Socket5 getting started, socket5

Source: Internet
Author: User
Tags erro connection reset

Socket5 getting started, socket5


Official Website: http://ss5.sourceforge.net/


Scenario Description


In the development of payment projects, for security reasons, the network segment deployed by the App cannot directly access the public network. Therefore, technical means are required to allow the App to access the public network.


I tried several methods, each of which has its own advantages and disadvantages:

Nginx forwarding. The disadvantage is that the certificate is not transmitted to a third party and is unacceptable;

RINETD forwarding. The disadvantage is that it can only be forwarded to a fixed IP address and is unacceptable;

The disadvantage of configuring routing rules is that it will affect the routing of the entire machine and is not sure whether the routing is secure or reliable;

The disadvantage of Socket5 proxy is that you need to modify the code, but you can proxy Http/Https/Ftp and so on to meet the requirements.


Install SS5


About SS5 installation process, there are many tutorials on the internet, do not go into details, for example, you can refer to this URL: http://lxsym.blog.51cto.com/1364623/769691.


SS5 stress testing


Network Monitoring Method


The dstat command represents the receive/send. It seems that receive is the number of bytes received, * 8 is the bandwidth, and send is not the number of bytes sent by the machine to the Internet, therefore, it is not required to determine the sending and receiving traffic;

Iftop command, in the experimental scenario (about 4 baidu homepage requests per second, the received traffic is about KB * 4), displays the sent and received traffic, the traffic sent and received per second is basically the same as that calculated by the program. Therefore, this command is used to determine the network traffic.


SS5 logs


1. STARTED and TERMINATED are paired to indicate the start and end of a connection.

[08/Apr/2015: 19: 46: 57 CST] [1035835136] 10.10.96.106 "CONNECT" STARTED 0 0 0 0 (10.10.96.106: 55389-> 220.181.112.244: 80)

[08/Apr/2015: 19: 48: 03 CST] [1035835136] 10.10.96.106 "CONNECT" TERMINATED 23189 352 66 (10.10.96.106: 55389-> 220.181.112.244: 80)


2. Not every proxy request is recorded

When we access the public network, a Socket request (Client: IP + Port and Server: IP + Port) will last for a long time, so it will not be reused within 1 second, therefore, logs can be basically recorded;

When we test to access an intranet URL, a few hundred successful Socket requests are completed within one second, many of which are reused. For the "Client: IP + Port and Server: the IP + Port is the same Socket, and SS5 is considered to be one, with only one line of log;

In this case, it can be explained that when accessing an intranet URL, there are only several hundred lines of logs for thousands of successful requests.


We consider the above two log scenarios as normal.

3. Socks method unknown or bad request

Telnet port 1080, input characters; or F5 heartbeat detection port 1080, this log will be continuously reported. This should be filtered out through better configuration.


Performance indicators


In the case of high concurrency, the Socket connection is not normally released in time, or the critical value is reached. The following error is reported.


The log reports the following error (screen FLUSHING ):

[08/Apr/2015: 16: 06: 23 CST] [0] [ERRO] $ S5ServerAccept $: (Too supports open files ).

[08/Apr/2015: 16: 06: 23 CST] [1916823296] [ERRO] $ S5GetClientInfo $: (Bad file descriptor ).


The program reports the following error:

