[mod_python] mod_python or apache scalability?

Alec Matusis matusis at matusis.com
Mon Oct 1 22:07:25 EDT 2007 

> Have you determined for certain that you aren't the target of an
> external SYN Flood DOS attack?

I strongly suspect it has to do with this "frozen" apache state, because

a) I do not see an inbound bandwidth spike on the bandwidth monitor
b) As soon as apache is restarted, everything is normal, SYN flood messages
go away. 
I would not expect the attack to stop when we restart apache ;)

> BTW, what operating system are you using?
We are on SuSE 9.3 (x86-64) kernel 2.6.11.4-21.12-smp

> FWIW, I personally would try and move from prefork to worker MPM as
> the number of Apache child processes you are running with is to my
> mind excessive.

I will certainly try that, but not till next week, since it involves
recompiling apache.
I will upgrade to apache 2.2 and mod_python 3.3.1 at the same time- I am not
sure if they have any performance improvements over 2.0/mod_python 3.1.4
combination.



> -----Original Message-----
> From: Graham Dumpleton [mailto:graham.dumpleton at gmail.com]
> Sent: Monday, October 01, 2007 6:47 PM
> To: Alec Matusis
> Cc: mod_python at modpython.org
> Subject: Re: [mod_python] mod_python or apache scalability?
> 
> On 01/10/2007, Alec Matusis <matusis at matusis.com> wrote:
> > in the apache error log. We also got
> >
> > kernel: possible SYN flooding on port 80. Sending cookies.
> >
> > in /var/log/messages system log.
> 
> Have you determined for certain that you aren't the target of an
> external SYN Flood DOS attack?
> 
> Do a Google search for 'kernel: possible SYN flooding on port 80.
> Sending cookies' and you will find lots of stuff to read. Your running
> out of or having a large number of socket connections may be
> symptomatic of a large number of half open connections being created
> and then being left in TIME_WAIT. Thus perhaps do some better analysis
> of socket connection states using netstat. If not a SYN Flood, then
> possibly follow some of the other suggestions in the pages you will
> find when you do the search.
> 
> FWIW, I personally would try and move from prefork to worker MPM as
> the number of Apache child processes you are running with is to my
> mind excessive. Using worker would certainly drop memory usage for a
> start as you wouldn't need as many child processes to be started. I
> wouldn't be concerned about running out of threads as when running
> worker I wouldn't suggest more than 25 threads per process as a
> starting point anyway. If your mod_python application was creating
> lots of threads, you are likely to hit the thread limit with prefork
> and not just worker so which MPM is used shouldn't be an issue in that
> case.
> 
> BTW, what operating system are you using?
> 
> Graham

More information about the Mod_python mailing list