[Dovecot] difference between client_limit and process_limit
Hi,
What is the real difference between client and process limit? According to documentation (http://wiki2.dovecot.org/Services#Service_limits):
client_limit: Maximum number of simultaneous client connections. If set to 0, default_client_limit is used instead. process_limit: Maximum number of processes that can exist for this service. If set to 0, default_process_limit is used instead.
But what does "client connection" exactly means? Is a user (login)? Is a user opens a few TCP connections (as many clients do) are they count as different connections?
-- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337
El 08/06/12 12:24, Angel L. Mateo escribió:
Hi,
What is the real difference between client and process limit? According to documentation (http://wiki2.dovecot.org/Services#Service_limits):
client_limit: Maximum number of simultaneous client connections. If set to 0, default_client_limit is used instead. process_limit: Maximum number of processes that can exist for this service. If set to 0, default_process_limit is used instead.
But what does "client connection" exactly means? Is a user (login)? Is a user opens a few TCP connections (as many clients do) are they count as different connections?
Sorry, it's friday, my mind is on the weekend :-(
I understand that client_limit is how many connections (imap connections, for example) could be handle by one dovecot process, so if I have client_limit=2 and process_limit=1024, then I could 2048 concurrent connections, right?
-- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337
On 8.6.2012, at 14.12, Angel L. Mateo wrote:
What is the real difference between client and process limit? According to documentation (http://wiki2.dovecot.org/Services#Service_limits):
Sorry, it's friday, my mind is on the weekend :-(
I understand that client_limit is how many connections (imap connections, for example) could be handle by one dovecot process, so if I have client_limit=2 and process_limit=1024, then I could 2048 concurrent connections, right?
Yes, but like the wiki page also says, it's not a good idea increase client_limit for imap/pop3 processes.
Am 08.06.2012 18:17, schrieb Timo Sirainen:
On 8.6.2012, at 14.12, Angel L. Mateo wrote:
What is the real difference between client and process limit? According to documentation (http://wiki2.dovecot.org/Services#Service_limits):
Sorry, it's friday, my mind is on the weekend :-(
I understand that client_limit is how many connections (imap connections, for example) could be handle by one dovecot process, so if I have client_limit=2 and process_limit=1024, then I could 2048 concurrent connections, right?
Yes, but like the wiki page also says, it's not a good idea increase client_limit for imap/pop3 processes.
depends on the usecase / workload
having dovecot as proxy for other imap-backends and 1 process per connection will heavily raise up process-count and memory-overhead while memory may be needed for the imap-backend (like dbmail) and datanases
process_limit = 15 client_limit = 300
this way you can have 4500 proxy-connections and use most time not more than 4-5 processes
On 8.6.2012, at 19.33, Reindl Harald wrote:
Yes, but like the wiki page also says, it's not a good idea increase client_limit for imap/pop3 processes.
depends on the usecase / workload
having dovecot as proxy for other imap-backends and 1 process per connection will heavily raise up process-count and memory-overhead while memory may be needed for the imap-backend (like dbmail) and datanases
process_limit = 15 client_limit = 300
this way you can have 4500 proxy-connections and use most time not more than 4-5 processes
Proxying is done by imap-login process, not imap process. For login processes there are different recommendations.
El 08/06/12 18:43, Timo Sirainen escribió:
On 8.6.2012, at 19.33, Reindl Harald wrote:
Yes, but like the wiki page also says, it's not a good idea increase client_limit for imap/pop3 processes.
depends on the usecase / workload
having dovecot as proxy for other imap-backends and 1 process per connection will heavily raise up process-count and memory-overhead while memory may be needed for the imap-backend (like dbmail) and datanases
process_limit = 15 client_limit = 300
this way you can have 4500 proxy-connections and use most time not more than 4-5 processes
Proxying is done by imap-login process, not imap process. For login processes there are different recommendations.
What are those recommendations? The ones at http://wiki2.dovecot.org/LoginProcess?
Let's suppose... I have 4 mainly imap backend servers (but they admit also pop3 connections) with a process_limit of 5120 for service imap (and default_client_limit of 1000 applied to pop3). And I have 2 director servers (configured as active-active behind a load balancer), so I need director servers to handle (more or less) 10240 imap connections.
What is it better for the director's? Increasing process_limit for imap-login (so each process should handle less connections) or increasing client_limit (less processes handling more connections each)?
On 11.6.2012, at 13.19, Angel L. Mateo wrote:
Proxying is done by imap-login process, not imap process. For login processes there are different recommendations.
What are those recommendations? The ones at http://wiki2.dovecot.org/LoginProcess?
Yes.
Let's suppose... I have 4 mainly imap backend servers (but they admit also pop3 connections) with a process_limit of 5120 for service imap (and default_client_limit of 1000 applied to pop3). And I have 2 director servers (configured as active-active behind a load balancer), so I need director servers to handle (more or less) 10240 imap connections.
