Handling 4000 Concurrent Connections in Apache
Handling 4000 Concurrent Connections in Apache
Handling 4000 Concurrent Connections in Apache
The MPMs are used to change the basic functionality of the web server. The MPM you use is
responsible for the entire HTTP session, starting from listening on the network, taking requests in, and
handling those requests.
As PHP is not thread-safe, the common suggestion is to install Apache with the "prefork" MPM.
Although, the server can be better customized for the needs of the particular site, for example, sites that
need a great deal of scalability can choose to use a threaded MPM like worker or event, while sites
requiring stability or compatibility with older software can use the prefork MPM.
* Note: any request going past the “MaxRequestWorkers” limit gets queued. If this is set too low,
connections sent to queue eventually time-out, and if set too high, it causes the memory to start
swapping (depending on the available free RAM resources).
A shell script can be used to determine an average amount of memory consumed by one Apache
process, to set a suitable "MaxRequestWorkers" value depending on the available RAM the server has,
leaving RAM for the rest of the processes too:
ps -ylC apache2 | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024;
print "Average Proccess Size (MB): "x/((y-1)*1024)}'
For example, if the worst case scenario has 4025 simultaneous client connections (requests) are made,
and if each thread needs 10 MB of RAM, in addition to saving 512 MB of free RAM to the rest of the
processes, server's minimum requirements of RAM to survive such hit and serve all clients without any
down time and no connections being neither timed out nor facing a lag spike because of swapping, will
be as follows:
(4025 * 10 + 512) / 1024 ~= a minimum of 39.81 GB of RAM is needed before applying other
enhancements.
2. Resources:
* Enough RAM must be provided to the server to handle the worst case scenario in mind, as
RAM is the most significant resource that will be affected in our case.
* Extra Bandwidth (especially in the upstream line) should be given to the server, although that
depends on the type of files/objects the server hosts, to ensure stable download speeds on the client side,
even in the high-load times.
* Using fast-storage solutions like SSDs over HDDs does help in terms of performance,
especially if a database is set-up in place (to speed up dynamic Web applications).
3. Security-Related Approaches
Aims at filtering the requests coming to the server, which results in lowering the load on it, and finally
freeing up resources to serve more concurrent legit requests, instead of malicious ones. Can be
achieved by defending against DDoS attacks majorly:
* Instruct the router to drop packets from IPs that are obvious sources of attack.
* Using ModSecurity, a web application firewall that blocks unwanted traffic, SQL injection
attempts, and provides virtual patching features.
* Using mod_evasive (a module for Apache), blocks the requester if the number of concurrent
requests for a page exceeds a specified threshold.
* Using Fail2ban, which scans log files and bans IPs that show malicious signs, according to a
list of regular expressions.
4. Extra Steps
* Using “mod_cache_disk” Apache's module, which implements a disk based storage manager
to cache files, and that significantly boosts the performance.
* Using a Memcached Server: to save I/O traffic, enhance performance, lower the load on the
DB server mainly, and lower clients' waiting times.
* Distribute the requests among a group of servers, in the presence of a load balancer.
* Reverse Proxy Server (gateway server): Apache or other solutions can be used, which
increases the number of concurrent legit requests that can be handled by the backend server(s) by:
* Increasing security, blocking DDoS, so more legit requests get served, and less
malicious requests get backend servers' resources and time.
* Compressing server responses before returning them to the client, which frees up
bandwidth for the backend servers to serve more clients at a time at higher speeds.
* SSL decryption and encryption are done by the reverse proxy server, which frees up
resources on the backend servers, resulting in serving more content.
* Caching, the proxy server takes over repeated requests and handles them itself instead
of forwarding the request to the backend, reducing the load on the backend servers.