nginx imap proxy - timeouts
Falko Koenig
fkoenig at df.eu
Thu Oct 23 10:26:55 UTC 2014
Hi Dominic,
> On 23/10/14 10:32, Dominic wrote:
>
> Dear Falko
>
> My random guess.
>
> Linux has a maximum of open connections.
> You can get the number by the following command:
>
> sysctl net.ipv4.ip_local_port_range
> > net.ipv4.ip_local_port_range = 32768 61000
>
> The default on my host are 28232 local ports. For each connection a
> local port is used. Because IMAP/POP3 are persistent connections, the
> local ports are getting rare on your system.
> You can increase this setting by /etc/sysctl.conf [1][2].
>
> I guess your Perl script is a small CGI server running on localhost on
> port XYZ (something like port 9000). This will add up additional local
> port usages for every LDAP lookup. If you have 20'000 current
> connection, 8000 used ports that are not yet been freed by the network
> stack (see notes in [1]) and 2000 concurrent LDAP Perl request you'll
> reach the default limit of 28232 possible ports.
> If your Perl script running on localhost I would recommend switching
> to a Unix socket to save up additional local ports.
>
> The Linux network stack (=> limitation of the IPv4 protocol) is not
> capable of handling more than 65536 open connections [3].
> An alternative to this problem might be a switch of a *BSD operating
> system. Whatsapp is handling more than 2 million connections per host
> with FreeBSD [4]. Or use a load balancer with multiple nodes.
>
> Regards
> Dominic
>
>
> [1] http://www.nateware.com/linux-network-tuning-for-2013.html
> [2] http://dak1n1.com/blog/12-nginx-performance-tuning
> [3]
>
http://superuser.com/questions/251596/is-there-a-hard-limit-of-65536-open-tcp-connections-per-ip-address-on-linux
> [4] http://blog.whatsapp.com/196/1-million-is-so-2011
Thank you for your help. These options we have already tried. We had the
same problem using a socket and increasing the option
net.ipv4.ip_local_port_range didn't help. In the setup we're already
using loadbalancer to balance the traffic on different hosts. Do you
have maybe any other suggestions?
--
Freundliche Grüße,
Falko König
Platform Engineer
___________________________________
domainfactory GmbH
Oskar-Messter-Str. 33
85737 Ismaning
Germany
Telefon: +49 (0)89 / 55266-371
Telefax: +49 (0)89 / 55266-222
E-Mail: fkoenig at df.eu
Internet: www.df.eu
Registergericht: Amtsgericht München
HRB 150294, Geschäftsführer:
Peter Mueller, Tobias Mohr
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20141023/70933217/attachment.bin>
More information about the nginx
mailing list