I've got a scenario happening which I believe is tied to
Enhanced Security authentication performance. Here is the
machine in question :
AlphaServer 1000A/233, 256M memory, DU4.0B, slightly patched.
OSF1 machine.name.here V4.0 564 alpha
Enhanced Security enabled
The machine handles shell account users (maybe 20-40 at
any one time) and lots of SMTP/POP traffic. I'm starting
to see load average spikes into the 80-100 range, where
the machine normally runs at .5 to 2. When the spike is
happening, the disk IO is not excessive, system memory
does not appear to be a problem. But swap reserve fills
up due to the process list growing larger.
In the process list, basically I'm seeing hundreds of
popper processing building up. The popper we are running
has been modified NOT to do DNS queries, because that used
to be a bottleneck, so that's not it. Also during the spike,
it takes minutes to get a login/password prompt going
through the login program or something like ftpd.
The only way we can recover is to comment the pop3 port
out of /etc/inetd.conf for about 2 minutes and the system
load returns to normal. Re-enable the port and off we go
with normal performance.
We've spent several weeks looking at this, and the only
conclusion I can reach is the Enhanced Security subsystem
is being overloaded. The machine has over 21000 logins in
/etc/passwd and the protected database. During the spikes,
we are logging upwards of 3.4 popper accesses per second.
Under normal running conditions during the day, we log
around 2.8 per second. While this is going on, there are
a few logins via telnet/rlogin and ftp, but nothing
significant.
Has anyone else hit a similar ceiling? What are the options,
more memory? OS version upgrade? Patches? Buy another Alpha
and cluster them to distribute the authentication load? There
has to be a good way to scale authentication requests.
Any advice would certainly be appreciated.
--
Kevin Houle
netINS, Inc.
kevin_at_netins.net
Received on Tue Jan 27 1998 - 00:01:38 NZDT