[olug] Need assistance from apache gurus

Jon Larsen jon at jonlarsen.us
Tue Sep 20 11:25:58 CDT 2016 

Well, with all the tweaking to the kernel settings, including change
fs.file-max to 100000, I'm not anywhere closer to the seemingly random
timeouts.  I can scoot along at a good pace, then suddenly apache is slow
to respond, then it's back fast again.

It's rather frustrating.

Jon L.

On Mon, Sep 19, 2016 at 8:11 PM, Jon Larsen <jon at jonlarsen.us> wrote:

> Jay -
>
> I upped the Nofile and nproc last week to 10240 for each.
>
> I just turned off iptables, and it seems faster - it hasn't hesitated on
> me yet.  I've compared the two iptables config files, and they're pretty
> much the same, so it's possible its something in the netfilter settings.
> The centos 5 system didn't have an entry for /proc/sys/net/nf_conntrack_max
> but on centos 6 it was 65536.
>
> The engineers at the colo suggested I change the VMware hardware settings
> so the NIC was vmxnet3 instead of e1000.
>
> I went through sysctl.conf and duplicated the settings over from centos 5
> shortly after you sent your reply.
>
> sysctl
>
> net.ipv4.ip_forward = 0
> net.ipv4.conf.default.rp_filter = 1
> net.ipv4.conf.default.accept_source_route = 0
> kernel.sysrq = 0
> kernel.core_uses_pid = 1
> net.ipv4.tcp_synack_retries = 2
> net.ipv4.conf.all.send_redirects = 0
> net.ipv4.conf.default.send_redirects = 0
> net.ipv4.conf.all.accept_source_route = 0
> net.ipv4.conf.all.accept_redirects = 0
> net.ipv4.conf.all.secure_redirects = 0
> net.ipv4.conf.all.log_martians = 1
> net.ipv4.conf.default.accept_source_route = 0
> net.ipv4.conf.default.accept_redirects = 0
> net.ipv4.conf.default.secure_redirects = 0
> net.ipv4.icmp_echo_ignore_broadcasts = 1
> net.ipv4.tcp_syncookies = 1
> net.ipv4.conf.all.rp_filter = 1
> net.ipv4.conf.default.rp_filter = 1
> net.ipv6.conf.default.router_solicitations = 0
> net.ipv6.conf.default.accept_ra_rtr_pref = 0
> net.ipv6.conf.default.accept_ra_pinfo = 0
> net.ipv6.conf.default.accept_ra_defrtr = 0
> net.ipv6.conf.default.autoconf = 0
> net.ipv6.conf.default.dad_transmits = 0
> net.ipv6.conf.default.max_addresses = 1
> kernel.exec-shield = 1
> kernel.randomize_va_space = 1
> fs.file-max = 65535
> kernel.pid_max = 65536
> net.ipv4.ip_local_port_range = 2000 65000
> kernel.msgmnb = 65536
> kernel.msgmax = 65536
> kernel.shmmax = 68719476736
> kernel.shmall = 4294967296
>
> This will be behind another firewall and load balancer, so I may be able
> to skip by without iptables, but I hate that idea.  I've always had
> firewalls on my systems, no matter the environment.
>
> Quick ab test (8 GB RAM, 4 VCPUs)
>
>
>
> Server Software:        Apache/2.2.15
> Server Hostname:        xxxxxxxxxxxxxxxxxxxxxxx
> Server Port:            80
>
> Document Path:          /
> Document Length:        56158 bytes
>
> Concurrency Level:      5
> Time taken for tests:   27.745 seconds
> Complete requests:      10
> Failed requests:        9
>    (Connect: 0, Receive: 0, Length: 9, Exceptions: 0)
> Total transferred:      566215 bytes
> HTML transferred:       562375 bytes
> Requests per second:    0.36 [#/sec] (mean)
> Time per request:       13872.730 [ms] (mean)
> Time per request:       2774.546 [ms] (mean, across all concurrent
> requests)
> Transfer rate:          19.93 [Kbytes/sec] received
>
> Connection Times (ms)
>               min  mean[+/-sd] median   max
> Connect:       60   63   4.3     60      69
> Processing:  4193 13697 9880.6  22881   23291
> Waiting:     3713 13189 9643.0  21051   22720
> Total:       4256 13759 9877.3  22940   23351
>
> Percentage of the requests served within a certain time (ms)
>   50%  22940
>   66%  23059
>   75%  23067
>   80%  23227
>   90%  23351
>   95%  23351
>   98%  23351
>   99%  23351
>  100%  23351 (longest request)
>
> (home page is dynamic content, 2.5 MB in size.)
>
> I'll be doing some more testing when I get back in the office in the
> morning.
>
> Jon L.
>
>
>
> On Mon, Sep 19, 2016 at 4:48 PM, Jay Bendon <jaybocc2 at gmail.com> wrote:
>
>> How do TCP settings compare from centos5 to centos6?
>>
>> Are you getting a lot of syn drops? (netstat -s |grep -i dropped)
>>
>> NoFiles limits reasonable?
>>
>> sanity check your somaxconn and tcp_max_syn_backlog and rmem wmem, and
>> nf_conntrack_max (if using iptables) settings for your application (and
>> compare to centos5)
>>
>> Just spitballing some of the common reasons for connectivity issues under
>> loads
>>
>> --Jay
>>
>> On Mon, Sep 19, 2016 at 2:15 PM, Jon Larsen <jon at jonlarsen.us> wrote:
>>
>> > I have a weird issue on my plate.
>> >
>> > I have three apache web servers behind an ldirector load balancer
>> running
>> > centos 5.x on VMWARE.  I've built three new centos 6.x web server VMs to
>> > replace them.
>> >
>> > I used the same apache configs, as the apache versions don't change much
>> > between 5 and 6.
>> >
>> > I'm encountering intermittent network disconnects when I use the new
>> three
>> > centos 6 systems in production, forcing me to back peddle to the older
>> cent
>> > 5 systems.
>> >
>> > The disconnects appear at random, and no concurrent high CPU load.
>> >
>> > The disk scheduler is already set for deadline, and I'm using the
>> suggested
>> > VMware 'vmxnet3' nic adapters.
>> >
>> > I've tried several profiles of prefork settings, but encounter the same
>> > issue.
>> >
>> > Currently, they are set to:
>> >
>> > StartServers 100
>> > MinSpareServers 30
>> > MaxSpareServers 40
>> > ServerLimit 220
>> > MaxClients 220
>> > MaxRequestsperChild 2000
>> >
>> > Any ideas?
>> >
>> > Jon L.
>> > _______________________________________________
>> > OLUG mailing list
>> > OLUG at olug.org
>> > https://lists.olug.org/mailman/listinfo/olug
>> >
>> _______________________________________________
>> OLUG mailing list
>> OLUG at olug.org
>> https://lists.olug.org/mailman/listinfo/olug
>>
>
>

More information about the OLUG mailing list