You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Remy Maucherat <re...@apache.org> on 2003/07/28 17:16:29 UTC
[5.0] Connector default configuration + connection timeout
Hi,
What would be the best connector default configuration ?
I switched HTTP/1.1 to be:
maxThreads: 100
minSpare: 1
maxSpare: 10
That should be ok for a small/medium site, and bad for a large site. It
should be decent for benchmarking if there's a warmup period. Should the
default config be large site compliant ?
Also, in order to conserve processors for useful tasks when the load
increases (and also twart DoS attacks), I was thinking about introducing
dynamic scaling for the HTTP connection timeout for keepalive.
The formula would be something like this.
ratio = maxThreads / currentBusyThreads;
if (ratio between 0 and 0.33) {
normal timeout
} else if (ratio between 0.33 and 0.66) {
half timeout
} else if (ratio between 0.66 and 1) {
no keepalive (so only one request is processed per connection),
timeout / 4 (or maybe more)
}
Comments ?
Remy
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: [5.0] Connector default configuration + connection timeout
Posted by Remy Maucherat <re...@apache.org>.
Glenn Nielsen wrote:
> Bill Barker wrote:
>> No keepalive sounds like a bad idea: You are going to free-up
>> connections
>> much faster if you get the image files out the pipe then if the
>> browser is
>> immediately turning around and re-establishing a connection. It might
>> also
>> be a good idea if there was an option to disable this, for the few cases
>> where you care more about the the connected user's experience then the
>> new-connection speed (Applet classloading comes to mind).
>
> I found the opposite to be true, turning keepalive off is a better solution
> for the server. There was a very good explanation why this is so at the
> last ApacheCon in an Apache httpd performance tuning session.
Ok, but keepalive in general helps server performance IMO (through
reduced bandwidth usage). When the number of available processors gets
"low", then it could be worth it to disable it (that's what I was
proposing at least). Of course, I don't think it is the buisness of the
TC HTTP/1.1 conector to implement stuff aimed at avoiding serious DoS
attacks, so the idea right now is just to avoid minor problems and to
handle traffic surges better.
Remy
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: [5.0] Connector default configuration + connection timeout
Posted by Glenn Nielsen <gl...@mail.more.net>.
Bill Barker wrote:
> ----- Original Message -----
> From: "Remy Maucherat" <re...@apache.org>
> To: "Tomcat Developers List" <to...@jakarta.apache.org>
> Sent: Monday, July 28, 2003 8:16 AM
> Subject: [5.0] Connector default configuration + connection timeout
>
>
>
>>Hi,
>>
>>What would be the best connector default configuration ?
>>
>>I switched HTTP/1.1 to be:
>>maxThreads: 100
>>minSpare: 1
>>maxSpare: 10
>>That should be ok for a small/medium site, and bad for a large site. It
>>should be decent for benchmarking if there's a warmup period. Should the
>>default config be large site compliant ?
>
>
> Jk-Coyote should probably match the Apache2 defaults, since with the
> pre-fork MPM, connections are 1-1 with Apache2 children.
>
>
>>Also, in order to conserve processors for useful tasks when the load
>>increases (and also twart DoS attacks), I was thinking about introducing
>> dynamic scaling for the HTTP connection timeout for keepalive.
>>The formula would be something like this.
>>
>>ratio = maxThreads / currentBusyThreads;
>>
>>if (ratio between 0 and 0.33) {
>> normal timeout
>>} else if (ratio between 0.33 and 0.66) {
>> half timeout
>>} else if (ratio between 0.66 and 1) {
>> no keepalive (so only one request is processed per connection),
>>timeout / 4 (or maybe more)
>>}
>>
>
>
> No keepalive sounds like a bad idea: You are going to free-up connections
> much faster if you get the image files out the pipe then if the browser is
> immediately turning around and re-establishing a connection. It might also
> be a good idea if there was an option to disable this, for the few cases
> where you care more about the the connected user's experience then the
> new-connection speed (Applet classloading comes to mind).
>
I found the opposite to be true, turning keepalive off is a better solution
for the server. There was a very good explanation why this is so at the
last ApacheCon in an Apache httpd performance tuning session.
Regards,
Glenn
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: [5.0] Connector default configuration + connection timeout
Posted by Bill Barker <wb...@wilshire.com>.
----- Original Message -----
From: "Remy Maucherat" <re...@apache.org>
To: "Tomcat Developers List" <to...@jakarta.apache.org>
Sent: Monday, July 28, 2003 8:16 AM
Subject: [5.0] Connector default configuration + connection timeout
> Hi,
>
> What would be the best connector default configuration ?
>
> I switched HTTP/1.1 to be:
> maxThreads: 100
> minSpare: 1
> maxSpare: 10
> That should be ok for a small/medium site, and bad for a large site. It
> should be decent for benchmarking if there's a warmup period. Should the
> default config be large site compliant ?
Jk-Coyote should probably match the Apache2 defaults, since with the
pre-fork MPM, connections are 1-1 with Apache2 children.
>
> Also, in order to conserve processors for useful tasks when the load
> increases (and also twart DoS attacks), I was thinking about introducing
> dynamic scaling for the HTTP connection timeout for keepalive.
> The formula would be something like this.
>
> ratio = maxThreads / currentBusyThreads;
>
> if (ratio between 0 and 0.33) {
> normal timeout
> } else if (ratio between 0.33 and 0.66) {
> half timeout
> } else if (ratio between 0.66 and 1) {
> no keepalive (so only one request is processed per connection),
> timeout / 4 (or maybe more)
> }
>
No keepalive sounds like a bad idea: You are going to free-up connections
much faster if you get the image files out the pipe then if the browser is
immediately turning around and re-establishing a connection. It might also
be a good idea if there was an option to disable this, for the few cases
where you care more about the the connected user's experience then the
new-connection speed (Applet classloading comes to mind).
