[Dovecot] difference between client_limit and process_limit
Hi,
What is the real difference between client and process limit? According to documentation (http://wiki2.dovecot.org/Services#Service_limits):
client_limit: Maximum number of simultaneous client connections. If set to 0, default_client_limit is used instead. process_limit: Maximum number of processes that can exist for this service. If set to 0, default_process_limit is used instead.
But what does "client connection" exactly means? Is a user (login)? Is a user opens a few TCP connections (as many clients do) are they count as different connections?
-- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337
El 08/06/12 12:24, Angel L. Mateo escribió:
Sorry, it's friday, my mind is on the weekend :-(
I understand that client_limit is how many connections (imap connections, for example) could be handle by one dovecot process, so if I have client_limit=2 and process_limit=1024, then I could 2048 concurrent connections, right?
-- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337
Am 08.06.2012 18:17, schrieb Timo Sirainen:
depends on the usecase / workload
having dovecot as proxy for other imap-backends and 1 process per connection will heavily raise up process-count and memory-overhead while memory may be needed for the imap-backend (like dbmail) and datanases
process_limit = 15 client_limit = 300
this way you can have 4500 proxy-connections and use most time not more than 4-5 processes
El 08/06/12 18:43, Timo Sirainen escribió:
What are those recommendations? The ones at http://wiki2.dovecot.org/LoginProcess?
Let's suppose... I have 4 mainly imap backend servers (but they admit also pop3 connections) with a process_limit of 5120 for service imap (and default_client_limit of 1000 applied to pop3). And I have 2 director servers (configured as active-active behind a load balancer), so I need director servers to handle (more or less) 10240 imap connections.
What is it better for the director's? Increasing process_limit for imap-login (so each process should handle less connections) or increasing client_limit (less processes handling more connections each)?
On 11.6.2012, at 13.19, Angel L. Mateo wrote:
Proxying is done by imap-login process, not imap process. For login processes there are different recommendations.
What are those recommendations? The ones at http://wiki2.dovecot.org/LoginProcess?
Yes.
Let's suppose... I have 4 mainly imap backend servers (but they admit also pop3 connections) with a process_limit of 5120 for service imap (and default_client_limit of 1000 applied to pop3). And I have 2 director servers (configured as active-active behind a load balancer), so I need director servers to handle (more or less) 10240 imap connections.
What is it better for the director's? Increasing process_limit for imap-login (so each process should handle less connections) or increasing client_limit (less processes handling more connections each)?
If you increase process_limit to more than the number of CPU cores you have, then you increase the number of context switched done by the kernel, which decreases your performance. So I'd say increase client_limit.
On 11/06/12 13:45, Timo Sirainen wrote:
I'm trying to configure it this way, so I have configure process_limit to the number of cores and client_limit big enough to attempt the maximum number of connections configured at the backends.
In my test environment I have configured (this is extracted from doveconf -n output):
service imap-login { client_limit = 10740 executable = imap-login director process_limit = 1 process_min_avail = 1 }
When I made the first connection, there's no problem, but if I try a second while the first is still open, I get:
Jun 13 13:09:12 myotis40 dovecot: master: Warning: service(imap-login): client_limit (1) reached, client connections are being dropped
Why is telling me that client_limit is reached? What client_limit is used?-- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337
On 13/06/12 14:06, Timo Sirainen wrote:
2.1.5. Whole doveconf is attached. As far as I could find, I don't have multiple.confs but, because I'm managing configuration with puppet, is easier for me to have a few "service imap-login" entries in the 10-master.conf file. In previous checks I did, it seems to be mixed without problems, but I'm going to try to manually mixed them. What I have is:
service imap-login { inet_listener imap { #port = 143 } inet_listener imaps { #port = 993 #ssl = yes }
Number of connections to handle before starting a new process.
Typically
the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
is faster. <doc/wiki/LoginProcess.txt>
#service_count = 1
Number of processes to always keep waiting for more connections.
#process_min_avail = 0
If you set service_count=0, you probably need to grow this.
#vsz_limit = $default_vsz_limit }
...
service imap-login { executable = imap-login director client_limit = 10740 process_limit = 1 process_min_avail = 1 }
-- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica _(___V Tfo: 868887590 Fax: 868888337
On Wed, 2012-06-13 at 15:28 +0300, Timo Sirainen wrote:
Oh, right, service_count=1 is the default and that overrides client_limit. Set it to 0.
participants (3)
-
Angel L. Mateo
-
Reindl Harald
-
Timo Sirainen