Java.net. SocketException: SOCKS server general failure
At java.net. SocksSocketImpl. connect (SocksSocketImpl. java: 526)
At java.net. Socket. connect (Socket. java: 529)
At sun.net. NetworkClient. doConnect (NetworkClient. java: 158)
At sun.net. www. http. HttpClient. openServer (HttpClient. java: 411)
At sun.net. www. http. HttpClient. openServer (HttpClient. java: 525)
At sun.net. www. http. HttpClient. <init> (HttpClient. java: 208)
At sun.net. www. http. HttpClient. New (HttpClient. java: 291)
At sun.net. www. http. HttpClient. New (HttpClient. java: 310)
At sun.net. www. protocol. http. HttpURLConnection. getNewHttpClient (HttpURLConnection. java: 987)
At sun.net. www. protocol. http. HttpURLConnection. plainConnect (HttpURLConnection. java: 966)
At sun.net. www. protocol. http. HttpURLConnection. connect (HttpURLConnection. java: 841)
At cl. an. HttpConn. run (HttpSocketPressTest. java: 188)
At java. util. concurrent. Executors $ RunnableAdapter. call (Executors. java: 439)
At java. util. concurrent. FutureTask $ Sync. innerRun (FutureTask. java: 303)
At java. util. concurrent. FutureTask. run (FutureTask. java: 138)
At java. util. concurrent. ThreadPoolExecutor $ Worker. runTask (ThreadPoolExecutor. java: 895)
At java. util. concurrent. ThreadPoolExecutor $ Worker. run (ThreadPoolExecutor. java: 918)
At java. lang. Thread. run (Thread. java: 662)


Performance Test Results:

  Socket connection count-normal critical value (approx) Socket connection count-critical exception threshold (approx) After the exception critical value is reached
Openfiles-1024 450 550 Only 200 threads are retained for the reported Bug. The Bug will return to normal after 35 seconds.
Openfiles-4096 2000 2100-2500 First case:
Ss5 stops abnormally and cannot be restored: service ss5 status. You can see:
Ss5 is dead, but the subsys is locked. Sometimes it will report: *** glibc detected ***/usr/sbin/ss5: free (): invalid pointer: 0x00007f693c0207e0 ***
Case 2:
Too program open files mentioned in the report, with only 200 threads retained and restored in 10 seconds;
Openfiles-65536 The result is similar to openfiles-4096.    

Based on our test results, the virtual machine 10.100.140.85 (4 CPUs, 6 GB memory) can be considered as a maximum of 2000 concurrent connections.

The official website's performance indicator is: IBM X360, supporting 2500 concurrent jobs.

Command for viewing the number of Socket connections: netstat-napo | grep 1080 | wc-l

Run the command vim/etc/security/limits to view the maximum number of files opened at the same time. conf, you need to open a new terminal, ulimit-n, confirm that it takes effect, service ss5 restart, will take effect in ss5.


Reference URL:

Http://www.codesky.net/article/201105/161796.html

Http://www.justwinit.cn/post/6482/

Http://blog.csdn.net/leili0806/article/details/7534985


Stress Test Results


Access www.baidu.com (page size: 135KB)


1. Due to bandwidth restrictions (measured and obtained public bandwidth, only about m-2 m), on average, only 10-20 successful Http requests may be returned per second.

2. java.net. SocketTimeoutException: Read timed out: this is because the network bandwidth does not Read data from the stream during the Timeout time. This is normal because of the network. This problem occurs when Socket5 proxy is not used.

3. java.net. ConnectException: Connection timed out: connect: is also the network reason. No Connection to the remote server is successful within the Timeout time. This is normal because of the network. This problem occurs when Socket5 proxy is not used.

4. java.net. SocketException: Connection reset: suspected to be the cause of remote server.

5. The test is as follows:

Iftop:


Dstat:


6. During the test, watch-n1-d 'netstat-an | grep 100' is completely normal, and the SS5 service itself has no pressure.

7. Test results:

A and 3 machines each have 100 concurrent threads with a success rate of 85%, 65%, and 67% respectively. The cause of failure is basically Read timee out, that is, 30 seconds cannot completely read all returned data from the network input stream.

B. One machine has 100 concurrent jobs with a success rate of about 98%.


URL


You can run a bandwidth of about 50-60 M, with an average of 250 successful responses per second. The success rate is 100%, as shown below:

Iftop:


Dstat:



Conclusion

  • The SS5 service itself is under great pressure. After ulimit-n is optimized, it supports about 2000 concurrency.
  • SS5 provides sufficient bandwidth. The smaller the requested file, the better the network, and more successful responses are supported.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.