You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by Antonio Fiol Bonnín <fi...@terra.es> on 2004/02/19 21:00:29 UTC

Re: Réf. : Re: Réf. : Re: Very Very Slow performance of Tomcat

meissa.Sakho@assetmanagement.natexis.fr wrote:

>Thank you for you answers Antonio,
>
>Yes we have a firewall between tomcat and apache.
>Does it means that there is something else to do?
>  
>

If your firewall is well-behaved, no. There is nothing else to do. 
However, this is not usually the case.  :-(

If your firewall drops idle connections after some time, you will need 
to tune a couple of settings.


In Apache (workers.properties), set:

worker.something.socket_keepalive=1

In your sysctl settings for the Apache machine, set your tcp keepalive 
time to a value lower than the drop time of your firewall.


Otherwise, you will bang your head against a wall. And that causes 
headache ;-)


Antonio Fiol

Re: Very Very Slow performance of Tomcat - Connection Pool Dies

Posted by Ankur Shah <to...@optonline.net>.
Harry Mantheakis wrote:

>>If your firewall drops idle connections after some time, you will need
>>to tune a couple of settings.
>>    
>>
>>In your sysctl settings for the Apache machine, set your tcp keepalive
>>time to a value lower than the drop time of your firewall.
>>    
>>
>
>
>I have a very strict firewall policy on my Linux box - using iptables. Only
>port 80 packets get through. Nothing else.
>
>Does that have something to do with my problem? Is there an ICMP port that I
>need to open up?
>  
>
It does sound more like a firewalling issue. I'd doubt its the iptables, 
though, unless you have squid running on your Linux box ? Also, do you 
connect to the Oracle DB through VPN or another secure link? I know of 
many corporate VPN servers, Proxies set up by default to drop 
connections inactive for a specific amount of time, which is more or 
less what you're seeing.

To corroborate this, I would set up a simple TCP server on the Linux box 
with an open connection to the Oracle backend and leave it open and see 
if I'd get similar results.

-- A

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

RE: Logging

Posted by Yansheng Lin <ya...@silvacom.com>.
No, I am doing it through log4j.  But would it interested in knowing anyone
using J2SE 1.5.0 beta logging API.  Heard it's the same as log4j in principle.

Thanks!

-----Original Message-----
From: David Evans [mailto:dsevans@berndtgroup.net] 
Sent: Friday, February 20, 2004 11:06 AM
To: Tomcat Users List
Subject: Logging


Hello All,

I am trying to get ideas on logging, general configurations, best
practices, etc. Currently i use the default tomcat configuration which
.
.
.
Is that correct? Is that how you do it? Other options? What if you
wanted to have multiple logs per application, say a database access log
and a security violation log, or some such?

Thanks

dave


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Logging

Posted by David Evans <ds...@berndtgroup.net>.
Hello All,

I am trying to get ideas on logging, general configurations, best
practices, etc. Currently i use the default tomcat configuration which
sends all catalina logs to $CATALINA_HOME/logs/catalina_log.XXXX.txt and
sends all System.err.println() and System.out.println() calls to
$CATALINA_HOME/logs/catalina.out. I have used System.err.println to do
both debugging and to do general application logging.  

That has worked fine for me so far, as i've only had one application per
server. I am about to create my first multicontext application and need
to start splitting the logs into seperate files. From what i understand
i can only have one file for System.err.println files, because this is
set by catalina.sh and is sent to the SystemErrLogger. So what i believe
i should do is to set Logger tags within each context tag in my host
tags. With FileLogger as the class attribute and a different directory
attribute for each. And then use ServerContext.log instead of
System.err.println  

Is that correct? Is that how you do it? Other options? What if you
wanted to have multiple logs per application, say a database access log
and a security violation log, or some such?

Thanks

dave


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: (was: similar problem) Connection Pool Dies

Posted by Harry Mantheakis <ha...@mantheakis.freeserve.co.uk>.
This is a follow-up message, for the record.

