Your Feature Request
We would like to add an option to health checking in HAProxy that extends the special init state of DOWN (and UP) to more than the first health check attempt. DOWN and UP take the server FULLY_UP or FULLY_DOWN depending on the first health check. The option we are proposing extends this behaviour to the first n attempts.
Example
Let's walk through some examples to clarify the behaviour. Let's assume rise 2 fall 2 init-state down and our new option set to extend the DOWN behaviour to up to three health check attempts. To be read as follows: Given the health check verdicts (in order), what is the resulting status.
L4OK → FULLY_UP
L4TOUT, L4OK → FULLY_UP (new behaviour)
L4TOUT, L4TOUT, L4OK → FULLY_UP (new behaviour)
L4TOUT, L4TOUT, L4TOUT → FULLY_DOWN (same behaviour)
L4TOUT, L4TOUT, L4TOUT, L4OK → DOWN (same behaviour, next must succeed for FULLY_UP)
L4TOUT, L4TOUT, L4TOUT, L4OK, L4OK → FULLY_UP (same behaviour)
What are you trying to do?
We are running HAProxy with targets on an overlay network. When starting HAProxy on a new machine the new topology of the overlay network might not have propagated to every participant in the overlay network yet. This can cause HAProxy to not succeed when attempting its initial health checks.
Output of haproxy -vv
HAProxy version 3.3.10-0a72d7f9f-hc20260113 2026/05/11 - https://haproxy.org/
Status: stable branch - will stop receiving fixes around Q1 2027.
Known bugs: http://www.haproxy.org/bugs/bugs-3.3.10.html
Running on: Linux 6.8.0-64-generic #67-Ubuntu SMP PREEMPT_DYNAMIC Sun Jun 15 20:23:40 UTC 2025 x86_64
Build options :
TARGET = linux-glibc
CC = cc
CFLAGS = -O2 -g -fwrapv -fvect-cost-model=very-cheap
OPTIONS = USE_LIBCRYPT= USE_GETADDRINFO=1 USE_OPENSSL=yes USE_OPENSSL_AWSLC=yes USE_ZLIB=yes USE_QUIC=yes USE_PROMEX=yes USE_PCRE2=yes USE_PCRE2_JIT=yes
DEBUG =
Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ECH -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE +KTLS -LIBATOMIC -LIBCRYPT +LINUX_CAP +LINUX_SPLICE +LINUX_TPROXY -LUA -MATH -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL +OPENSSL_AWSLC -OPENSSL_WOLFSSL -OT -PCRE +PCRE2 +PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL +PROMEX -PTHREAD_EMULATION +QUIC -QUIC_OPENSSL_COMPAT +RT +SHM_OPEN -SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL +ZLIB +ACME +HAVE_TCP_MD5SIG
Default settings :
bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with multi-threading support (MAX_TGROUPS=32, MAX_THREADS=1024, default=2).
Built with SSL library version : OpenSSL 1.1.1 (compatible; AWS-LC 5.0.0)
Running on SSL library version : AWS-LC 5.0.0
SSL library supports TLS extensions : yes
SSL library supports SNI : yes
SSL library FIPS mode : no
SSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3
QUIC: connection sock-per-conn mode support : yes
QUIC: GSO emission support : yes
Built with the Prometheus exporter as a service
Built with network namespace support.
Built with zlib version : 1.3.2
Running on zlib version : 1.3.2
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with PCRE2 version : 10.46 2025-08-27
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): no
Built with gcc compiler version 15.2.0
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
quic : mode=HTTP side=FE|BE mux=QUIC flags=HTX|NO_UPG|FRAMED
h2 : mode=HTTP side=FE|BE mux=H2 flags=HTX|HOL_RISK|NO_UPG
<default> : mode=HTTP side=FE|BE mux=H1 flags=HTX
h1 : mode=HTTP side=FE|BE mux=H1 flags=HTX|NO_UPG
fcgi : mode=HTTP side=BE mux=FCGI flags=HTX|HOL_RISK|NO_UPG
<default> : mode=SPOP side=BE mux=SPOP flags=HOL_RISK|NO_UPG
spop : mode=SPOP side=BE mux=SPOP flags=HOL_RISK|NO_UPG
<default> : mode=TCP side=FE|BE mux=PASS flags=
none : mode=TCP side=FE|BE mux=PASS flags=NO_UPG
Available services : prometheus-exporter
Available filters :
[BWLIM] bwlim-in
[BWLIM] bwlim-out
[CACHE] cache
[COMP] compression
[FCGI] fcgi-app
[SPOE] spoe
[TRACE] trace
Your Feature Request
We would like to add an option to health checking in HAProxy that extends the special init state of DOWN (and UP) to more than the first health check attempt. DOWN and UP take the server FULLY_UP or FULLY_DOWN depending on the first health check. The option we are proposing extends this behaviour to the first n attempts.
Example
Let's walk through some examples to clarify the behaviour. Let's assume
rise 2 fall 2 init-state downand our new option set to extend the DOWN behaviour to up to three health check attempts. To be read as follows: Given the health check verdicts (in order), what is the resulting status.L4OK → FULLY_UP
L4TOUT, L4OK → FULLY_UP (new behaviour)
L4TOUT, L4TOUT, L4OK → FULLY_UP (new behaviour)
L4TOUT, L4TOUT, L4TOUT → FULLY_DOWN (same behaviour)
L4TOUT, L4TOUT, L4TOUT, L4OK → DOWN (same behaviour, next must succeed for FULLY_UP)
L4TOUT, L4TOUT, L4TOUT, L4OK, L4OK → FULLY_UP (same behaviour)
What are you trying to do?
We are running HAProxy with targets on an overlay network. When starting HAProxy on a new machine the new topology of the overlay network might not have propagated to every participant in the overlay network yet. This can cause HAProxy to not succeed when attempting its initial health checks.
Output of
haproxy -vv