Performance Tuning¶
Apache Traffic Server™ in its default configuration should perform suitably for running the included regression test suite, but will need special attention to both its own configuration and the environment in which it runs to perform optimally for production usage.
There are numerous options and strategies for tuning the performance of Traffic Server and we attempt to document as many of them as possible in the sections below. Because Traffic Server offers enough flexibility to be useful for many caching and proxying scenarios, which tuning strategies will be most effective for any given use case may differ, as well as the specific values for various configuration options.
Before You Start¶
One of the most important aspects of any attempt to optimize the performance of a Traffic Server installation is the ability to measure that installation’s performance; both prior to and after any changes are made. To that end, it is strongly recommended that you establish some means to monitor and record a variety of performance metrics: request and response speed, latency, and throughput; memory and CPU utilization; and storage I/O operations.
Attempts to tune a system without being able to compare the impact of changes made will at best result in haphazard, feel good results that may end up having no real world impact on your customers’ experiences, and at worst may even result in lower performance than before you started. Additionally, in the all too common situation of budget constraints, having proper measurements of existing performance will greatly ease the process of focusing on those individual components that, should they require hardware expenditures or larger investments of employee time, have the highest potential gains relative to their cost.
Building Traffic Server¶
While the default compilation settings for Traffic Server will produce a set of binaries capable of serving most caching and proxying needs, there are some build options worth considering in specific environments.
Hardware Tuning¶
As with any other server software, efficient allocation of hardware resources will have a significant impact on Traffic Server performance.
CPU Selection¶
Apache Traffic Server™ uses a hybrid event-driven engine and multi-threaded processing model for handling incoming requests. As such, it is highly scalable and makes efficient use of modern, multicore processor architectures.
Memory Allocation¶
Though Traffic Server stores cached content within an on-disk host database, the entire Cache Directory is always maintained in memory during server operation. Additionally, most operating systems will maintain disk caches within system memory. It is also possible, and commonly advisable, to maintain an in-memory cache of frequently accessed content.
The memory footprint of the Traffic Server process is largely fixed at the time of server
startup. Your Traffic Server systems will need at least enough memory to satisfy basic
operating system requirements, as well as capacity for the cache directory, and
any memory cache you wish to use. The default settings allocate roughly 10
megabytes of RAM cache for every gigabyte of disk cache storage, though this
setting can be adjusted manually in records.yaml
using the setting
proxy.config.cache.ram_cache.size
. Traffic Server will, under the default
configuration, adjust this automatically if your system does not have enough
physical memory to accommodate the aforementioned target.
Aside from the cost of physical memory, and necessary supporting hardware to make use of large amounts of RAM, there is little downside to increasing the memory allocation of your cache servers. You will see, however, no benefit from sizing your memory allocation larger than the sum of your content (and index overhead).
Disk Storage¶
Except in cases where your entire cache may fit into system memory, your cache nodes will eventually need to interact with their disks. While a more detailed discussion of storage stratification is covered in Cache Partitioning below, very briefly you may be able to realize gains in performance by separating more frequently accessed content onto faster disks (PCIe SSDs, for instance) while maintaining the bulk of your on-disk cache objects, which may not receive the same high volume of requests, on lower-cost mechanical drives.
Operating System Tuning¶
Apache Traffic Server™ is supported on a variety of operating systems, and as a result the tuning strategies available at the OS level will vary depending upon your chosen platform.
General Recommendations¶
TCP Keep Alive¶
TCP Congestion Control Settings¶
Ephemeral and Reserved Ports¶
Jumbo Frames¶
Linux¶
FreeBSD¶
OmniOS / illumos¶
macOS¶
Traffic Server Tuning¶
Traffic Server itself, of course, has many options you may want to consider adjusting to
achieve optimal performance in your environment. Many of these settings are
recorded in records.yaml
and may be adjusted with the
traffic_ctl config set
command line utility while the server is operating.
CPU and Thread Optimization¶
Thread Scaling¶
By default, Traffic Server creates one thread per CPU core on the host system. This may
be adjusted with the following settings in records.yaml
:
Thread Affinity¶
On multi-socket servers, such as Intel architectures with NUMA, you can adjust
the thread affinity configuration to take advantage of cache pipelines and
faster memory access, as well as preventing possibly costly thread migrations
across sockets. This is adjusted with proxy.config.exec_thread.affinity
in records.yaml
.:
records:
exec_thread:
affinity: 1
Thread Stack Size¶
Timeout Settings¶
Traffic Server has a variety of timeout settings which may be modified to help tune the performance of various proxy components. In general it is recommended to leave the timeouts at their default values unless you have identified specific causes for an adjustment.
Note that not all proxy configurations will be impacted by every timeout. For instance, if you are not using any hierarchical caching then the parent proxy timeouts will be irrelevant.
