The increasing number of Internet users and innovative new services such as
e-commerce are placing new demands on Web servers. It is becoming
essential for Web servers to provide performance isolation, have fast recovery
times, and provide continuous service during overload at least to preferred
customers.
In this paper, we present the design and implementation of a kernel-based
architecture that protects Web servers against overload by controlling the
amount and rate of work entering the system. We present three mechanisms
that provide admission control and service differentiation based on
connection and application level information. Our basic admission control
mechanism, TCP SYN policing, limits the acceptance rate of new
requests based on the connection attributes. The second mechanism,
prioritized listen queue, supports different service classes by reordering
the listen queue of a server socket based on the priorities of the incoming
connection requests. Third, we present URL-based connection control
that uses application-level information such as URLs and cookies to define
priorities and rate control policies.
We have implemented these mechanisms in AIX 5.0. Through numerous experiments
we demonstrate the effectiveness of
these mechanisms in achieving the desired degree of service differentiation during
overload. We also show that the kernel mechanisms are more
efficient and scalable than application level controls implemented
in the Web server.
By: Thiemo Voigt, Renu Tiwari, Douglas Freimuth, Ashish Mehra (iScale Networks)
Published in: RC21925 in 2001
LIMITED DISTRIBUTION NOTICE:
This Research Report is available. This report has been submitted for publication outside of IBM and will probably be copyrighted if accepted for publication. It has been issued as a Research Report for early dissemination of its contents. In view of the transfer of copyright to the outside publisher, its distribution outside of IBM prior to publication should be limited to peer communications and specific requests. After outside publication, requests should be filled only by reprints or legally obtained copies of the article (e.g., payment of royalties). I have read and understand this notice and am a member of the scientific community outside or inside of IBM seeking a single copy only.
Questions about this service can be mailed to reports@us.ibm.com .