Problems using limit_zone and limit_conn
Stuart McKim
mckim at osuosl.org
Thu Apr 10 22:04:03 MSD 2008
I am trying to limit the number of connections to my server from a
single IP address using the limit_zone module as described on the wiki
[2], but nginx is not sending a 503 to the client as expected.
In the past I have used apache's mod_limitipconn to limit the number of
simultaneous connections to 20 from a single IP address. I have tried to
duplicate that behaviour with nginx.
Attached is the output of `ab' [2], which is what I am using to generate
the requests. When testing against apache, I see many failed requests,
which the logs show as a returned 503. However, when using nginx, all
the requests are returned with a 200. The logs show zero 503 replies
sent.
Attached is the ab output for both tests and my nginx.conf.
The configuration seems quite simple, so I am surprised that it doesn't
work. Anybody see any errors on my part?
Thanks,
Stuart
References:
[1] http://wiki.codemongers.com/NginxHttpLimitZoneModule
[2] http://httpd.apache.org/docs/2.2/programs/ab.html
--
Stuart McKim
FTP Administrator
Open Source Lab
Oregon State University
-------------- next part --------------
user nginx nginx;
worker_processes 1;
error_log /var/log/nginx/error_log info;
events {
worker_connections 8192;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 4 2k;
request_pool_size 4k;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
ignore_invalid_headers on;
index index.html;
limit_zone one $binary_remote_addr 10m;
limit_conn one 20;
server {
listen :80;
server_name mckim2.osuosl.org;
access_log /var/log/nginx/localhost.access_log main;
error_log /var/log/nginx/localhost.error_log info;
root /var/www/nginx/htdocs2;
}
}
-------------- next part --------------
laptop:~ root# ab -n10000 -c100 -k http://mckim2.osuosl.org/snkpage.html
This is ApacheBench, Version 1.3d <$Revision: 1.73 $> apache-1.3
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking mckim2.osuosl.org (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Finished 10000 requests
Server Software: Apache
Server Hostname: mckim2.osuosl.org
Server Port: 80
Document Path: /snkpage.html
Document Length: 170 bytes
Concurrency Level: 100
Time taken for tests: 3.177 seconds
Complete requests: 10000
Failed requests: 6412
(Connect: 0, Length: 6412, Exceptions: 0)
Broken pipe errors: 0
Non-2xx responses: 6442
Keep-Alive requests: 3605
Total transferred: 5316027 bytes
HTML transferred: 3125230 bytes
Requests per second: 3147.62 [#/sec] (mean)
Time per request: 31.77 [ms] (mean)
Time per request: 0.32 [ms] (mean, across all concurrent requests)
Transfer rate: 1673.29 [Kbytes/sec] received
Connnection Times (ms)
min mean[+/-sd] median max
Connect: 0 2 3.7 0 44
Processing: 0 29 26.8 20 211
Waiting: 0 29 26.7 20 211
Total: 0 31 27.0 23 211
Percentage of the requests served within a certain time (ms)
50% 23
66% 37
75% 47
80% 53
90% 70
95% 84
98% 103
99% 116
100% 211 (last request)
-------------- next part --------------
laptop:~ root# ab -n10000 -c100 -k http://mckim2.osuosl.org/snkpage.html
This is ApacheBench, Version 1.3d <$Revision: 1.73 $> apache-1.3
Copyright (c) 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright (c) 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking mckim2.osuosl.org (be patient)
Completed 1000 requests
Completed 2000 requests
Completed 3000 requests
Completed 4000 requests
Completed 5000 requests
Completed 6000 requests
Completed 7000 requests
Completed 8000 requests
Completed 9000 requests
Finished 10000 requests
Server Software: nginx/0.6.29
Server Hostname: mckim2.osuosl.org
Server Port: 80
Document Path: /snkpage.html
Document Length: 170 bytes
Concurrency Level: 100
Time taken for tests: 1.225 seconds
Complete requests: 10000
Failed requests: 0
Broken pipe errors: 0
Keep-Alive requests: 10070
Total transferred: 4128700 bytes
HTML transferred: 1711900 bytes
Requests per second: 8163.27 [#/sec] (mean)
Time per request: 12.25 [ms] (mean)
Time per request: 0.12 [ms] (mean, across all concurrent requests)
Transfer rate: 3370.37 [Kbytes/sec] received
Connnection Times (ms)
min mean[+/-sd] median max
Connect: 0 0 0.7 0 13
Processing: 1 11 11.3 8 98
Waiting: 1 11 11.3 8 98
Total: 1 12 11.3 8 98
Percentage of the requests served within a certain time (ms)
50% 8
66% 9
75% 11
80% 12
90% 31
95% 37
98% 50
99% 61
100% 98 (last request)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://nginx.org/pipermail/nginx/attachments/20080410/499cc844/attachment.pgp>
More information about the nginx
mailing list