Nginx setting up >25.000 concurrent connections per second

ktm at rice.edu ktm at rice.edu
Thu Oct 6 18:38:43 UTC 2011 

On Thu, Oct 06, 2011 at 02:30:41PM -0400, atadmin wrote:
> Hi,
> 
> I a preparing a new web environment with high requirements: 100.000
> concurrents connections per second (sometimes). Every server will
> execute a php script through php5-fpm.
> I am testing where are the limits of nginx (without any php) and how to
> setup the machine for optimize it. I will explain my tests and results:
> 
> Test:
> 
> 10 servers 4 CPUs, 4 Gb ram, 16Gb HD.
> Local Network: 1Gb (Datacenter network)
> 
> 1 Server has a debian squeeze with basic installation (from netinstall
> iso) and nginx from debian repositories (0.7.67-3)
> 
> I changed only 2 options for nginx config (i tested with others):
> 
> worker_processes  4;
> worker_connections  10240;
> 
> I add this lines to /etc/security/limits.conf (restart nginx)
> 
> www-data        soft    nproc           100000
> www-data        soft    nofile          100000
> 
> and for discard I/O issues i mounted /var/log/nginx in ram:
> 
> mount -t tmpfs -o nodev,nosuid,noexec,nodiratime,size=2500M none
> /var/log/nginx/
> 
> Created static file:
> echo "HOLA">/var/www/a.txt
> 
> From the rest of 9 servers with the same basic installation i installed
> apache2-utils and changed: ulimit -n 100000. After just try this
> command:
> 
> ab -n 500000 -c 200 http://192.168.1.11/a.txt
> 
> 
> Really i tested with few server and more with a lot of diferents values
> for ab tool, but i can not get better results:
> 
> # awk '{ print $4 }' /var/log/nginx/localhost.access.log |awk -F: '{
> print $2 ":" $3 ":" $4 }'|sort|uniq -c
> [...]
>   22345 19:57:58
>   21088 19:57:59
>   19010 19:58:00
>   20211 19:58:01
>   22469 19:58:02
>   23121 19:58:03
>   22682 19:58:04
>   23105 19:58:05
>   24537 19:58:06
>   22313 19:58:07
>   22406 19:58:08
>   22804 19:58:09
>   23823 19:58:10
>   22280 19:58:11
>   24634 19:58:12
>   22722 19:58:13
>   22429 19:58:14
>   24271 19:58:15
>   20265 19:58:16
>   20678 19:58:17
>   23136 19:58:18
>   22203 19:58:19
>   22521 19:58:20
>   24254 19:58:21
>   23216 19:58:22
>   22587 19:58:23
>   18365 19:58:24
>   22221 19:58:25
>   22123 19:58:26
>   24464 19:58:27
> [...]
> 
> Also i tried changing a lot of things in /etc/sysctl.conf (sysctl -p and
> restart nginx) but i didn't see better results.
> 
> For example:
> 
> net.ipv4.tcp_keepalive_time = 300
> # Avoid a smurf attack
> net.ipv4.icmp_echo_ignore_broadcasts = 1
>  
> # Turn on protection for bad icmp error messages
> net.ipv4.icmp_ignore_bogus_error_responses = 1
>  
> # Turn on syncookies for SYN flood attack protection
> net.ipv4.tcp_syncookies = 0
>  
> # Turn on and log spoofed, source routed, and redirect packets
> net.ipv4.conf.all.log_martians = 1
> net.ipv4.conf.default.log_martians = 1
>  
> # No source routed packets here
> net.ipv4.conf.all.accept_source_route = 0
> net.ipv4.conf.default.accept_source_route = 0
>  
> # Turn on reverse path filtering
> net.ipv4.conf.all.rp_filter = 1
> net.ipv4.conf.default.rp_filter = 1
>  
> # Make sure no one can alter the routing tables
> net.ipv4.conf.all.accept_redirects = 0
> net.ipv4.conf.default.accept_redirects = 0
> net.ipv4.conf.all.secure_redirects = 0
> net.ipv4.conf.default.secure_redirects = 0
>  
> # Don't act as a router
> net.ipv4.ip_forward = 1
> net.ipv4.conf.all.send_redirects = 0
> net.ipv4.conf.default.send_redirects = 0
>  
> # Turn on execshild
> kernel.exec-shield = 1
> kernel.randomize_va_space = 1
>  
> # Tuen IPv6
> net.ipv6.conf.default.router_solicitations = 0
> net.ipv6.conf.default.accept_ra_rtr_pref = 0
> net.ipv6.conf.default.accept_ra_pinfo = 0
> net.ipv6.conf.default.accept_ra_defrtr = 0
> net.ipv6.conf.default.autoconf = 0
> net.ipv6.conf.default.dad_transmits = 0
> net.ipv6.conf.default.max_addresses = 1
>  
> # Optimization for port usefor LBs
> # Increase system file descriptor limit
> fs.file-max = 655350
>  
> # Allow for more PIDs (to reduce rollover problems); may break some
> programs 32768
> kernel.pid_max = 65536
>  
> # Increase system IP port limits
> net.ipv4.ip_local_port_range = 1500 65000
>  
> # Increase TCP max buffer size setable using setsockopt()
> net.ipv4.tcp_rmem = 4096 87380 33554432 
> net.ipv4.tcp_wmem = 4096 65536 33554432
>  
> # Increase Linux auto tuning TCP buffer limits
> # min, default, and max number of bytes to use
> # set max to at least 4MB, or higher if you use very high BDP paths
> # Tcp Windows etc
> net.core.rmem_max = 33554432
> net.core.wmem_max = 33554432
> net.core.rmem_default=65536 
> net.core.wmem_default=65536 
> net.core.netdev_max_backlog = 5000
> net.ipv4.tcp_window_scaling = 1
> net.ipv4.tcp_timestamps = 1
> net.ipv4.tcp_sack = 1
> net.ipv4.tcp_no_metrics_save = 1
> 
> With last kernels and autoptimize is not necessary change anything about
> tcp buffers (but i think for this requirements yes).
> 
> I was monitoring the machine while tests, CPU usage by nginx is around
> 30%, RAM nothing important, and few I/O traffic, Load <0.50.
> 
> Could somebody help me for find where is the bottleneck?
> 
> Thanks.
> 

Could you be bottle-necked in your testing tool "ab"?

Ken

More information about the nginx mailing list