Performance Tuning#
The Gluu Server has a stateless architecture and scales quite well out-of-the-box. However, to achieve maximum performance, the following server components must be tuned accordingly:
- Operating System (OS)
- Memory and infrastructure
- LDAP
- Web application container (Jetty, JBoss)
- Gluu Server configurations
Operating System#
The Gluu Server is designed for Linux. Therefore, the following can be tuned as needed:
Note
Most configurations below can be tuned in /etc/security/limits.conf
, however it may depend on OS.
-
Increase TCP Buffer Sizes
sysctl -w net.core.rmem_max=16777216 sysctl -w net.core.wmem_max=16777216 sysctl -w net.ipv4.tcp_rmem="4096 87380 16777216" sysctl -w net.ipv4.tcp_wmem="4096 16384 16777216"
-
Increase connection listening size
sysctl -w net.core.somaxconn=4096 sysctl -w net.core.netdev_max_backlog=16384 sysctl -w net.ipv4.tcp_max_syn_backlog=8192 sysctl -w net.ipv4.tcp_syncookies=1
-
Increase ports range
sysctl -w net.ipv4.ip_local_port_range="1024 65535" sysctl -w net.ipv4.tcp_tw_recycle=1
-
Increase file descriptors
* soft nofile 65536 * hard nofile 262144
Memory and infrastructure#
Make sure there is enough memory for each Gluu Server component (e.g. LDAP, Jetty). For high load systems, it can be helpful to have each component on separate machine.
LDAP#
Note
For convenience, all samples are for Gluu OpenDJ. However, these are general recommendations that should apply for other LDAP Servers too.
-
Maximum allowed connections: If there are not enough connections to serve the client, a connection is put "on hold". To avoid delays, provide the expected maximum allowed connections, e.g.:
max-allowed-client-connections=1000
-
LDAP Server resources: Make sure to provide enough resources to LDAP. For example, OpenDJ uses JVM for running. For high performance, make sure enough memory is provided via the JVM system properties.
-
Use cache as much as possible. For example:
dsconfig -n set-backend-prop --backend-name userRoot --set db-cache-percent:50
-
Additional LDAP performance resources can be found in the dollowing docs:
Jetty#
By default, jetty's task queue is unlimited. If load is expected to be high, limit the task queue. Configuration may vary for each particular scenario.
Example configuration:
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Set name="ThreadPool">
<New class="org.eclipse.jetty.util.thread.QueuedThreadPool">
<!-- specify a bounded queue -->
<Arg>
<New class="java.util.concurrent.ArrayBlockingQueue">
<Arg type="int">6000</Arg>
</New>
</Arg>
<Set name="minThreads">10</Set>
<Set name="maxThreads">200</Set>
<Set name="detailedDump">false</Set>
</New>
</Set>
</Configure>
Gluu Server configurations#
-
oxauth-ldap.properties: Increase the LDAP connection pool size, e.g.:
``` maxconnections: 1000 ```
-
Make sure logging is turned OFF. Logging blocks threads and has a significant impact on performance. First test with low load, then test for high load with logging completely off. To turn off logging, in oxTrust navigate to
Configuration -> JSON Configuration -> oxAuth Configuration
and setloggingLevel:
toOFF
. Check the log files to confirm logging is off. -
Turn off metrics. Gathering metrics also impacts performance. To turn metrics off, in oxTrust navigate to:
Configuration -> JSON Configuration -> oxAuth Configuration
, and setmetricReporterEnabled:
tofalse
.