[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SLAPD_LISTEN increase



This is related to the Solaris backlog/listen queue.

"Implementations may limit the length of the socket's listen queue. If backlog exceeds the implementation-dependent maximum queue length, the length of the socket's listen queue will be set to the maximum supported value."

For more information, man listen(3XNET).

It seems Sun's best practice is to set the listen() call's backlog integer considerably higher than the (expected) system tcp_conn_req_max_q/0 buffer lengths so that it is ultimately controlled by the system's maximum configured value. In a nutshell, this enables a binary application to be tuned without constantly recompiling (by dynamically changing the appropriate ndd values).

This is old, but still affects all versions of Solaris:

"increasing the length of the backlog queue [with ndd] will have no effect unless you also make an adjustment involving the listen() call on the affected port(s). That is, listening applications will need to be rebuilt to increase the requested backlog value, so that the new SOMAXCONN value is reflected in so_qlimit"

So it also seems apropriate to increase this value very high to also harden slapd against SYN Floods (on Solaris). See:

http://www.ciac.org/ciac/bulletins/h-02.shtml

Two birds, one stone.

Joseph

Quanah Gibson-Mount wrote:



--On Tuesday, May 03, 2005 3:08 PM -0400 matthew sporleder <msporleder@gmail.com> wrote:

Running Solaris 8 and recent versions of openldap, I was experiencing
slapd crashes (graceful shutdowns) under heavy load.

After increasing SLAPD_LISTEN from 10 to 1000000, I found that slapd
would take over more of the cpu (never done that before) and could
handle even more load without crashing.  Is there any reason why this
is set to 10 by default, and is there any reason not to change it?


This seems related to an ITS I opened recently after my solaris server unexpectedly shut down gracefully (ITS#3677).

I unfortunately don't know the effect of increasing the number of listeners 6 powers, but I doubt it needs to be that excessive to fix your problem. Given that most OS's by default won't except more than 1,024 connections at once without some tweaking, you could likely get by with a smaller value (100? 1000?). I too am curious what the effects/pitfalls could be in increasing the default number of listeners.

Currently, there is a threads setting that lets you change the number of threads slapd uses. Perhaps there could be a 'listeners' parameter as well, if that is possible. I would still like to know more about the possible side effects.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html