From db380b2d1a991d3b6cddbf84154634b254463fc2 Mon Sep 17 00:00:00 2001 From: Datong Sun Date: Thu, 7 Sep 2023 16:33:11 +0800 Subject: [PATCH 1/2] perf(template): use more reasonable default value for Nginx tuning (#11515) Bumped the default value of `upstream_keepalive_pool_size` to `512` and `upstream_keepalive_max_requests` to `1000`. FTI-4868 --- CHANGELOG/unreleased/kong/11515.yaml | 7 ++++ kong.conf.default | 50 +++++++++++++++---------- kong/templates/kong_defaults.lua | 9 +++-- spec/01-unit/04-prefix_handler_spec.lua | 2 +- 4 files changed, 43 insertions(+), 25 deletions(-) create mode 100644 CHANGELOG/unreleased/kong/11515.yaml diff --git a/CHANGELOG/unreleased/kong/11515.yaml b/CHANGELOG/unreleased/kong/11515.yaml new file mode 100644 index 000000000000..28a3209034a8 --- /dev/null +++ b/CHANGELOG/unreleased/kong/11515.yaml @@ -0,0 +1,7 @@ +message: Bumped the default value of `upstream_keepalive_pool_size` to `512` and `upstream_keepalive_max_requests` to `1000` +type: performance +scope: Configuration +prs: + - 11515 +jiras: + - "FTI-4868" diff --git a/kong.conf.default b/kong.conf.default index 87dad2196f3f..40c7e24179e1 100644 --- a/kong.conf.default +++ b/kong.conf.default @@ -960,26 +960,26 @@ # `text/html`, `application/json`, and # `application/xml`. -#upstream_keepalive_pool_size = 60 # Sets the default size of the upstream - # keepalive connection pools. - # Upstream keepalive connection pools - # are segmented by the `dst ip/dst - # port/SNI` attributes of a connection. - # A value of `0` will disable upstream - # keepalive connections by default, forcing - # each upstream request to open a new - # connection. - -#upstream_keepalive_max_requests = 100 # Sets the default maximum number of - # requests than can be proxied upstream - # through one keepalive connection. - # After the maximum number of requests - # is reached, the connection will be - # closed. - # A value of `0` will disable this - # behavior, and a keepalive connection - # can be used to proxy an indefinite - # number of requests. +#upstream_keepalive_pool_size = 512 # Sets the default size of the upstream + # keepalive connection pools. + # Upstream keepalive connection pools + # are segmented by the `dst ip/dst + # port/SNI` attributes of a connection. + # A value of `0` will disable upstream + # keepalive connections by default, forcing + # each upstream request to open a new + # connection. + +#upstream_keepalive_max_requests = 1000 # Sets the default maximum number of + # requests than can be proxied upstream + # through one keepalive connection. + # After the maximum number of requests + # is reached, the connection will be + # closed. + # A value of `0` will disable this + # behavior, and a keepalive connection + # can be used to proxy an indefinite + # number of requests. #upstream_keepalive_idle_timeout = 60 # Sets the default timeout (in seconds) # for which an upstream keepalive @@ -1137,6 +1137,16 @@ # It is recommended to set it to at least (number of regex paths * 2) # to avoid high CPU usages. +#nginx_http_keepalive_requests = 1000 # Sets the maximum number of client requests that can be served through one + # keep-alive connection. After the maximum number of requests are made, + # the connection is closed. + # Closing connections periodically is necessary to free per-connection + # memory allocations. Therefore, using too high maximum number of requests + # could result in excessive memory usage and not recommended. + # See: https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests + + + #------------------------------------------------------------------------------ # DATASTORE #------------------------------------------------------------------------------ diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua index fea900620be8..fb4bb3110aef 100644 --- a/kong/templates/kong_defaults.lua +++ b/kong/templates/kong_defaults.lua @@ -62,8 +62,8 @@ status_ssl_cert_key = NONE headers = server_tokens, latency_tokens trusted_ips = NONE error_default_type = text/plain -upstream_keepalive_pool_size = 60 -upstream_keepalive_max_requests = 100 +upstream_keepalive_pool_size = 512 +upstream_keepalive_max_requests = 1000 upstream_keepalive_idle_timeout = 60 allow_debug_header = off @@ -84,6 +84,9 @@ nginx_http_ssl_prefer_server_ciphers = NONE nginx_http_ssl_dhparam = NONE nginx_http_ssl_session_tickets = NONE nginx_http_ssl_session_timeout = NONE +nginx_http_lua_regex_match_limit = 100000 +nginx_http_lua_regex_cache_max_entries = 8192 +nginx_http_keepalive_requests = 1000 nginx_stream_ssl_protocols = NONE nginx_stream_ssl_prefer_server_ciphers = NONE nginx_stream_ssl_dhparam = NONE @@ -93,8 +96,6 @@ nginx_proxy_real_ip_header = X-Real-IP nginx_proxy_real_ip_recursive = off nginx_admin_client_max_body_size = 10m nginx_admin_client_body_buffer_size = 10m -nginx_http_lua_regex_match_limit = 100000 -nginx_http_lua_regex_cache_max_entries = 8192 client_body_buffer_size = 8k real_ip_header = X-Real-IP diff --git a/spec/01-unit/04-prefix_handler_spec.lua b/spec/01-unit/04-prefix_handler_spec.lua index a85b423ef962..69b055974e48 100644 --- a/spec/01-unit/04-prefix_handler_spec.lua +++ b/spec/01-unit/04-prefix_handler_spec.lua @@ -1116,7 +1116,7 @@ describe("NGINX conf compiler", function() nil, true) assert.matches("daemon on;", contents, nil, true) assert.matches("listen 0.0.0.0:9000;", contents, nil, true) - assert.not_matches("keepalive", contents, nil, true) + assert.not_matches("keepalive%s+%d+", contents) end) end) end) From 4e4426880f213129937f2a7cfc98e2d6de7d25dc Mon Sep 17 00:00:00 2001 From: Xiaochen Date: Thu, 21 Dec 2023 18:22:47 +0800 Subject: [PATCH 2/2] perf(proxy): use higher default keepalive request value for Nginx tuning (#12223) Bumped default values of `nginx_http_keepalive_requests` and `upstream_keepalive_max_requests` to `10000`. KAG-3360 --------- Co-authored-by: Datong Sun (cherry picked from commit f7e6eeefe006af11129d1b0e39a1c06449a53d42) --- changelog/unreleased/kong/optimize_keepalive_parameters.yml | 3 +++ kong.conf.default | 2 +- kong/templates/kong_defaults.lua | 4 ++-- 3 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 changelog/unreleased/kong/optimize_keepalive_parameters.yml diff --git a/changelog/unreleased/kong/optimize_keepalive_parameters.yml b/changelog/unreleased/kong/optimize_keepalive_parameters.yml new file mode 100644 index 000000000000..49ec8baf6d4f --- /dev/null +++ b/changelog/unreleased/kong/optimize_keepalive_parameters.yml @@ -0,0 +1,3 @@ +message: Bumped default values of `nginx_http_keepalive_requests` and `upstream_keepalive_max_requests` to `10000`. +type: performance +scope: Configuration diff --git a/kong.conf.default b/kong.conf.default index 40c7e24179e1..6fb9379f5a17 100644 --- a/kong.conf.default +++ b/kong.conf.default @@ -1137,7 +1137,7 @@ # It is recommended to set it to at least (number of regex paths * 2) # to avoid high CPU usages. -#nginx_http_keepalive_requests = 1000 # Sets the maximum number of client requests that can be served through one +#nginx_http_keepalive_requests = 10000 # Sets the maximum number of client requests that can be served through one # keep-alive connection. After the maximum number of requests are made, # the connection is closed. # Closing connections periodically is necessary to free per-connection diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua index fb4bb3110aef..a259b6acdf76 100644 --- a/kong/templates/kong_defaults.lua +++ b/kong/templates/kong_defaults.lua @@ -63,7 +63,7 @@ headers = server_tokens, latency_tokens trusted_ips = NONE error_default_type = text/plain upstream_keepalive_pool_size = 512 -upstream_keepalive_max_requests = 1000 +upstream_keepalive_max_requests = 10000 upstream_keepalive_idle_timeout = 60 allow_debug_header = off @@ -86,7 +86,7 @@ nginx_http_ssl_session_tickets = NONE nginx_http_ssl_session_timeout = NONE nginx_http_lua_regex_match_limit = 100000 nginx_http_lua_regex_cache_max_entries = 8192 -nginx_http_keepalive_requests = 1000 +nginx_http_keepalive_requests = 10000 nginx_stream_ssl_protocols = NONE nginx_stream_ssl_prefer_server_ciphers = NONE nginx_stream_ssl_dhparam = NONE