It’s been an exciting couple of days. When I passed along the news about CNN’s RSS feeds, I figured I might see an uptick in traffic, but it came in pretty hard. Turned out to be a good opportunity for tuning the server and kernel, but the addition of the santy worm didn’t help.
What seemed to happening was the webserver processes (Apache 1.3.33) were getting bound up: the mysql backend didn’t seem to be breathing all that hard. So after some Googling, I decided to tinker with some sysctl variables:
sysctl net.inet.tcp.always_keepalive=0
sysctl net.inet.tcp.sendspace=65535
sysctl net.inet.tcp.recvspace=65535
I turned off keepalives for connection unless they specifically request it. I also opened up the transfer buffers a bit and that seemed to help quite a bit. Load seemed to dissipate quite quickly, even though traffic was still coming in. It should be possible to have the send and recv buffers assymettrical: requests are smaller, much smaller, than replies (the graphic doesn’t make it so clear: the green is inbound requests, the blue replies), but I’ll leave it as it is for now. The max in was 267kBits, out was 213 kBits: pesky santy floods are those spikes you see. The peak hit rate was 17 hits/minute: errors peaked at 1,950, but are almost nonexistent when we’re not logging bogus requests.
I seem to remember going through this in Solaris 2.5 in 1996 or so, trying to cope with everyone surfing at work. Ah, yes, Netscape server 2.0 and Solaris 2.5/2.6 on 170MHz single CPU Sparcs, clients like Navigator 2 and 3 . . . not quite stone knives and bear skins, but light years behind today.
Now playing: Locked Out by Crowded House from the album “Recurring Dream” | Get it