tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Burroughs <>
Subject Passive TCP Close
Date Mon, 05 Sep 2011 23:05:20 GMT
(The first few paragraphs are background and why the "obvious" solution
won't work for us.)

So the "normal" problem a HTTP server will experience when serving many
small requests to a large number of clients is a pile of connections in
TIME_WAIT.  There not great but there are a number of ways to mitigate
that.  We are seeing a new problem well poorly behaved clients are
apparently ignoring our FINs, which is resulting in a pile of FIN_WAIT*
connections which are more complicated to deal with.  Since for this
particular app it is highly unlikely that the client has any need for
more communication with the server it would be nice if we could "force"
the connection to close (ie send a RST after some period of time).

The obvious solution from looking at man pages is SO_LINGER.  This
unfortunately still has two problems on Linux:

(a) If linger > 0, close blocks which is untenable unless we go back to
a thread per request model

(b) if linger == 0, the connection is severed even if there is data in
the outbound queue.

Apache httpd deals with the lack of a system call for "please send this
data if you can and then wait n seconds to close the socket" with some
custom C code [1].  I *think* haproxy does something similar, but am
even less familiar with that code base.  I'm not sure if it's even
possible to do the same from Java, and I don't think that particular
httpd code can be re-used by a tomcat connector since it's not part of
the Apache Portable Runtime.  If I'm wrong on those points that would be
super cool.

Anyway, on to the original subject.  An alternative solution [2] is to
push the responsibility for the TCP close handshake to the client (and
periodically have iptables RST idle connections).  This seems a natural
fit for HTTP (user agents know if they have requests for the same server
queued without complex application specific logic), but as fas as I know
is not typical. It would also have the added bonus of keeping the pile
of ligament TIME_WAIT connections off of the server too.  Does anyone
have any experience with doing passive TCP connection closes with
Tomcat, or theoretical reasons why it would or would not work?



To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message