2

What is a possible scenario for exhausting the memory designated to a connection zone with limit_conn_zone directive and what are the implication in this case?

Suppose I have this in my configuration:

http {
  limit_conn_zone $binary_remote_addr zone=connzone:1m;
  ...
  server {
    limit_conn connzone 5;

which, according to the documentation, allocates 16000 states for connzone on a 64-bit server. It also says that

If the storage for a zone is exhausted, the server will return error 503 (Service Temporarily Unavailable) to all further requests.

Well, Ok. But what does it mean on practice? When does this happen? Who receives those 503s? Does it mean that if the number of IPs somehow associated with connzone hits 16000 everyone gets a 503 and it's all over? How does Nginx decide? The documentation is weirdly vague on this.

So, considering the example config, who would actually get a 503 and under which circumstances and how would things go from there? Same with request zones?

2 Answers2

1

Practice? You can control the total amount of IPs connected to the server.

When? Well, if the zone is full.

Who? Yes, everybody who isn't already within the zone and as long as the zone is full.

If you're on a 64 bit system and set the zone to 1M, nginx can store up to 16,000 IPs. This means if 16,001 IPs have to be stored that +1 user will receive the first 503 error. The decision is pretty easy, if the B-tree is full, reject.

You can find out the exact implementation by reading the source code of the module: https://github.com/git-mirror/nginx/blob/master/src/http/modules/ngx_http_limit_conn_module.c

Request zones works pretty similar.

Fleshgrinder
  • 3,638
  • 2
  • 16
  • 19
1

Quote from http://forum.nginx.org/read.php?2,233709,233722#msg-233722

The server will be able to track the number of connections for ~16k distinct client IP addresses. If you happen to have that many active clients, then the next connection attempt from the client whose IP is not yet known will attempt to create a new state, that will fail because zone is exhausted and the client will be returned 503.

So if connection count decrease under 16000(or whatever the limit is), future connection will not get 503.

laike9m
  • 117
  • 4
  • I like this answer, because it and the linked forum / mailing list posting indicate that this is not a permanent running record of client IP addresses, but only pertains to active connections. This is the point that I had not seen discussed elsewhere and which really helps in determining the usage and memory limits one might choose to use for limit_conn_zone and limit_req_zone. – user981178 Mar 14 '17 at 19:51