Following Antonio Fiol's kind prompting, I added the following Commons-DBCP
elements to the DataSource resource parameters specified in my application's
context fragment:

    validationQuery --> select 'x' from dual
    testWhileIdle --> true
    timeBetweenEvictionRunsMillis --> 600000
    numTestsPerEvictionRun --> 10
    minEvictableIdleTimeMillis --> 600000

And I'm glad to say that my web application has maintained its connection(s)
despite being idle for several hours, overnight. I logged in immediately
this morning.

It seems easy enough once you know how, but I suppose trying to wear both
developer and administrator hats is a bit of a tall order: there is just so
much stuff!

Good stuff, I hasten to add. Really good stuff :-)

Thanks again to Antonio, and the others who responded.

Kind regards

Harry Mantheakis
London, UK



> Hi Harry,
> 
> 
>> I'm going to try and hijack this thread if I may (!) because, as you say...
>>  
>> 
> Welcome! ;-)
> 
>> [...] The other Tomcat server runs on a Red Hat 9 machine at my home. It
>> connects
>> to the above Oracle DB box - far away - using the same static IP address.
>> 
>> [...] The problem is with the the DB connections on my own RH9 server - they
>> just
>> *die* after a period of inactivity :-(
>> 
>> That period of inactivity can be as little as half and hour.
>> [...]
>>  
>> 
> 
> Very typical behaviour... at least in our scenario.
> 
>> BTW - the 'first' login attempt (which reactivates the connection pooling)
>> never gets a response - it just times out.
>>  
>> 
> 
> Very true.
> 
>> Do you think you can shed any light on this?
>> 
> 
> I'll try.
> 
>> I have read just about every
>> single forum discussion - from Tomcat-User to Commons DBCP to you-name-it,
>> and I just cannot find the answer.
>>  
>> 
>> I have a very strict firewall policy on my Linux box - using iptables. Only
>> port 80 packets get through. Nothing else.
>> 
>> Does that have something to do with my problem? Is there an ICMP port that I
>> need to open up?
>>  
>> 
> 
> Nope. No ICMP is needed for keepalives.
> The reason of your headaches may be in /proc/sys/net/ipv4/netfilter
> There, you have several timeout values. Check
> ip_conntrack_tcp_timeout_established.
> 
> Anyway, however high you set the values in there, there will be an upper
> limit. So, I think you need to avoid your connection being idle, so that
> your firewall does not drop it, even with low timeout values. To do
> that, I suggest to use the mechanism provided by DBCP to test idle
> connections every now and then.
> 
> testWhileIdle --> true
> validationQuery --> select 'x' from dual
> timeBetweenEvictionRunsMillis --> 300000 (five minutes. Or longer, as
> far as it works...)
> 
> On Monday, I may send you out production values. Now I don't have them,
> so I worked out some ;-)
> 
> I am not sure whether you will need to set some more parameters. The
> authoritative source of information is:
> http://jakarta.apache.org/commons/dbcp/configuration.html
> 
> Other sources (link below) say that you also have to set
> numTestsPerEvictionRun. I'd suggest a value equal to maxIdle.
> http://www.mail-archive.com/commons-user@jakarta.apache.org/msg05339.html
> 
> And he also proposes another solution (which I have not tested):
> 
> ---------------------------------------------------
> You can prevent that your firewall from dropping the connection using
> a oracle technique.
> SQL*Net has a parameter which defines time interval to send a probe
> message to identify if the client process is still alive
> - SQLNET.EXPIRE_TIME, sqlnet.ora file on the server side.
> SQLNET.EXPIRE_TIME = <your_value>
> Set it to something like 30 when your firewall drops connection after
> 60 minutes.
> ---------------------------------------------------
> 
> 
> 
> 
> I hope that helped.
> 
> 
> Antonio Fiol
> 
> 
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: (was: similar problem) Connection Pool Dies

Posted by Harry Mantheakis <ha...@mantheakis.freeserve.co.uk>.
Thank you Antonio (!)

Your suggestions sound very plausible - I shall look into them and I promise
to post a follow up (for the record) in due course, though it might take me
a couple of days.

