tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <ch...@christopherschultz.net>
Subject Re: CPU high usage, the reason org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run
Date Mon, 25 Nov 2019 16:56:59 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Mladen,

On 11/25/19 11:28, Mladen Adamović wrote:
> On Mon, Nov 25, 2019 at 4:54 PM Christopher Schultz 
> <chris@christopherschultz.net
> <mailto:chris@christopherschultz.net>> wrote:
> 
> 50k connections is quite a lot. Is this a physical or virtual
> server? Do you expect to have lots of long-lived connections that
> are mostly idle (e.g. WebSocket)? Or do you just want to handle
> huge amounts of actual load (i.e. lots of requests)?
> 
> 
> It's a physical server with a relatively high load (100 requests
> per second when low), serving mostly text/html content.

So not very many long-lasting connections, at least not for serving
requests like WebSocket, etc.

> Due to default TCP internals, one connection can be long-lasting,
> only round trip time to confirm that the message is received could
> last 200ms.

That's not very long. I was thinking of minutes-long connections
remaining open. This is not uncommon for WebWocket connections where
clients communicate with the server infrequently but maintain
long-term connections.

> 50000 connections are how many connections server can accept at the
> same time.

Right: that was in your configuration.

> We certainly want to be able to serve 10000 hits per second (!),
> while some connections might be stalled.

What might stall a connection? The network, or the application (or
database, etc.)?

> And to survive a DDoS attack which tries to keep connections
> stalled using server farms (if it ever happens).

To survive a DDOS you might want to *reduce* the number of connections
you accept. A smaller queue can recover more quickly than a large one.

For real DDOS protection, you need a provider who can handle lots of
traffic and respond quickly by black-holing that kind of traffic as
far upstream as possible. If your DDOS protection is at the host- or
service-level, then you've already lost the battle.

- -chris
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3cB9kACgkQHPApP6U8
pFhTWw//Vc2JQmA7giEdymiPJHUcCtECZOtztStWEvJPlc/Gb9ij+qU6c5eWV+Lf
cNiURms4fgsFDYGLnzmn2x4yKFi0NXZJVfM+6SX5FXmXwKKsGX5tYAytI26x21Hw
Ti+BOnzl/Fr9V9LOMkgWwH9J52MQmX2gowITywgu/l1NpvKLMfO5FQPVEZes4rJ2
XGILY8D3lWQh36nm0qou9+yeWxAirwZZ5BmrugJJEeu0iA7ANpEgt+qVXZILC8a6
wp9Kpt7iH5XgrEGaRd1qG25ZdVzPsChSWLKr93BlmA67FDel4YH0CkcfzI5UNC0i
8+0c0jA/MOprykjSD0IHBds6nFR3ijxZrR4o2gI7sKqMRr8i/WLqsLoZmjlqFDTw
8jaSld4RGNVu7HlWRheWfdBLb0sHUKiRh42sydY4/2rjMCNmFy+QDvYdGiL8yWMk
Cnq72A8QUfekxJFCt/5DzTMy9hSywPpMpdzpfP3REwgMbmtBuvsRD7vbpaGWCZwQ
jY2n/kz3kHyF/5YB05xMyg79T4a+mzZYjfNnRYFPL8FuJE3oYICuFOvlHXeq3et0
ja5yviWPTotHYeiG8EsOo4GWVtVFpDhtm0+VI23dHrQOFZIroCW0VNxapODeZ4Mc
qmWDQgqOW5b7zaDg1sZa1F0PjdfmuadTk1u7C/AayaA7wKbG9ko=
=MUxt
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message