Feature #641
closedAdd support for graceful load shedding / HTTP 503
Description
Under very heavy load situations, it is sometimes preferable to accept a connection and immediately return an HTTP 503. If the server is on it's way to being overloaded, this gives you the opportunity to gracefully "load shed" some requests and still communicate something to the client.
I propose adding server.max-requests to globally limit the number of active requests. This is different than server.max-connections, the naming is confusing, but I don't know a better way to describe it.
-- msolo
Files
Updated by stbuehler about 16 years ago
- Target version changed from 1.4.20 to 1.4.21
Updated by icy almost 16 years ago
- Target version changed from 1.4.21 to 1.4.22
- Patch available set to No
Updated by stbuehler over 15 years ago
- Target version changed from 1.4.22 to 1.4.23
Updated by stbuehler over 15 years ago
- Assignee deleted (
stbuehler) - Target version changed from 1.4.23 to 1.4.x
Updated by stbuehler over 15 years ago
- Category changed from mod_access to core
- Status changed from Assigned to Patch Pending
Updated by gstrauss over 8 years ago
- Related to Feature #1005: hanging connection instead of rejecting with error status added
Updated by gstrauss over 8 years ago
- Status changed from Patch Pending to Wontfix
max_connections controls the max number of open socket connections. If max_connections is reached, future connections from clients will wait in the kernel listen backlog. If the backlog is full, then the client request will be rejected at the TCP layer. The size of the listen backlog is now configurable. See discussion in #1825 and #2116, and see https://github.com/lighttpd/lighttpd1.4/pull/50.
However, these open socket connections might not be active if many are waiting for client or backends to respond.
It seems like you would like a low-watermark, which when breached, results in connections being accepted, immediately responded to with 503, and then closed. The patch you provided might be incomplete since lighttpd will keep the connection open and will read from the client (for a few seconds) and will discard what is read until the client closes the connection. This is done so that the client has a better chance of receiving the 503 Service Unavailable instead of a TCP RST. The effect of your patch is simply that above a certain number of connections, the server will not allow any additional "active" servicing of connections, since lighttpd will be reading and discarding data from these connections, and handling connection close from well-behaved clients (not malicious clients). On the other hand, if you're trying to limit the number of "active" connections, this patch does not measure the load on the server very well. kernels today (10 years after you filed this ticket) can manage hundreds of thousands of open connections if configured to do so.
As an alternative, if you have a very busy site, you might configure a load balancing proxy, such as HAProxy, in front of multiple web servers, and then tune the listen backlog size in lighttpd to a low enough value so that each server can handle that number of active connections. HAProxy will handle a TCP RST if the listen backlog queue is full, and haproxy can handle manage a timeout if waiting too long for the backend web server to accept the connection and respond. This sort of solution is much more robust than simply sending 503 when the total number of active and inactive open connections reaches an arbitrary number.
Also available in: Atom