[Seaside] Goods connection limit

William E Harford seaside at harford.org
Wed Sep 7 23:40:53 CEST 2005 

My limit is currently 102346 and ulimit reports "unlimited". 

I don't think that a problem.

I can telnet to the goods administration port fine and goods reports
it's status as well. 

I should try and connect from another image to eliminate the possibility
that there is a problem with the goods drivers. 

*sigh* I was hoping that this problem was something simple like I did
something stupid in the goods config file posted below. 

memmgr.gc_background = 1 # enabled
memmgr.init_map_file_size=4096        # Kb
memmgr.init_index_file_size=4096      # Kb
memmgr.gc_init_timeout=60             # seconds
memmgr.gc_response_timeout=86400      # seconds
memmgr.gc_init_allocated=10000       # Kb
memmgr.gc_init_used=0            # Kb, 0 - unlimited
memmgr.gc_init_idle_period=0          # seconds (0 - disabled)
memmgr.gc_init_min_allocated=1024     # Kb
memmgr.gc_grey_set_threshold=1000000  # references
memmgr.max_data_file_size=0      # Kb (0 - unlimited)
memmgr.max_objects=0                  # objects (0 - unlimited)
transmgr.logging_enabled=1            # enabled
transmgr.sync_log_writes=0            # enabled
transmgr.permanent_backup=0           # disabled
transmgr.max_log_size=100000            # Kb
transmgr.max_log_size_for_backup=1000000000 # Kb
transmgr.preallocated_log_size=4096      # Kb
transmgr.wait_timeout=600             # seconds
transmgr.retry_timeout=5              # seconds
transmgr.checkpoint_period=0          # seconds (0 - no checkpoint
process)
transmgr.dynamic_reclustering_limit=0 # bytes (0 - disabled)
objmgr.lock_timeout=600               # seconds
poolmgr.page_pool_size=100000           # pages
server.cluster_size=512               # bytes
server.admin_telnet_port="localhost:6080"




On Wed, 2005-09-07 at 17:09 -0400, David Shaffer wrote:
> Will,
> 
> I just ran the "wget" loop on one of my production apps (my development
> version of it, that is) that uses GOODS.  No problems up to 850
> connections.  Didn't try to go beyond that.  I'm running on Gentoo
> linux.  You?  In linux, without some adjustments, processes are limited
> to 1024 open file descriptors.  You can raise the limit by playing with
> some /proc file, sorry, I forget the details.  Note that plain old
> "ulimit -n 9999" may make it seem like the limit was raised (ulimit -a
> report the larger limit) when in fact the kernel still imposes it.  So,
> a DoS still wouldn't be very difficult.  I've got to run but would like
> to see this discussion continue.  I don't think limiting connections
> from one IP would work since many places proxy through a single IP.  Our
> college, for example, appears as one IP to the outside world.  Still, as
> long as the limit was high enough it might be better than nothing.
> 
> David
> 
> 
> William E Harford wrote:
> 
> > I created a subclass of WASession to handle a connection to GOODS. It
> > allows my easy and almost transparent access to persistent storage.
> > This seams to be a very common way to handle GOODS with Seaside.
> >
> > I have come across a problem in which I am not to sure there is a
> > perfect solution to. For some reason goods will only allow about 200
> > connections. After that my Seaside apps (the ones whose sessions have
> > not connected to the database) will lockup and wait for goods to allow
> > new connections; after some stale sessions have been unregistered.
> >
> > We plan on servicing much more than 200 concurrent users so this is a
> > bit of a problem. Also to DOS a Seaside application that relies on
> > GOODS is trivial. A simple `while true; do wget
> > "http://bla.ca/seaside/bla"; done` will do it.
> >
> > I tried initiating a GOODS connection at the start of a continuation
> > and ending it at the end of a continuation but this caused major
> > problems and crashed the image (understandable). Even if I could make
> > this work or is even possible I don't think this would be such a good
> > solution because I would loose the local cache (right?).
> >
> > I am starting to think I have 2 distinct problems and it will require
> > 2 distinct solutions.
> >
> > 1) Allowing > 1000 concurrent database connections.
> >     I can't seam to find a way to tell goods to allow more than ~200
> > connections. I don't see any reason why GOODS can not allow thousands
> > or even tens of thousands (given enough fire power) of connections.
> >
> > 2) Limit the ability for someone to DOS our applications. This could
> > be something as simple as limiting the number of connections from an
> > IP address.  
> >
> > Any ideas on how I could best handle this ?
> >
> >
> > Thanks
> > Will
> > -- 
> > William E Harford <seaside at harford.org <mailto:seaside at harford.org>>
> >
> >------------------------------------------------------------------------
> >
> >_______________________________________________
> >Seaside mailing list
> >Seaside at lists.squeakfoundation.org
> >http://lists.squeakfoundation.org/listinfo/seaside
> >  
> >
> 
> _______________________________________________
> Seaside mailing list
> Seaside at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/listinfo/seaside
> 

-- 
William E Harford <seaside at harford.org>

More information about the Seaside mailing list