Frontend Session Limit Saturation

critical

Resource ContentionUpdated Nov 4, 2020

HAProxy frontend reaching maxconn limit causes new connection attempts to timeout, visible as frontend sessions (scur) approaching or equaling configured limit (smax).

Sources

How To Troubleshoot Common HAProxy Errors - DigitalOceanwww.digitalocean.com

Monitor current statisticswww.haproxy.com

Technologies:

HAProxySymptoms of this issue are visible in HAProxy metrics and logs

How to detect:

Alert when haproxy_frontend_session_current approaches haproxy_frontend_limit_session_rate or when the ratio of current to max sessions exceeds 80%. Monitor haproxy_frontend_connections_cumul rate for sudden drops indicating rejected connections.

Recommended action:

Increase global maxconn or frontend-specific maxconn settings. If sustained, scale HAProxy horizontally or investigate why session durations are abnormally long. Check for slow-loris attacks or misbehaving clients holding connections open.