. This is particularly true in
cloud environments where establishing a TLS connection to send a
request can be costly. There is now a server optoin "check-reuse-pool"
that prefers to reuse an existing idle connection to send the check
if there is one available. In this case it doesn't validate the ability
to create a new connection but for many users this is more than
sufficient. And more importantly, this mechanism also allows to enable
health checks on RHTTP servers, which can be nice for those willing to
use RHTTP to host their internal servers while still checking them.
- pools merging has been reworked so that similar pools are merged, and
not just those whose size divided by 16 is the same, like was done
till now. Now pools with less than 16 bytes of difference or 1% of
their size will be merged. This resulted in a reduction from 48 to 36
pools and about 3 MB of RAM saved after a test of 1M requests. In
addition "show pools detailed" now shows which pools are merged
together (this will help us track the origin of rare use-after-free
bugs).
- the "-dc" command line option now shows how thread groups and threads
are going to be bound. Also a new CPU policy "group-by-2-clusters"
(as well as 3 and 4) allows to create less groups of more threads at
the expense of a progressive performance drop on systems with many
CCX and few cores per CCX. The observed performance loss in tests by
going from 1 to 2 CCX per thread group was in the range of 3-5%,
which is acceptable to many users if it helps make a better use of
the available CPUs (e.g. when you have to divide 31 CPUs in groups,
good luck :-)).
- QUIC: the max-stream-data is now configured as a ratio of the memory
allocated per connection, to make the configuration easier
- a new "bc_reused" sample-fetch function reports whether or not the
backend connection was reused or a new one.
- log formats support a new "raw" typecast that allows to bypass encoding
of a node element preparing for its inclusion in an upper level one.
- a few build fixes for older compilers, for NetBSD and Solaris
- CI updates to allow manual builds from forks (alt OSes, coverity etc)
- doc cleanups
- an example of how to write more interactive Lua applications was placed
in examples/games.cfg. It features a demo of a well-known games
consisting in arranging falling blocks into lines. It's perfectly
playable when connecting over TCP, and revealed some interesting
limitations of the CLI that we now see how to address, and which will
also unblock the large payload processing. Just start
haproxy -f examples/games.cfg and follow the instructions.
And that's about all for this version. From now on we'll calm down on
sensitive changes. I'm aware that Aurélien still has some API updates
for the Lua, William some stuff related to ACME and Amaury some cleanups
for RHTTP. I also noted a number of things that can be cleaned up, for
example I noticed we don't support gcc<4.7 anymore, so we could get rid
of some old #ifdef blocks. Anyway, so far so good. I clearly don't expect
many updates to come in the following weeks, the haproxyconf is in 2 months
and I know that several devs have some presentations to prepare; I know by
experience that this doesn't cope well at all with development. The good
news is that we'll get more fixes than new features and that's exactly
what we want in an LTS version ;-)
Please find the usual URLs below :
Site index : https://www.haproxy.org/
Documentation : https://docs.haproxy.org/
Wiki : https://github.com/haproxy/wiki/wiki
Discourse : https://discourse.haproxy.org/
Slack channel : https://slack.haproxy.org/
Issue tracker : https://github.com/haproxy/haproxy/issues
Sources : https://www.haproxy.org/download/3.2/src/
Git repository : https://git.haproxy.org/git/haproxy.git/
Git Web browsing : https://git.haproxy.org/?p=haproxy.git
Changelog : https://www.haproxy.org/download/3.2/src/CHANGELOG
Dataplane API :
https://github.com/haproxytech/dataplaneapi/releases/latest
Pending bugs : https://www.haproxy.org/l/pending-bugs
Reviewed bugs : https://www.haproxy.org/l/reviewed-bugs
Code reports : https://www.haproxy.org/l/code-reports
Latest builds : https://www.haproxy.org/l/dev-packages
Willy
---
Complete changelog :
Amaury Denoyelle (17):
MINOR: quic: move global tune options into quic_tune
CLEANUP: quic: reorganize TP flow-control initialization
MINOR: quic: ignore uni-stream for initial max data TP
MINOR: mux-quic: define config for max-data
MINOR: quic: define max-stream-data configuration as a ratio
BUG/MINOR: rhttp: fix incorrect dst/dst_port values
BUG/MINOR: backend: do not overwrite srv dst address on reuse
BUG/MEDIUM: backend: fix reuse with set-dst/set-dst-port
MINOR: sample: define bc_reused fetch
REGTESTS: extend conn reuse test with transparent proxy
MINOR: backend: fix comment when killing idle conns
MINOR: backend: adjust conn_backend_get() API
MINOR: backend: extract conn hash calculation from connect_server()
MINOR: backend: extract conn reuse from connect_server()
MINOR: backend: remove stream usage on connection reuse
MINOR: check define check-reuse-pool server keyword
MEDIUM: check: implement check-reuse-pool
Aurelien DARRAGON (1):
MINOR: log: support "raw" logformat node typecast
David Carlier (1):
MINOR: cpu-topo: cpu_dump_topology() SMT info check little optimisation
Ilia Shipitsin (10):
CI: fedora rawhide: allow "on: workflow_dispatch" in forks
CI: fedora rawhide: install "awk" as a dependency
CI: spellcheck: allow "on: workflow_dispatch" in forks
CI: coverity scan: allow "on: workflow_dispatch" in forks
CI: cross compile: allow "on: workflow_dispatch" in forks
CI: Illumos: allow "on: workflow_dispatch" in forks
CI: NetBSD: allow "on: workflow_dispatch" in forks
CI: QUIC Interop on AWS-LC: allow "on: workflow_dispatch" in forks
CI: QUIC Interop on LibreSSL: allow "on: workflow_dispatch" in forks
CLEANUP: assorted typo fixes in the code and comments
Olivier Houchard (5):
MINOR: mt_list: Implement mt_list_try_lock_prev().
MINOR: lbprm: Add method to deinit server and proxy
MINOR: threads: Add HA_RWLOCK_TRYRDTOWR()
MAJOR: leastconn; Revamp the way servers are ordered.
BUG/MEDIUM: leastconn: Don't try to reposition if the server is down
Pierre-Andre Savalle (1):
MEDIUM: lb-chash: add directive hash-preserve-affinity
Valentine Krasnobaeva (2):
BUG/MINOR: log: fix gcc warn about truncating NUL terminator while init
char arrays
MINOR: compiler: add __nonstring macro
William Lallemand (5):
MINOR: jws: emit the JWK thumbprint
TESTS: jws: change the jwk format
MINOR: ssl/ckch: add substring parser for ckch_conf
BUG/MINOR: ssl/ckch: leak in error path
BUILD: ssl/ckch: potential null pointer dereference
Willy Tarreau (16):
MEDIUM: pools: be a bit smarter when merging comparable size pools
REGTESTS: disable the test balance/balance-hash-maxqueue
MINOR: thread: dump the CPU topology in thread_map_to_groups()
MINOR: cpu-set: compare two cpu sets with ha_cpuset_isequal()
MINOR: cpu-set: add a new function to print cpu-sets in human-friendly
mode
MINOR: cpu-topo: add a dump of thread-to-CPU mapping to -dc
MINOR: cpu-topo: pass an extra argument to ha_cpu_policy
MINOR: cpu-topo: add new cpu-policies "group-by-2-clusters" and above
BUG/MINOR: config: silence .notice/.warning/.alert in discovery mode
EXAMPLES: add "games.cfg" and an example game in Lua
DOC: config: fix two missing "content" in "tcp-request" examples
BUILD: compiler: undefine the CONCAT() macro if already defined
BUILD: backend: silence a build warning when not using ssl
BUILD: quic_sock: address a strict-aliasing build warning with gcc 5 and 6
BUILD: ssl_ckch: use my_strndup() instead of strndup()
DOC: update INSTALL to reflect the minimum compiler version
---
