Re: Do I Need Network NameSpaces to Solve This Tomcat+Connector/J Problem?

[José Cornado]

https://tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap6sec70.html

Mentions “tcp and udp traffic” it seems across all processes

On Thu, Dec 30, 2021 at 11:49 AM Eric Robinson 
wrote:

> José,
>
> > -Original Message-
> > From: José Cornado 
> > Sent: Thursday, December 30, 2021 12:00 PM
> > To: Tomcat Users List 
> > Subject: Re: Do I Need Network NameSpaces to Solve This
> > Tomcat+Connector/J Problem?
> >
> > But they do not get a corresponding database instance?
> >
>
> They do. Each tomcat instance has a corresponding database instance
> listening on its own dedicated port. Even so, we've seen cases where all
> the available client ports are exhausted.
>
> This raises the question, does the Linux ip_local_port_range shown here...
>
> $ cat /proc/sys/net/ipv4/ip_local_port_range
> 32768   61000
>
> ...apply globally, or on a per-socket basis? I would think that it should
> apply per socket, but in practice it seems to be a global limitation.
>
> -Eric
>
>
> Disclaimer : This email and any files transmitted with it are confidential
> and intended solely for intended recipients. If you are not the named
> addressee you should not disseminate, distribute, copy or alter this email.
> Any views or opinions presented in this email are solely those of the
> author and might not represent those of Physician Select Management.
> Warning: Although Physician Select Management has taken reasonable
> precautions to ensure no viruses are present in this email, the company
> cannot accept responsibility for any loss or damage arising from the use of
> this email or attachments.
>

Re: Do I Need Network NameSpaces to Solve This Tomcat+Connector/J Problem?

[José Cornado]

But they do not get a corresponding database instance?

On Thu, Dec 30, 2021 at 10:51 AM Eric Robinson 
wrote:

> José,
>
> > Is this setup going to be open to the world or just a big organization?
> A big
> > organization would put a cap on the number of users. Then maybe they
> > could divide those between the tomcat instances thus the db server.
> >
>
> It's a SaaS solution, where each customer organization gets its own tomcat
> instance.
>
> -Eric
>
>
>
> Disclaimer : This email and any files transmitted with it are confidential
> and intended solely for intended recipients. If you are not the named
> addressee you should not disseminate, distribute, copy or alter this email.
> Any views or opinions presented in this email are solely those of the
> author and might not represent those of Physician Select Management.
> Warning: Although Physician Select Management has taken reasonable
> precautions to ensure no viruses are present in this email, the company
> cannot accept responsibility for any loss or damage arising from the use of
> this email or attachments.
>

Re: Do I Need Network NameSpaces to Solve This Tomcat+Connector/J Problem?

[José Cornado]

Is this setup going to be open to the world or just a big organization? A
big organization would put a cap on the number of users. Then maybe they
could divide those between the tomcat instances thus the db server.



On Thu, Dec 30, 2021 at 4:24 AM Mark Thomas  wrote:

> On 29/12/2021 21:04, Eric Robinson wrote:
>
> 
>
> > My question is, is there a better way?
>
> I can only think of variations on a theme.
>
> The ~64k limit assumes client IP, server IP and server port remain
> constant. i.e. just client port is varying.
>
> That suggests there is a single IP for the database server and that it
> is listening on a single port.
>
> You are currently varying client IP. Varying server IP is unlikely to be
> any different in terms of ease of management etc.
>
> There may be more mileage in getting the database server to listen on
> more than one port. It depends how the database sever is structured. If
> it can have multiple listeners all passing connections to the same
> database instance then adding db listeners might be a simpler way to
> manage this.
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Re: Do I Need Network NameSpaces to Solve This Tomcat+Connector/J Problem?

[José Cornado]

Your problem seems to be in the client-to-db server side of things. Not
tomcat as a server.

On Wed, Dec 29, 2021 at 2:11 PM Eric Robinson 
wrote:

> We want to run a large number of tomcat instances on the same server
> without virtualization or containerization. Each instance is executed from
> its own folder tree and listens on its own unique TCP port. Each instance
> will run code that connects to a backend database server to send queries
> that are triggered by JSP calls from users. We’ve done this successfully
> with up to 120 instances of tomcat running on the same server while
> avoiding the overhead of virtualization and the complexity of containers.
> Based on our experience over the past decade, we know that we could
> potentially host 500 or more separate tomcat instances on the same server
> without running into performance problems. So now we want to make it 500
> parallel instances.
>
>
>
> Here’s the problem. When tomcat initiates an outbound connection (for
> example, with Connector/J to query a backend database) it establishes a
> socket, and the socket has a client port. With thousands of users making
> requests that require the tomcat services to query back end databases, the
> OS can easily run out of available client ports to allocate to sockets. To
> avoid that problem, we can assign multiple IPs to the server and use the
> localSocketAddress property of Connector/J to group tomcats such that only
> a subset of them each use the same source IP. Then each group will have its
> own range of 64,000-ish client ports. I’ve tested this and it works.
>
>
>
> My question is, is there a better way?
>
>
>
>
>
> <113>
>
>
> Disclaimer : This email and any files transmitted with it are confidential
> and intended solely for intended recipients. If you are not the named
> addressee you should not disseminate, distribute, copy or alter this email.
> Any views or opinions presented in this email are solely those of the
> author and might not represent those of Physician Select Management.
> Warning: Although Physician Select Management has taken reasonable
> precautions to ensure no viruses are present in this email, the company
> cannot accept responsibility for any loss or damage arising from the use of
> this email or attachments.
>

Re: log4j

[José Cornado]

Also, it may make more sense to code log4j into your app. If you change
servers the logging goes with it.

Best,

J

On Fri, May 18, 2018 at 8:06 AM M. Manna  wrote:

> Hi Chris,
>
> How r u planning to use Log4j (or log4j2, which solves a lot of performance
> issues for 1.2.x)?
>
> Are you bridging with SLF4J or or using directly?
>
> All log4j configuration are automatically discovered and configured
> provided that you have set up your appplication log4j properties file
> correctly.
>
> Tomcat doesn't do anything specific to log4j-related setup. There is a
> logging properties file in /conf/ which are for JULI logging, as a bare
> minimum OOB setup for catalina.
>
> If you can perhaps clarify your use case, others can advise better.
>
> regards,
>
> On 18 May 2018 at 14:49, Cheltenham, Chris 
> wrote:
>
> > Hello,
> >
> >
> >
> > How do I configure Tomcat 8.5.x to use log4j?
> >
> >
> >
> > Is there a good document to follow?
> >
> >
> >
> > I am not very familiar with java but it looks like you configure to logs
> > to accept java logging for Tomcat.
> >
> >
> >
> >
> >
> > ===
> >
> > Thank You;
> >
> > Chris Cheltenham
> > Technology Services
> > The School District of Philadelphia
> >
> > Work # 215-400-5025
> > Cell # 215-301-6571
> >
>

Does StandardWrapperValve create new instances of servlets?

[José Cornado]

I am studying the following diagram:

https://tomcat.apache.org/tomcat-9.0-doc/architecture/
requestProcess/request-process.png

And I have the following question: is StandardWrapperValve in charge of
creating new instances of servlets?

If I wanted to intercept servlet instance(s) prior to service, am I looking
the right place?

Thanks a lot!