On Thu, Apr 6, 2017 at 9:22 PM, Christian Balzer chibi@gol.com wrote:
Hello,
On Thu, 6 Apr 2017 22:13:07 +0300 Timo Sirainen wrote:
On 6 Apr 2017, at 21.14, Mark Moseley moseleymark@gmail.com wrote:
imap-hibernate processes are similar to imap-login processes in that
they
should be able to handle thousands or even tens of thousands of connections per process.
TL;DR: In a director/proxy setup, what's a good client_limit for imap-login/pop3-login?
You should have the same number of imap-login processes as the number of CPU cores, so they can use all the available CPU without doing unnecessary context switches. The client_limit is then large enough to handle all the concurrent connections you need, but not so large that it would bring down the whole system if it actually happens.
Also keep in mind that pop3 login processes deal with rather ephemeral events, unlike IMAP with IDLE sessions lasting months. So they're unlike to grow beyond their initial numbers even with a small (few hundreds) client_limit.
On the actual mailbox servers, either login processes tend to use about 1% of one core, very lightweight.
Would the same apply for imap-login when it's being used in proxy mode? I'm moving us to a director setup (cf. my other email about director rings getting wedged from a couple days ago) and, again, for the sake of starting conservatively, I've got imap-login set to a client limit of 20, since I figure that proxying is a lot more work than just doing IMAP logins. I'm doing auth to mysql at both stages (at the proxy level and at the backend level).
Proxying isn't doing any disk IO or any other blocking operations. There's no benefit to having more processes. The only theoretical advantage would be if some client could trigger a lot of CPU work and cause delays to handling other clients, but I don't think that's possible (unless somehow via OpenSSL but I'd guess that would be a bug in it then).
Indeed, in proxy mode you can go nuts, here I see pop3-logins being busier, but still just 2-5% of a core as opposed to typically 1-2% for imap-logins. That's with 500 pop3 sessions at any given time and 70k IMAP sessions per node. Or in other words, less than 1 core total typically.
Should I be able to handle a much higher client_limit for imap-login and pop3-login than 20?
Yeah.
The above is with a 4k client_limit, I'm definitely going to crank that up to 16k when the opportunity arise (quite disruptive on a proxy...).
Timo, any sense on where (if any) the point is where there are so many connections on a given login process that it would get too busy to keep up? I.e. where the sheer amount of stuff the login process has to do outweighs the CPU savings of not having to context switch so much?
I realize that's a terribly subjective question, so perhaps you might have a guess in very very round numbers? Given a typical IMAP userbase (moderately busy, most people sitting in IDLE, etc), I woud've thought 10k connections on a single process would've been past that tipping point.
With the understood caveat of being totally subjective and dependent on local conditions, should 20k be ok? 50k? 100k?
Maybe a better question is, is there anywhere in the login process that is possible to block? If not, I'd figure that a login process that isn't using up 100% of a core can be assumed to *not* be falling behind. Does that seem accurate?