Analysis of the negative impact of IIS concurrent connections

Source: Internet
Author: User
Keywords Concurrency firewalls IIS negative impact

IIS is the abbreviation for Internet Information Server, it is Microsoft's main push server, the latest version is Windows2000 contains IIS 5,iis and WINDOWNT server fully integrated, Thus users can take advantage of Windows NT Server and NTFS (NT http://www.aliyun.com/zixun/aggregation/19352.html ">file System"), NT File system built-in security features to build strong, flexible and secure Internet and intranet sites.

IIS supports HTTP (hypertext transmits Kyoto, Hyper-Text Transfer Protocol), FTP (file transmits Kyoto, Files Transfer Protocol), and SMTP protocol, by using CGI and ISAPI, IIS can be highly extensible.

IIS supports language-independent scripting and components that allow developers to develop a new generation of dynamic, glamorous web sites. IIS does not require developers to learn new scripting languages or to compile applications, IIS fully supports VBSCRIPT,JSCRIPT development software and Java, and it also supports CGI and wincgi, as well as ISAPI extensions and filters.

The number of concurrent connections refers to the ability of a firewall or proxy server to handle its business information flow, is the maximum number of point-to-point connections that a firewall can handle at the same time, reflecting the ability of the firewall device to access and link state tracking for multiple connections, and the size of this parameter directly affects the maximum amount of information that the firewall can support.

The number of concurrent connections is an important index to measure the performance of firewalls. In the current market, the common firewall equipment in the manual can be seen, from low-end devices 500, 1000 concurrent connection, to high-end equipment tens of thousands of, hundreds of thousands of concurrent connection, there are several orders of magnitude difference. So what exactly is the number of concurrent connections? How does its size affect the user's day-to-day use? To understand the number of concurrent connections, you first need to understand the concept of "session". This "conversation" is not our usual conversation, but can be used to understand the usual conversation, two people in the conversation, you a sentence, I, a question, we call it a dialogue, or call the conversation. Similarly, when we work with a computer, we open a window or a Web page, we can also call it a "session", extended to a local area network, all users to the Internet through the firewall, to open a number of Windows or Web page hair (that is, the session), then, this firewall, the maximum number of sessions can be processed , is the number of concurrent connections.

Like the router's routing table holds routing information, there is also a table in the firewall, which we call the concurrent join table, where the firewall is used to hold concurrent connection information, and it can dynamically allocate the memory space of the process after the firewall system starts, which is the maximum number of concurrent connections the firewall can support. Large concurrent connection tables can increase the maximum number of concurrent connections to the firewall, allowing the firewall to support more client terminals. Although it appears that the number of concurrent connections for similar products such as firewalls seems to be greater, the better. But at the same time, too large concurrent join table can also bring some negative effects:

1. The increase in the number of concurrent connections means the consumption of system memory resources

Each Concurrent connection table entry occupies a 300B calculation and 1000 concurrent connections will occupy 300bx1000x8bit/ B≈2.3MB memory space, 10,000 concurrent connections will consume 23Mb of memory space, 100,000 concurrent connections will consume 230Mb of memory space, and if you really try to implement 1 million concurrent connections, then this product will need to provide 2.24Gb memory space!

2. Increase the number of concurrent connections should fully consider the processing capacity of the CPU

The main task of the

CPU is to forward traffic on the network from one network segment as quickly as possible to another network segment, and in the process of forwarding the traffic according to a certain access control policy for license check, traffic statistics and access audit operations, This requires the firewall to continuously update read and write operations on the corresponding table entries in the Concurrent connection table. Regardless of the actual processing capacity of the CPU and rashly increase the system's concurrent connection table, it is bound to affect the firewall on the connection request processing delay, resulting in some connection timeout, so that more connection messages are sent back, resulting in more connection timeout, the final formation of avalanche effect, resulting in the entire firewall system crashes.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.