The conventional LVS wisdom is that it's not a good
idea to build an LVS e-commerce website in which https
is persistent for long periods.
The initial idea was that a long timeout allows
the customer to have a cup of coffee or surf to
other websites while thinking about their on-line
purchase.
The problem with this approach is that the amount
of memory use is expected to be large and the director
will run out of memory. We've been telling people
to rewrite their application so that state is maintained
on the realservers allowing the customer to take an
indefinite time to complete their purchase.
Currently 1G of memory costs about an hour of programmer's time
(+ benefits, + office rental/heating/airconditioning/equipment
+ support staff). Since memory is cheap compared to the cost
of rewriting your application, I was wondering if brute
force might just be acceptable.
I can't find any estimates of the numbers involved in the HOWTO
although similar situations have been discussed on the mailing
list eg
http://marc.theaimsgroup.com/?l=linux-virtual-server&m=99200010425473&w=2
there the calculation was done to see how long a director would
hold up under a DoS. The answer was about 100secs for 128M memory
and 100Mbps link to the attacker doing a SYN flood.
I'm not running one of these web
sites and I don't know the real numbers here. Is amazon.com
or ebay connected by 100Mbps to the outside world?
What you can do with 1G of memory on the director?
each connection requires 128bytes. 1G/128 is 8M customers
online at any one time. Assuming everyone buys something
this is 1500 purchases/sec. You'd need the population of
a large town just to handle shipping stuff at this rate.
I doubt if any website at peak load has
8M simultaneous customers.
However you only have 64k ports on each realserver to
connect with customers allowing only have 64k
customers/realserver. How much memory do you need on
the director to handle a fully connected realserver?
64k x 128 = 8M
Let's say there are 8 realservers. How much memory
is needed on the director?
8 x 8M = 64M
this is not a lot of memory. So the problem isn't
memory but realserver ports AFAIK
What is the minimum throughput of customers assuming
they all take 4000 sec (66 mins) to make their
purchase?
8 x 64k/4000 = 64 purchases/sec
You're still going to need a hire a few people to pack and
ship all this stuff. If people use only take 6mins
for their purchase, you'll be shipping 640 packages/sec.
Assuming you make $10/purchase at 64 purchases/sec, that's
$2.5G/yr.
So with 64M of memory, 8 realservers, 4000sec persistence
timeout, and a margin of $10/purchase I can make a profit
of $2.5G/yr.
It seems memory is not the problem here, but realserver
ports (or being able to ship all the items you sell).
Let's look at another use of persistence - for squids
(despite the arrival of the -DH scheduler, some people
prefer persistence for squids).
Here you aren't limited by shipping and handling of purchases.
Instead you are just shipping packets to the various target
httpd servers on the internet. You are still limited to
64k clients/realserver. Assume you make persistence = 256secs
(anyone client who is idle for that time is not interested
in performance). This means that the throughput/realserver is
256hits/sec. This isn't great. I don't know what throughput
to expect out of a squid, but I suspect it's a lot more.
This is not what we've been saying on the mailing list.
Have I missed something?
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|