Some network services have to restart the process in order to complete the restart or to reload configuration files, and a typical example is the HAProxy network service. By adopting the SO_REUSEPORT option, the HAProxy network service binds a new process to the same IP address and the same port as the original process to listen to the new connection, then sends a signal to notify the original process to shut down the socket on the listening port. However, during a short time period in which both the new and original processes are bound to the same IP address and the same port while the listening socket of the original process has not been closed, the new connections may arrive. According to the implementation of SO_REUSEPORT in Linux kernel, the first new connected packet (Initialization Synchronization packet, SYN packet) may be assigned to any one of the original and new processes. If the SYN packet is assigned to the original process while the listening socket of the original process is shut down, according to the TCP protocol, the server sends a TCP RST packet to the client to reset the connection.
To solve the above-mentioned problem in the network services, several solutions have been provided. One simple solution is to discard the received new SYN packet through configuring Iptables rule when reloading the process. According to the TCP protocol, if the client does not receive SYN/ACK packet, after a period of time, the client will re-send the SYN packet. However, the disadvantage of this solution is that the client has to wait for a certain period of time until the time is out, before resending the SYN packet. The waiting time is often substantially long, for example, more than 1 second, while the time for reloading the process requires only tens of milliseconds. Although the new connection is not going to be reset, a longer time delay may be introduced.
Another applicable solution is to utilize Linux traffic control tools (TC). First, Iptables are adopted to label the new incoming SYN packets, then the TC tool is adopted to temporarily cache these packets. After the process completes the reloading, the SYN packets are released. Compared to the previous solution, this solution may have a relatively short time delay. However, because the TC tool is only capable of controlling the outflow of the traffic, the corresponding application scenarios may be rather limited.