Jetty Low Resources Configuration
Published: 02/19/2014
PingFederate uses Jetty servlet engine internally which allows administrators to configure a low resource threshold. Administrators can configure an alternative idle connection timeout value to be used when the low resource threshold is exceed.
Under normal conditions MaxIdleTime setting (in jetty-runtime.xml) controls the maximum idle time for a connection. An idle connection is closed after MaxIdleTime milliseconds of inactivity.
LowResourcesConnections and LowResourcesMaxIdleTime elements of <addConnector> elements in jetty-runtime.xml files can be used to configure a low resource threshold and maximum idle time to be used when low resource threshold is exceed. :
Under normal conditions MaxIdleTime setting (in jetty-runtime.xml) controls the maximum idle time for a connection. An idle connection is closed after MaxIdleTime milliseconds of inactivity.
LowResourcesConnections and LowResourcesMaxIdleTime elements of <addConnector> elements in jetty-runtime.xml files can be used to configure a low resource threshold and maximum idle time to be used when low resource threshold is exceed. :
...<Set name="Port"><SystemProperty name="pf.https.port" default="9031" /></Set><Set name="MaxIdleTime">30000</Set><!--LowResourcesConnections is not applicable for connectors of type com.pingidentity.appserver.jetty.server.connector.SocketConnector
In this example connections will be closed after 30 seconds under normal load. But connections will be closed after 5 seconds if there are more than 10000 active connections.
--><Set name="LowResourcesConnections"> 10000</Set><Set name="LowResourcesMaxIdleTime"> 5000</Set>...
LowResourcesConnections : Sets the number of connections, which if exceeded places this connector in a low resources state. This is not an exact measure as the connection count is averaged over the select sets. When in a low resources state, LowResourcesMaxIdleTime setting can be used to configure an alternate maximum idle time value.
LowResourcesConnections is not applicable for connectors of type com.pingidentity.appserver.jetty.server.connector.SocketConnector, which automatically calculates this value. Only LowResourcesMaxIdleTime can be used for these connectors.
LowResourcesMaxIdleTime : Sets the period in milliseconds that a connection is allowed to be idle when there are more than
LowResourcesConnections connections. This allows the server to rapidly close idle connections in order to gracefully handle high load situations.
In order for the lowResourcesConnections and lowResourcesMaxIdleTime properties to be effective you need to determine what level of load would saturate the system such that timing out connections makes sense.
The danger with setting the lowResources thresholds too low is that connections that are open and in use could also be closed. So it is possible that you could be timing out, and closing, connections that are actually in use, but simply taking a long time to process due to the server (or dependent server) being under excessive load.
The danger with setting the lowResources thresholds too low is that connections that are open and in use could also be closed. So it is possible that you could be timing out, and closing, connections that are actually in use, but simply taking a long time to process due to the server (or dependent server) being under excessive load.
For example let's assume that:
- You set LowResourcesMaxIdleTime to 5000 (5 seconds)
- You are using a jdbc connection for attribute lookup
- If your database is temporarily under heavy load and it's taking 6 seconds to complete an attribute lookup then the connection will be closed after 5 seconds although it was still trying to fetch data from the database.
Please make sure that you test thoroughly and decide on the best values for your environment. You should not need to use these settings under normal circumstances. Please contact Ping Identity support for more information.
Category:
Administration
KB or other URL: