Re: TCP connections and HTTP sessions
tovaldez wrote: On Friday 23 January 2009 20:04:40 Christopher Schultz wrote: tovaldez wrote: Hi, monitoring our webapp while running load testing, I noticed that the number of the effective users browsing the site is more than the number of opened sockets in ESTABLISHED state (while under a 240 Virtual Users load, I see only 180 ESTABLISHED connections, or 2000VU vs 450 opened sockets). At first I think this is due to some TCP socket reuse optimization by the JVM or the OS. Could someone confirm this idea or give me another interpretation of this behaviour? Er... effective users ~= sessions, right? Not all users are actively making requests all the time so... the number of effective users is pretty much always higher than the number of in-use TCP sockets. Am I missing something? -chris Actually HTTP sessions effective users, since each user has a 10 minutes simulated navigation but the HTTP session is lasting a lot more (I think 1 hour by default in tomcat). What I thought was that using HTTP 1.1, I would have only 1 phisical connection to the server for each user... This seems not to be, as if the same physical connection is used contemporarily by more clients. I am asking if it could be a poor testing design or if we are wrong in our consideration... 1. Last I knew the default session length in tomcat is 30 minutes, but can be changed on a per webapp basis. 2. I believe most browsers open two TCP/IP connections per site and use them both to download the page and all it's resources. Keep in mind some clients either by design or by hacking could open more. --David - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TCP connections and HTTP sessions
tovaldez wrote: [...] Actually HTTP sessions effective users, since each user has a 10 minutes simulated navigation but the HTTP session is lasting a lot more (I think 1 hour by default in tomcat). What I thought was that using HTTP 1.1, I would have only 1 phisical connection to the server for each user... This seems not to be, as if the same physical connection is used contemporarily by more clients. I am asking if it could be a poor testing design or if we are wrong in our consideration... To the best of my knowledge : If your HTTP connections use Keep-Alive, then one TCP connection will remain open for a while, between one browser and the server it is directly connected to. What this for a while means precisely depends on a number of factors. The server will time-out this connection (close it, and release the corresponding thread/child) if it does not receive new requests on this connection for a period of time (defined in the server configuration), or after processing a certain number of requests on that connection (also defined in the server configuration). And all bets are off if between the browser and the server, there are intermediaries, such as proxies, firewalls, front-ends etc.. Some proxies/firewalls etc.. may even apparently use a single TCP connection to the back-end server, to serve requests from different clients. (I can't give you a precise reference, but this was mentioned in the last couple of months in a thread either here or on the Apache httpd user's list). What it means is that Chris is right, and there is no immediate link between the number of clients that may be in a virtual session with your application, and the number of open TCP connections (or active threads) on your server. In other words : A client sends a first request to your server, and it is a direct connection. The client is HTTP/1.1 capable, and indicates it wants a Keep-Alive connection. So after the response is received, it will keep the connection open. After this first request/response, the server will also keep the TCP connection open, for some seconds (not usually minutes), waiting for another request on the connection. And at the server side, there will also be the corresponding child or thread listening for that next request. If the browser sends one, it will thus be processed by the same thread/child, and the timer will be reset. If the browser does not send another request after a few seconds though, the server will close the connection and recycle the child/thread. So the next time the browser sends a request, it will have to re-open a TCP connection, and it will probably be another child/thread that handles this request on the server side. The timeout is usually rather short, because otherwise the server would have umpteen threads/children that would be kept waiting for another request that might never come, and would be unavailable to serve other requests from other clients. The point is that the Keep-Alive mechanism was not designed to reserve one server thread/child for each client browser over an extended period. It was designed so that when a browser receives an html page containing 5 embedded thumbnail images, it could request these thumbnails right away over the same TCP connection, without having to re-create a new TCP connection for each of them, which saves overhead at each end. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: TCP connections and HTTP sessions
From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: TCP connections and HTTP sessions Some proxies/firewalls etc.. may even apparently use a single TCP connection to the back-end server, to serve requests from different clients. I've never seen that, and it would be a serious breach of security, making sessions, cookies, and other such mechanisms useless. Proxies will almost always use the same IP address, but will separate clients by port number. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TCP connections and HTTP sessions
Caldarale, Charles R wrote: From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: TCP connections and HTTP sessions Some proxies/firewalls etc.. may even apparently use a single TCP connection to the back-end server, to serve requests from different clients. I've never seen that, and it would be a serious breach of security, making sessions, cookies, and other such mechanisms useless. Proxies will almost always use the same IP address, but will separate clients by port number. I did not say that this was recommended practice, nor even that it was not a bug. But I am positive that I saw it mentioned in the last couple of months as something that happens. I believe it might have been in some discussion relative to HTTP NTLM authentication, and indeed problems related to that fact (and hence security). To nitpick, I don't think it would influence cookies per se. Cookies work fine even when the connection is reset and re-established, and do not to my knowledge relate to ports (nor even in fact to IP addresses, only to hostnames and paths). And I am wondering how it could influence sessions, though I guess it depends a lot on the definition of what is a session. Anyway, the point was that the OP seemed to confuse the idea of application session (in the sense of some application context saved at the server side between requests), and the existence of a persistent TCP connection and/or dedicated thread/child at the server side. In my understanding (and I believe Chris's), there is no such link. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: TCP connections and HTTP sessions
