search

ThreeMammals / Ocelot

.NET API Gateway
https://www.nuget.org/packages/Ocelot
MIT License
8.31k stars 1.63k forks source link

sockect seems like not reuse on cenos or docker but reuse in window(iis) #1861

Closed JokkerLiu closed 8 months ago

JokkerLiu commented 8 months ago

Specifications

Problem

send 80 concurrent requests per-second by using jmtter , i get the diffrent result:

in iis,the downstream service used about 61 TCP connenct,and all of them with status "ESTABLISHED", but in centos or docker,proxy by nginx, the TCP connect increse fast, and most of them are "TIME_WAIT"

anyone can help? thanks

image

Here is the /etc/sysctl.conf

[root@sh_idc_db_03 Ocelot.Api]# sysctl -p

net.core.somaxconn = 32768
net.core.netdev_max_backlog = 16384
net.core.rmem_default = 262144
net.core.wmem_default = 262144
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.optmem_max = 16777216
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_max_syn_backlog = 16384
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 87380 16777216
net.ipv4.tcp_tw_recycle = 0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_abort_on_overflow = 1
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
vm.swappiness = 1
vm.overcommit_memory = 1

Here is the nginx.conf

upstream gateway {
    server 192.168.5.4:30088;
    #server 192.168.5.3:30088;
    server 192.168.5.6:30088;
}
server {
    listen 443 ssl;
    server_name gateway.mydoamin.net;
    ssl_certificate /home/nginx/cert/mydoamin.net_bundle.crt;
    ssl_certificate_key /home/nginx/cert/mydoamin.net.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    add_header backendCode $upstream_status;
    add_header BackendIP "$upstream_addr;" always;

    location / {
      proxy_pass http://gateway;
      #proxy_read_timeout 300;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Real-Port $remote_port;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

image

JokkerLiu commented 8 months ago

https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive

raman-m commented 8 months ago

Dear author, We are not Nginx repository! 🤣 Please, find appropriate nginx repo to push your messages 😉