-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mladen,
On 11/25/19 11:28, Mladen Adamović wrote: > On Mon, Nov 25, 2019 at 4:54 PM Christopher Schultz > <ch...@christopherschultz.net > <mailto:ch...@christopherschultz.net>> wrote: > > 50k connections is quite a lot. Is this a physical or virtual > server? Do you expect to have lots of long-lived connections that > are mostly idle (e.g. WebSocket)? Or do you just want to handle > huge amounts of actual load (i.e. lots of requests)? > > > It's a physical server with a relatively high load (100 requests > per second when low), serving mostly text/html content. So not very many long-lasting connections, at least not for serving requests like WebSocket, etc. > Due to default TCP internals, one connection can be long-lasting, > only round trip time to confirm that the message is received could > last 200ms. That's not very long. I was thinking of minutes-long connections remaining open. This is not uncommon for WebWocket connections where clients communicate with the server infrequently but maintain long-term connections. > 50000 connections are how many connections server can accept at the > same time. Right: that was in your configuration. > We certainly want to be able to serve 10000 hits per second (!), > while some connections might be stalled. What might stall a connection? The network, or the application (or database, etc.)? > And to survive a DDoS attack which tries to keep connections > stalled using server farms (if it ever happens). To survive a DDOS you might want to *reduce* the number of connections you accept. A smaller queue can recover more quickly than a large one. For real DDOS protection, you need a provider who can handle lots of traffic and respond quickly by black-holing that kind of traffic as far upstream as possible. If your DDOS protection is at the host- or service-level, then you've already lost the battle. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3cB9kACgkQHPApP6U8 pFhTWw//Vc2JQmA7giEdymiPJHUcCtECZOtztStWEvJPlc/Gb9ij+qU6c5eWV+Lf cNiURms4fgsFDYGLnzmn2x4yKFi0NXZJVfM+6SX5FXmXwKKsGX5tYAytI26x21Hw Ti+BOnzl/Fr9V9LOMkgWwH9J52MQmX2gowITywgu/l1NpvKLMfO5FQPVEZes4rJ2 XGILY8D3lWQh36nm0qou9+yeWxAirwZZ5BmrugJJEeu0iA7ANpEgt+qVXZILC8a6 wp9Kpt7iH5XgrEGaRd1qG25ZdVzPsChSWLKr93BlmA67FDel4YH0CkcfzI5UNC0i 8+0c0jA/MOprykjSD0IHBds6nFR3ijxZrR4o2gI7sKqMRr8i/WLqsLoZmjlqFDTw 8jaSld4RGNVu7HlWRheWfdBLb0sHUKiRh42sydY4/2rjMCNmFy+QDvYdGiL8yWMk Cnq72A8QUfekxJFCt/5DzTMy9hSywPpMpdzpfP3REwgMbmtBuvsRD7vbpaGWCZwQ jY2n/kz3kHyF/5YB05xMyg79T4a+mzZYjfNnRYFPL8FuJE3oYICuFOvlHXeq3et0 ja5yviWPTotHYeiG8EsOo4GWVtVFpDhtm0+VI23dHrQOFZIroCW0VNxapODeZ4Mc qmWDQgqOW5b7zaDg1sZa1F0PjdfmuadTk1u7C/AayaA7wKbG9ko= =MUxt -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