While all of the timeouts described below may be set globally for your Traffic Server
instance using records.yaml
, many of them are also overridable on a
per-transaction basis by plugins (including Configuration Remap Plugin).
This allows the possibility for adjusting timeout value for individual subsets
of your cache.
For example, you may wish to be fairly lenient on activity timeouts for most of
your cache, leaving the default at a minute or two, but enforce a much stricter
timeout on a set of very small, incredibly heavily accessed objects for which
you can construct a map
rule with the goal of reducing the chances that a
few bad actors (misconfigured or misbehaving clients) may generate too much
connection pressure on your cache. The trade off may be that some perfectly
innocent, but slow clients may have their connections terminated early. As with
all performance tuning efforts, your needs are likely to vary from others’ and
should be carefully considered and closely monitored.
Default Inactivity Timeout¶
The proxy.config.net.default_inactivity_timeout
setting is applied to
the HTTP state machine when no other inactivity timeouts have been applied. In
effect, it sets an upper limit, in seconds, on state machine inactivity.
In addition to the timeout itself, there is a related statistic:
proxy.process.net.default_inactivity_timeout_applied
which tracks
the number of times the default inactivity timeout was applied to transactions
(as opposed to a more specific timeout having been applied).
CONFIG proxy.process.net.default_inactivity_timeout INT 86400
Accept Timeout¶
The variable proxy.config.http.accept_no_activity_timeout
sets, in
seconds, the time after which Traffic Server will close incoming connections which remain
inactive (have not sent data). Lowering this timeout can ease pressure on the
proxy if misconfigured or misbehaving clients are opening a large number of
connections without submitting requests.
records:
http:
accept_no_activity_timeout: 120
Background Fill Timeout¶
When background fills are enabled,
proxy.config.http.background_fill_active_timeout
sets in seconds the
time after which Traffic Server will abort the fill attempt and close the origin
server connection that was being used. Setting this to zero disables the
timeout, but modifying the value and enforcing a timeout may help in
situations where your origin servers stall connections without closing.
records:
http:
background_fill_active_timeout: 0
DNS Timeouts¶
Traffic Server performs all DNS queries for origin servers through the HostDB subsystem.
Two settings affect the potential frequency and amount of time Traffic Server will spend
on these lookups. proxy.config.hostdb.timeout
is used to establish the
time-to-live, in minutes, for all DNS records and
proxy.config.hostdb.lookup_timeout
sets, in seconds, the timeout for
actual DNS queries.
Setting a higher timeout
value will reduce the number of times Traffic Server needs
to perform DNS queries for origin servers, but may also prevent your Traffic Server
instance from updating its records to reflect external DNS record changes in a
timely manner (refer to proxy.config.hostdb.ttl_mode
for more
information on when this TTL value will actually be used).
records:
hostdb:
lookup_timeout: 30
timeout: 1440
Keepalive Timeouts¶
Traffic Server keepalive timeouts may be set both for maintaining a client connection for
subsequent requests, using
proxy.config.http.keep_alive_no_activity_timeout_in
, as well as origin
server connections for subsequent object requests (when not servable from the
cache) using proxy.config.http.keep_alive_no_activity_timeout_out
.
Both are specified in seconds. Keep in mind that
keep_alive_no_activity_timeout_out
for origin server connections is
effectively an advisory maximum, as the origin server may have its own
keepalive timeout which (if set lower) will likely take precedence.
records:
http:
keep_alive_no_activity_timeout_in: 120
keep_alive_no_activity_timeout_out: 120
Origin Connection Timeouts¶
Origin server connection timeouts are configured with proxy.config.http.connect_attempts_timeout
,
which is applied both to the initial connection as well as any retries attempted,
should an attempt timeout. The timeout applies from the moment Traffic Server begins the
connection attempt until the origin fully establishes a connection (the connection is ready to write).
After the connection is established the value of
proxy.config.http.transaction_no_activity_timeout_out
is used to established timeouts on the data over the connection.
records:
http:
connect_attempts_timeout: 30
Polling Timeout¶
If you are experiencing unusually or unacceptably high CPU utilization during
idle workloads, you may consider adjusting the polling timeout with
proxy.config.net.poll_timeout
.
records:
net:
poll_timeout: 60
SOCKS Timeouts¶
In Traffic Server configurations where SOCKS has been enabled, three timeouts are made
available for tuning. Basic activity timeout for SOCKS server connections may
be adjusted with proxy.config.socks.socks_timeout
, in seconds. Server
connection attempts (initial connections attempts only) are covered by
proxy.config.socks.server_connect_timeout
, again in seconds, and
server connection retry attempts are set with
proxy.config.socks.server_retry_timeout
. Note that the retry timeout
is the timeout for the actual connection attempt on a retry, not the delay
after which a retry will be performed (the delay is configured with
proxy.config.socks.server_retry_time
).
records:
socks:
server_connect_timeout: 10
server_retry_time: 300
server_retry_timeout: 300
socks_timeout: 100
SSL Timeouts¶
Traffic Server offers a few timeouts specific to encrypted connections handled by the SSL engine.
proxy.config.ssl.handshake_timeout_in
configures the time, in seconds,
after which incoming client connections will abort should the SSL handshake not
be completed. A value of 0
will disable the timeout.