Many thanks indeed, and kind regards

Harry Mantheakis
London, UK


> Hi Harry,
> 
> 
>> I'm going to try and hijack this thread if I may (!) because, as you say...
>>  
>> 
> Welcome! ;-)
> 
>> [...] The other Tomcat server runs on a Red Hat 9 machine at my home. It
>> connects
>> to the above Oracle DB box - far away - using the same static IP address.
>> 
>> [...] The problem is with the the DB connections on my own RH9 server - they
>> just
>> *die* after a period of inactivity :-(
>> 
>> That period of inactivity can be as little as half and hour.
>> [...]
>>  
>> 
> 
> Very typical behaviour... at least in our scenario.
> 
>> BTW - the 'first' login attempt (which reactivates the connection pooling)
>> never gets a response - it just times out.
>>  
>> 
> 
> Very true.
> 
>> Do you think you can shed any light on this?
>> 
> 
> I'll try.
> 
>> I have read just about every
>> single forum discussion - from Tomcat-User to Commons DBCP to you-name-it,
>> and I just cannot find the answer.
>>  
>> 
>> I have a very strict firewall policy on my Linux box - using iptables. Only
>> port 80 packets get through. Nothing else.
>> 
>> Does that have something to do with my problem? Is there an ICMP port that I
>> need to open up?
>>  
>> 
> 
> Nope. No ICMP is needed for keepalives.
> The reason of your headaches may be in /proc/sys/net/ipv4/netfilter
> There, you have several timeout values. Check
> ip_conntrack_tcp_timeout_established.
> 
> Anyway, however high you set the values in there, there will be an upper
> limit. So, I think you need to avoid your connection being idle, so that
> your firewall does not drop it, even with low timeout values. To do
> that, I suggest to use the mechanism provided by DBCP to test idle
> connections every now and then.
> 
> testWhileIdle --> true
> validationQuery --> select 'x' from dual
> timeBetweenEvictionRunsMillis --> 300000 (five minutes. Or longer, as
> far as it works...)
> 
> On Monday, I may send you out production values. Now I don't have them,
> so I worked out some ;-)
> 
> I am not sure whether you will need to set some more parameters. The
> authoritative source of information is:
> http://jakarta.apache.org/commons/dbcp/configuration.html
> 
> Other sources (link below) say that you also have to set
> numTestsPerEvictionRun. I'd suggest a value equal to maxIdle.
> http://www.mail-archive.com/commons-user@jakarta.apache.org/msg05339.html
> 
> And he also proposes another solution (which I have not tested):
> 
> ---------------------------------------------------
> You can prevent that your firewall from dropping the connection using
> a oracle technique.
> SQL*Net has a parameter which defines time interval to send a probe
> message to identify if the client process is still alive
> - SQLNET.EXPIRE_TIME, sqlnet.ora file on the server side.
> SQLNET.EXPIRE_TIME = <your_value>
> Set it to something like 30 when your firewall drops connection after
> 60 minutes.
> ---------------------------------------------------
> 
> 
> 
> 
> I hope that helped.
> 
> 
> Antonio Fiol
> 
> 
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

Re: (was: similar problem) Connection Pool Dies

Posted by Antonio Fiol Bonnín <fi...@terra.es>.
Hi Harry,


>I'm going to try and hijack this thread if I may (!) because, as you say...
>  
>
Welcome! ;-)

>[...] The other Tomcat server runs on a Red Hat 9 machine at my home. It connects
>to the above Oracle DB box - far away - using the same static IP address.
>
>[...] The problem is with the the DB connections on my own RH9 server - they just
>*die* after a period of inactivity :-(
>
>That period of inactivity can be as little as half and hour.
>[...]
>  
>

Very typical behaviour... at least in our scenario.

>BTW - the 'first' login attempt (which reactivates the connection pooling)
>never gets a response - it just times out.
>  
>

Very true.

>Do you think you can shed any light on this?
>

I'll try.