From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: TCP connections and HTTP sessions I believe it might have been in some discussion relative to HTTP NTLM authentication You may have been looking at some discussion concerning the jCIFS NTLM filter, which has some serious problems and is scheduled to be replaced by a completely different mechanism in the next release of jCIFS. (Which is good, since the current one has no end of problems.) To nitpick, I don't think it would influence cookies per se. Cookies work fine even when the connection is reset and re-established, and do not to my knowledge relate to ports (nor even in fact to IP addresses, only to hostnames and paths). And I am wondering how it could influence sessions, though Because the clients would appear as just *one* client to the app server, since they're using just one TCP connection. All clientes would be sharing only one session, and all the cookies would end up on all the clients. I guess it depends a lot on the definition of what is a session. The definition is clear from the Tomcat perspective, or from the TCP/IP perspective. As you state, the OP seemed to confuse the two. In my understanding (and I believe Chris's), there is no such link. Agreed. Also, it didn't appear to me that the OP actually had any kind of problem... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] TCP connections and HTTP sessions
Caldarale, Charles R wrote: You may have been looking at some discussion concerning the jCIFS NTLM filter, which has some serious problems and is scheduled to be replaced by a completely different mechanism in the next release of jCIFS. (Which is good, since the current one has no end of problems.) By now totally [OT] : Could you elaborate on that, or point me somewhere, maybe in another thread ? I am indeed using that module quite a lot, in a variety of customer contexts, without seemingly experiencing many problems until now (*). But I am eager to know about potential issues and the potential replacement that you mention. (*) except in one area : finding the right person to talk to at the customer site, to obtain the correct and complete information about their network(s) and domain(s) setup. That's always the main challenge. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: [OT] TCP connections and HTTP sessions
From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: [OT] TCP connections and HTTP sessions Could you elaborate on that, or point me somewhere, maybe in another thread ? Look in the jCIFS mailing list archive: http://news.gmane.org/gmane.network.samba.java Mike is getting very frustrated with the NTLM filter. Not sure if he's put anything up about future direction on the jCIFS web site yet: http://jcifs.samba.org (*) except in one area : finding the right person to talk to at the customer site, to obtain the correct and complete information about their network(s) and domain(s) setup. Yeah, I know how that works, unfortunately. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TCP connections and HTTP sessions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 tovaldez wrote: Hi, monitoring our webapp while running load testing, I noticed that the number of the effective users browsing the site is more than the number of opened sockets in ESTABLISHED state (while under a 240 Virtual Users load, I see only 180 ESTABLISHED connections, or 2000VU vs 450 opened sockets). At first I think this is due to some TCP socket reuse optimization by the JVM or the OS. Could someone confirm this idea or give me another interpretation of this behaviour? Er... effective users ~= sessions, right? Not all users are actively making requests all the time so... the number of effective users is pretty much always higher than the number of in-use TCP sockets. Am I missing something? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkl6FMgACgkQ9CaO5/Lv0PCUrwCeL3S8qxDmNopgc3wyI7M/K1xX b4sAn303xF+m40AbJDY2r/Hu2jlcwtqS =Jv22 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: TCP connections and HTTP sessions
On Friday 23 January 2009 20:04:40 Christopher Schultz wrote: tovaldez wrote: Hi, monitoring our webapp while running load testing, I noticed that the number of the effective users browsing the site is more than the number of opened sockets in ESTABLISHED state (while under a 240 Virtual Users load, I see only 180 ESTABLISHED connections, or 2000VU vs 450 opened sockets). At first I think this is due to some TCP socket reuse optimization by the JVM or the OS. Could someone confirm this idea or give me another interpretation of this behaviour? Er... effective users ~= sessions, right? Not all users are actively making requests all the time so... the number of effective users is pretty much always higher than the number of in-use TCP sockets. Am I missing something? -chris Actually HTTP sessions effective users, since each user has a 10 minutes simulated navigation but the HTTP session is lasting a lot more (I think 1 hour by default in tomcat). What I thought was that using HTTP 1.1, I would have only 1 phisical connection to the server for each user... This seems not to be, as if the same physical connection is used contemporarily by more clients. I am asking if it could be a poor testing design or if we are wrong in our consideration... - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
TCP connections and HTTP sessions
Hi, monitoring our webapp while running load testing, I noticed that the number of the effective users browsing the site is more than the number of opened sockets in ESTABLISHED state (while under a 240 Virtual Users load, I see only 180 ESTABLISHED connections, or 2000VU vs 450 opened sockets). At first I think this is due to some TCP socket reuse optimization by the JVM or the OS. Could someone confirm this idea or give me another interpretation of this behaviour? Tomcat 5.5, default HTTP/1.1 connector with sun JDK 1.5 on a Debian 4.0 box, jmeter as test tool. This is the configuration of the onnector: Connector port=80 maxHttpHeaderSize=8192 maxThreads=700 minSpareThreads=250 maxSpareThreads=300 enableLookups=false redirectPort=8443 acceptCount=1000 connectionTimeout=2 disableUploadTimeout=true / Thanks