What is it better for the director's? Increasing process_limit for imap-login (so each process should handle less connections) or increasing client_limit (less processes handling more connections each)?
If you increase process_limit to more than the number of CPU cores you have, then you increase the number of context switched done by the kernel, which decreases your performance. So I'd say increase client_limit.
On 11/06/12 13:45, Timo Sirainen wrote:
On 11.6.2012, at 13.19, Angel L. Mateo wrote:
Proxying is done by imap-login process, not imap process. For login processes there are different recommendations.
What are those recommendations? The ones at http://wiki2.dovecot.org/LoginProcess?
Yes.
Let's suppose... I have 4 mainly imap backend servers (but they admit also pop3 connections) with a process_limit of 5120 for service imap (and default_client_limit of 1000 applied to pop3). And I have 2 director servers (configured as active-active behind a load balancer), so I need director servers to handle (more or less) 10240 imap connections.
What is it better for the director's? Increasing process_limit for imap-login (so each process should handle less connections) or increasing client_limit (less processes handling more connections each)?
If you increase process_limit to more than the number of CPU cores you have, then you increase the number of context switched done by the kernel, which decreases your performance. So I'd say increase client_limit.
I'm trying to configure it this way, so I have configure process_limit to the number of cores and client_limit big enough to attempt the maximum number of connections configured at the backends.
In my test environment I have configured (this is extracted from doveconf -n output):
service imap-login { client_limit = 10740 executable = imap-login director process_limit = 1 process_min_avail = 1 }
When I made the first connection, there's no problem, but if I try a second while the first is still open, I get:
Jun 13 13:09:12 myotis40 dovecot: master: Warning: service(imap-login): client_limit (1) reached, client connections are being dropped
Why is telling me that client_limit is reached? What client_limit is used?-- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337
On Wed, 2012-06-13 at 13:15 +0200, Angel L. Mateo wrote:
In my test environment I have configured (this is extracted from doveconf -n output):
service imap-login { client_limit = 10740 executable = imap-login director process_limit = 1 process_min_avail = 1 }
When I made the first connection, there's no problem, but if I try a second while the first is still open, I get:
Jun 13 13:09:12 myotis40 dovecot: master: Warning: service(imap-login): client_limit (1) reached, client connections are being dropped
Why is telling me that client_limit is reached? What client_limit is used?
Dunno. What Dovecot version? Show the whole doveconf -n? You don't have multiple dovecot.confs, right?
On 13/06/12 14:06, Timo Sirainen wrote:
On Wed, 2012-06-13 at 13:15 +0200, Angel L. Mateo wrote:
In my test environment I have configured (this is extracted from doveconf -n output):
service imap-login { client_limit = 10740 executable = imap-login director process_limit = 1 process_min_avail = 1 }
When I made the first connection, there's no problem, but if I try a second while the first is still open, I get:
Jun 13 13:09:12 myotis40 dovecot: master: Warning: service(imap-login): client_limit (1) reached, client connections are being dropped
Why is telling me that client_limit is reached? What client_limit is used?
Dunno. What Dovecot version? Show the whole doveconf -n? You don't have multiple dovecot.confs, right?
2.1.5. Whole doveconf is attached. As far as I could find, I don't have multiple.confs but, because I'm managing configuration with puppet, is easier for me to have a few "service imap-login" entries in the 10-master.conf file. In previous checks I did, it seems to be mixed without problems, but I'm going to try to manually mixed them. What I have is:
service imap-login { inet_listener imap { #port = 143 } inet_listener imaps { #port = 993 #ssl = yes }
# Number of connections to handle before starting a new process.
Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster.
# Number of processes to always keep waiting for more connections. #process_min_avail = 0
# If you set service_count=0, you probably need to grow this. #vsz_limit = $default_vsz_limit }
...
service imap-login { executable = imap-login director client_limit = 10740 process_limit = 1 process_min_avail = 1 }
-- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337
On Wed, 2012-06-13 at 14:15 +0200, Angel L. Mateo wrote:
2.1.5. Whole doveconf is attached. As far as I could find, I don't have multiple.confs but, because I'm managing configuration with puppet, is easier for me to have a few "service imap-login" entries in the 10-master.conf file. In previous checks I did, it seems to be mixed without problems, but I'm going to try to manually mixed them. What I have is: .. service imap-login { # Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster.
#service_count = 1
Oh, right, service_count=1 is the default and that overrides client_limit. Set it to 0.
On Wed, 2012-06-13 at 15:28 +0300, Timo Sirainen wrote:
Oh, right, service_count=1 is the default and that overrides client_limit. Set it to 0.
El 13/06/12 14:39, Timo Sirainen escribió:
On Wed, 2012-06-13 at 15:28 +0300, Timo Sirainen wrote:
Oh, right, service_count=1 is the default and that overrides client_limit. Set it to 0.
Thank you. This solved my problem.
participants (3)
-
Angel L. Mateo
-
Reindl Harald
-
Timo Sirainen