> Comments ?
>
> Remy
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
Re: [5.0] Connector default configuration + connection timeout
Posted by Remy Maucherat <re...@apache.org>.
Henri Gomez wrote:
> Remy Maucherat a écrit :
>
>> Hi,
>>
>> What would be the best connector default configuration ?
>>
>> I switched HTTP/1.1 to be:
>> maxThreads: 100
>> minSpare: 1
>> maxSpare: 10
>> That should be ok for a small/medium site, and bad for a large site.
>> It should be decent for benchmarking if there's a warmup period.
>> Should the default config be large site compliant ?
>
>
> May be you should mimic the defaults settings of Apache 2.0 :
>
> 150 Threads, 25 MinSpare, 75 MaxSpare.
Ok, thanks.
I forgot to mention JK 2 in my email ;-) What should be the default
configuration for that connector (including jk2.properties if any) ?
>> Also, in order to conserve processors for useful tasks when the load
>> increases (and also twart DoS attacks), I was thinking about
>> introducing dynamic scaling for the HTTP connection timeout for
>> keepalive.
>> The formula would be something like this.
>>
>> ratio = maxThreads / currentBusyThreads;
>>
>> if (ratio between 0 and 0.33) {
>> normal timeout
>> } else if (ratio between 0.33 and 0.66) {
>> half timeout
>> } else if (ratio between 0.66 and 1) {
>> no keepalive (so only one request is processed per connection),
>> timeout / 4 (or maybe more)
>> }
>>
>> Comments ?
>
>
> Protection against DOS attack should also have some glues like :
>
> - Max clients from the same IP (ie DOS attack from the same host).
>
> - Max request by minutes or seconds (slow down attackers....)
I don't think those work too well except in very specific cases, as
pointed out by Ilona.
Remy
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: [5.0] Connector default configuration + connection timeout
Posted by Remy Maucherat <re...@apache.org>.
Henri Gomez wrote:
> matthias.ernst@coremedia.com a écrit :
>
>> On Mon, 28 Jul 2003, Henri Gomez wrote:
>>> May be you should mimic the defaults settings of Apache 2.0 :
>>>
>>> 150 Threads, 25 MinSpare, 75 MaxSpare.
>>
>> Shouldn't one assume that a servlet container's application is different
>> from that of a webserver ? I.e. less static files, more computation ? I
>> always feel tempted to pull the threads down to something like 20. After
>> all, all I have is 2 CPUs.
>>
>> Weblogic ships with 35 threads.
>
> I think Remy want a configuration settings where TC 5.0 is acting as
> a real web-server (for example to serve a major OSS web-site ;)
Not quite :) For that kind of use, I think more processors are needed.
We only need a balanced and decent default configuration (and I'll
implement my timeout and keepalive tweaks, since I think this is
important for a threaded web server like Tomcat).
Remy
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: [5.0] Connector default configuration + connection timeout
Posted by Henri Gomez <hg...@apache.org>.
matthias.ernst@coremedia.com a écrit :
> On Mon, 28 Jul 2003, Henri Gomez wrote:
>
>
>>May be you should mimic the defaults settings of Apache 2.0 :
>>
>>150 Threads, 25 MinSpare, 75 MaxSpare.
>>
>
>
> Shouldn't one assume that a servlet container's application is different
> from that of a webserver ? I.e. less static files, more computation ? I
> always feel tempted to pull the threads down to something like 20. After
> all, all I have is 2 CPUs.
>
> Weblogic ships with 35 threads.
I think Remy want a configuration settings where TC 5.0 is acting as
a real web-server (for example to serve a major OSS web-site ;)
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: [5.0] Connector default configuration + connection timeout
Posted by ma...@coremedia.com.
On Mon, 28 Jul 2003, Henri Gomez wrote:
> May be you should mimic the defaults settings of Apache 2.0 :
>
> 150 Threads, 25 MinSpare, 75 MaxSpare.
>
Shouldn't one assume that a servlet container's application is different
from that of a webserver ? I.e. less static files, more computation ? I
always feel tempted to pull the threads down to something like 20. After
all, all I have is 2 CPUs.
Weblogic ships with 35 threads.
Matthias
--
Matthias Ernst
Software Engineer
CoreMedia - Smart Content Technology
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
Re: [5.0] Connector default configuration + connection timeout
Posted by Henri Gomez <hg...@apache.org>.
Remy Maucherat a écrit :
> Hi,
>
> What would be the best connector default configuration ?
>
> I switched HTTP/1.1 to be:
> maxThreads: 100
> minSpare: 1
> maxSpare: 10
> That should be ok for a small/medium site, and bad for a large site. It
> should be decent for benchmarking if there's a warmup period. Should the
> default config be large site compliant ?
May be you should mimic the defaults settings of Apache 2.0 :
150 Threads, 25 MinSpare, 75 MaxSpare.
> Also, in order to conserve processors for useful tasks when the load
> increases (and also twart DoS attacks), I was thinking about introducing
> dynamic scaling for the HTTP connection timeout for keepalive.
> The formula would be something like this.
>
> ratio = maxThreads / currentBusyThreads;
>
> if (ratio between 0 and 0.33) {
> normal timeout
> } else if (ratio between 0.33 and 0.66) {
> half timeout
> } else if (ratio between 0.66 and 1) {
> no keepalive (so only one request is processed per connection),
> timeout / 4 (or maybe more)
> }
>
> Comments ?
Protection against DOS attack should also have some glues like :
- Max clients from the same IP (ie DOS attack from the same host).
- Max request by minutes or seconds (slow down attackers....)
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org