>I have read just about every
>single forum discussion - from Tomcat-User to Commons DBCP to you-name-it,
>and I just cannot find the answer.
>  
>
>I have a very strict firewall policy on my Linux box - using iptables. Only
>port 80 packets get through. Nothing else.
>
>Does that have something to do with my problem? Is there an ICMP port that I
>need to open up?
>  
>

Nope. No ICMP is needed for keepalives.
The reason of your headaches may be in /proc/sys/net/ipv4/netfilter
There, you have several timeout values. Check 
ip_conntrack_tcp_timeout_established.

Anyway, however high you set the values in there, there will be an upper 
limit. So, I think you need to avoid your connection being idle, so that 
your firewall does not drop it, even with low timeout values. To do 
that, I suggest to use the mechanism provided by DBCP to test idle 
connections every now and then.

testWhileIdle --> true
validationQuery --> select 'x' from dual
timeBetweenEvictionRunsMillis --> 300000 (five minutes. Or longer, as 
far as it works...)

On Monday, I may send you out production values. Now I don't have them, 
so I worked out some ;-)

I am not sure whether you will need to set some more parameters. The 
authoritative source of information is:
http://jakarta.apache.org/commons/dbcp/configuration.html

Other sources (link below) say that you also have to set 
numTestsPerEvictionRun. I'd suggest a value equal to maxIdle.
http://www.mail-archive.com/commons-user@jakarta.apache.org/msg05339.html

And he also proposes another solution (which I have not tested):

---------------------------------------------------
You can prevent that your firewall from dropping the connection using 
a oracle technique.
SQL*Net has a parameter which defines time interval to send a probe 
message to identify if the client process is still alive
- SQLNET.EXPIRE_TIME, sqlnet.ora file on the server side. 
SQLNET.EXPIRE_TIME = <your_value>
Set it to something like 30 when your firewall drops connection after 
60 minutes.
---------------------------------------------------
  



I hope that helped.


Antonio Fiol

Re: Very Very Slow performance of Tomcat - Connection Pool Dies

Posted by Harry Mantheakis <ha...@mantheakis.freeserve.co.uk>.
Hi Antonio

I'm going to try and hijack this thread if I may (!) because, as you say...


> Otherwise, you will bang your head against a wall. And that causes
> headache ;-)


And I *do* have a headache with a problem that might be related to what you
are talking about.

Basically, I have deployed the *same web application* on two different
machines running Tomcat, both of them connecting to the *same remote
database* using the usual JNDI connection pooling mechanism.

One Tomcat server runs on a Windows 2000 machine, and it sits next to the
box that runs the Oracle database. The Oracle DB box has its own static IP
address.

The other Tomcat server runs on a Red Hat 9 machine at my home. It connects
to the above Oracle DB box - far away - using the same static IP address.

Now, the DB connections on the Windows server are *always* available, even
after long periods of inactivity. IOW the DBCP connection pooling works
fine. I can log in at 4.00 am in the morning, and the connections respond
immediately.

The problem is with the the DB connections on my own RH9 server - they just
*die* after a period of inactivity :-(

That period of inactivity can be as little as half and hour.

On my machine, I have to 're-establish' the connection pooling by making a
login request, waiting for about a minute, and then starting a *new* login
request. Then it works until the next period of inactivity.

BTW - the 'first' login attempt (which reactivates the connection pooling)
never gets a response - it just times out.

Do you think you can shed any light on this? I have read just about every
single forum discussion - from Tomcat-User to Commons DBCP to you-name-it,
and I just cannot find the answer.

You also wrote:


> If your firewall drops idle connections after some time, you will need
> to tune a couple of settings.

> In your sysctl settings for the Apache machine, set your tcp keepalive
> time to a value lower than the drop time of your firewall.


I have a very strict firewall policy on my Linux box - using iptables. Only
port 80 packets get through. Nothing else.

Does that have something to do with my problem? Is there an ICMP port that I
need to open up?

I shall be very grateful for any help you can offer, and thank you for your
time so far.

Kind regards

Harry Mantheakis
London, UK









---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org