When OCSP Stapling is enabled in Traffic Server, you can configure two
separate timeouts; one for setting the length of time which cached OCSP results
will persist, specified in seconds using
proxy.config.ssl.ocsp.cache_timeout
, and the timeout for requests to
the remote OCSP responders, in seconds, with
proxy.config.ssl.ocsp.request_timeout
.
Lastly, you can control the number of seconds for which SSL sessions will be
cached in Traffic Server using proxy.config.ssl.session_cache.timeout
.
records:
ssl:
handshake_timeout_in: 30
ocsp:
cache_timeout: 3600
request_timeout: 10
session_cache:
timeout: 0
Transaction Activity Timeouts¶
Traffic Server specifies two sets of general transaction activity timeouts: a pair for
active transactions, and a pair for inactive connections (ones which are not
receiving or sending data during the timeout period). Each pair includes one
timeout for client connections (the _in
variant) and another for origin
server transactions (_out
variants).
For active transactions,
proxy.config.http.transaction_active_timeout_in
and
proxy.config.http.transaction_active_timeout_out
set the maximum time,
in seconds, which Traffic Server will spend sending/receiving data with a client or
origin server, respectively. If the data transfer has not completed within the
time specified then the connection will be closed automatically. This may
result in the lack of a cache update, or partial data transmitted to a client.
proxy.config.http.transaction_active_timeout_out
is disabled (set to 0
) by default.
proxy.config.http.transaction_active_timeout_in
is set to 900 seconds by default.
In general, it’s unlikely you will want to enable either of these timeouts globally, especially if your cache contains objects of varying sizes and deals with clients which may support a range of speeds (and therefore take less or more time to complete normal, healthy data exchanges). However, there may be configurations in which small objects need to be exchanged in very short periods and you wish your Traffic Server cache to enforce these time restrictions by closing connections which exceed them.
The variables proxy.config.http.transaction_no_activity_timeout_in
and
proxy.config.http.transaction_no_activity_timeout_out
control the
maximum amount of time which Traffic Server will spend in a transaction which is stalled
and not transmitting data, for clients and origin servers respectively.
Unlike the active transaction timeouts, these two inactive transaction timeout values prove somewhat more generally applicable.
records:
http:
transaction_active_timeout_in: 900
transaction_active_timeout_out: 0
transaction_no_activity_timeout_in: 30
transaction_no_activity_timeout_out: 30
WebSocket Timeouts¶
Traffic Server provides two configurable timeouts for WebSocket connections. The setting
proxy.config.websocket.no_activity_timeout
will establish the maximum
length of time a stalled WebSocket connection will remain before Traffic Server closes
it. proxy.config.websocket.active_timeout
sets the maximum duration
for all WebSocket connections, regardless of their level of activity.
records:
websocket:
active_timeout: 3600
no_activity_timeout: 600
Memory Optimization¶
proxy.config.thread.default.stacksize
proxy.config.cache.ram_cache.size
Disk Storage Optimization¶
proxy.config.cache.force_sector_size
proxy.config.cache.max_doc_size
proxy.config.cache.target_fragment_size
Cache Partitioning¶
Network Tuning¶
proxy.config.net.connections_throttle
Error responses from origins are consistent and costly¶
If error responses are costly for your origin server to generate, you may elect to have Traffic Server cache these responses for a period of time. The default behavior is to consider all of these responses to be uncacheable, which will lead to every client request resulting in an origin request.
This behavior is controlled by both enabling the feature via
proxy.config.http.negative_caching_enabled
and setting the cache time
(in seconds) with proxy.config.http.negative_caching_lifetime
. Configured
status code for negative caching can be set with proxy.config.http.negative_caching_list
.
records:
http:
negative_caching_enabled: 1
negative_caching_lifetime: 10
negative_caching_list: 204 305 403 404 414 500 501 502 503 504
SSL-Specific Options¶
proxy.config.ssl.max_record_size
proxy.config.ssl.session_cache.enabled
proxy.config.ssl.session_cache.size
Thread Types¶
Logging Configuration¶
Plugin Tuning¶
Common Scenarios and Pitfalls¶
While environments vary widely and Traffic Server is useful in a great number of different situations, there are at least some recurring elements that may be used as shortcuts to identifying problem areas, or realizing easier performance gains.