Re: [OxLUG] Tomcat DoS crashing Amazon EC2 VM

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MTom Walker at <-
M 
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Tim Pizey
Date:  
To: Oxfordshire Linux User Group Discussion List
Subject: Re: [OxLUG] Tomcat DoS crashing Amazon EC2 VM
Chris,

thanks for this, we just had an un-configured default connect.

thanks
Tim


On 1 July 2010 17:11, Chris Wareham wrote:
> On 07/01/10 16:44, Sad Clouds wrote:
>>
>> On Thu, 1 Jul 2010 16:16:13 +0100
>> Tim Pizey  wrote:
>>
>>> The last  message, from Nagios was:
>>>
>>> CRITICAL - load average: 9.11, 7.26, 3.76
>>>
>>> so it was getting hit pretty hard.
>>> It was only a 1gig VM. I EC2 is based on Xen.
>>
>> Does Java have some sort of event notification framework, i.e. epoll,
>> kqueue, etc? What usually bogs down Java applications is the number of
>> threads they spawn. So if Java/Tomcat creates a thread for each new
>> connection, pretty soon you'll end up with no memory.
>>
>> Assume 4 MB for a thread stack, 192 * 4 = 768 MB. If you were using an
>> event loop to multiplex different sockets, you could scale this much
>> higher.
>>
>> For example, I have a simple network test application that uses kqueue.
>> At 1000 requests per second, 1 GHz Pentium 3 CPU is 40% busy and memory
>> overhead is pretty small.
>>
>
> You can configure an "Executor", which is a thread pool with a hard
> limit on the number of concurrent threads in the pool. On my test
> system we have the thread pool configured to max out at 500 - when
> thrashed by JMeter running on a separate machine over a gigabit
> ethernet connection, the server copes without locking up (our servers
> have a 3.2GHz Xeon and 4GB of RAM).
>
> Tim - what do your Executor and Connector configs look like? On our
> machines they are setup as follows (key stuff anonymised):
>
>        <Executor name="thread.pool"
>                  maxThreads="500"
>                  minSpareThreads="50"
>                  maxIdleTime="30000"/>
>
>        <Connector port="8080"
>                   proxyPort="80"
>                   redirectPort="8443"
>                   executor="thread.pool"
>                   acceptCount="100"
>                   connectionTimeout="10000"
>                   keepAliveTimeout="10000"
>                   maxKeepAliveRequests="75"
>                   disableUploadTimeout="true"
>                   enableLookups="false"
>                   compression="on"
>                   URIEncoding="UTF-8"/>
>
>        <Connector port="8443"
>                   proxyPort="443"
>                   executor="thread.pool"
>                   acceptCount="100"
>                   connectionTimeout="10000"
>                   keepAliveTimeout="10000"
>                   maxKeepAliveRequests="75"
>                   disableUploadTimeout="true"
>                   enableLookups="false"
>                   compression="on"
>                   URIEncoding="UTF-8"
>                   keyAlias="********"
>                   keystorePass="********"
>                   scheme="https"
>                   secure="true"
>                   SSLEnabled="true"/>
>
> Chris
> --
>
>
>
>
> Chris Wareham
> Senior Software Engineer
> Visit London Ltd
--
Tim Pizey
Centre for Genomics and Global Health <http://cggh.org>


This message was posted to the following mailing lists:
OxLUG
Mailing List Info | Nearby Messages		<-Re: [OxLUG] Tomcat DoS crashing Amazon EC2 VM[OxLUG] Scanner, anyone?->
Local Mailing List Archive administrated by Urchin adminsLurker (version 2.3)