• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL

Chapter 12. Server Operating System > Configurable OS Parameters

12.7. Configurable OS Parameters

Here, we go over optimum parameters for web services. Note that Unix systems are shipped with a generic kernel, optimized not for any particular use, but for acceptable performance for general use. See Chapter 10 for information on configuring TCP. You can see the current settings in a Solaris system by viewing /etc/system or grepping for "ndd" from inetinit. In general, Solaris 2.6 is already tuned for web services, so you shouldn't have to modify anything to get the best performance. Here are a few of the most basic parameters you may want to tune on Linux or another OS. Remember to back up your kernel and configuration files before changing anything:

Number of file descriptors

File descriptors are positive integers by which the kernel keeps track of open files and network connections per process. If your web server software has a very large number of open files and connections in a process, it is possible to run out of file descriptors, meaning that you will not be able to accept new connections until old connections terminate and give up their descriptors. In programmer's terms, the accept() system call will fail. What happens after that depends on your version of Unix; it may log an error to the system log or print a message on the console, among other things. Old versions of Unix had a file descriptor limit of 20 (as OPEN_MAX in limits.h for SVR4), but every system has increased it far beyond that. It is not unreasonable to want several thousand file descriptors. The limit or ulimit shell commands and C functions can both be used in some versions of Unix to change the maximum number of file descriptors on a "soft" basis, up to a "hard" limit imposed by a number compiled into the kernel. The limit is 256 in Linux 2.0, and 1024 in Linux 2.1. To change the hard limit, you may have to change the source code and recompile the kernel. Under Solaris 2.5.1, set rlim_fd_max=4096 in /etc/system and reboot.

Number of processes

The maximum number of processes allowed to any one user can also be set with ulimit up to the hard limit defined in the kernel. Linux has a hard limit of 4000 simultaneous processes. Solaris allows a very large number of processes, so you'll run out of other resources first.

Network buffers

Note that the web server's response is written to a network buffer, also called a socket buffer, not directly to the client. This allows the OS to take care of forwarding data back to slow clients, freeing up a thread in the web server. If the network buffer is too small, the web server has to write the response in buffer-sized chunks, waiting for each chunk to drain before it can write the next one. The OS should have the right number and size of network buffers to handle your connections without either wasting memory or forcing the server to block while waiting for an available buffer. Network buffers belonging to clients who have ungracefully disconnected for whatever reason are a major source of wasted memory on web servers; this is one reason to turn down the TCP keepalive interval.

The size of socket buffers can be set with the options SO_SNDBUF and SO_RCVBUF to the C-level call setsockopt() , at least up to a limit compiled into the kernel. High-volume servers with lots of RAM will benefit from larger buffers. A small receive buffer size is a way of limiting the backlog of incoming data. man setsockopt for more details.

Apache has a SendBufferSize directive to allow a webmaster to control the size of socket buffers without recompiling the source code. A larger socket buffer will result in a larger TCP window being advertised. Here is a comment from Apache's httpd_main.c source file:

 * To send data over high bandwidth-delay connections at full
 * speed we must force the TCP window to open wide enough to keep the
 * pipe full.  The default window size on many systems
 * is only 4kB.  Cross-country WAN connections of 100ms
 * at 1Mb/s are not impossible for well connected sites.
 * If we assume 100ms cross-country latency,
 * a 4kB buffer limits throughput to 40kB/s.
 * To avoid this problem I've added the SendBufferSize directive
 * to allow the web master to configure send buffer size.
 * The trade-off of larger buffers is that more kernel memory
 * is consumed.  YMMV, know your customers and your network!
 * -John Heidemann <johnh@isi.edu> 25-Oct-96
 * If no size is specified, use the kernel default.

Memory limits

You may also specify the maximum amount of memory that a process may use via the ulimit system call or ulimit user-level program. This can put a cap on the amount of damage done by a runaway CGI. Unfortunately, some systems do not implement this correctly, allowing processes arbitrary amounts of memory.

Flushing frequency

Writes are not necessarily synchronous in Unix. When you write to a file, the change happens immediately in memory but it is not committed to disk until the operating system gets around to it. In this way, you get better write performance, since writes appear instantaneous to the user but can be queued up in the most efficient order by the disk controller. The downside is that when the write to disk does happen, it runs to completion, meaning that other tasks must be put off during the write, so the user may notice a delay. One way around this is to use a Direct Memory Access (DMA) disk controller card, which controls the transfer of data between memory and disk without use of the CPU. Once the transfer is initiated, the CPU can return its attention to the user so that disk writes do not affect responsiveness.

If you don't have a DMA disk controller, you can trade off memory usage against the frequency of writes by writing to disk at longer intervals. Note that the writes may take longer, since more data has accumulated and that loss of power before a write puts more data at risk. 60 seconds is a good amount of time to wait, rather than the default of 30 in Linux. In Linux, change /etc/rc.d/rc.S to have this line: /sbin/update 60 &. Under Solaris, the synchronization load is spread across 5-second intervals by the fsflush process.



Not a subscriber?

Start A Free Trial

  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint