I originally asked:
> The hardware:
>
> SparcServer 20, 96megs of memory, dual 50MHz processors, SunOS 4.1.4,
> quad ethernet connection, about 10gig of disk NFS exported to the rest
> of the department.
>
> The software:
>
> This server is the departmental mail (sendmail 8.7.5), anonymous ftp
> (wu-ftpd 2.4), DNS primary (bind 4.9.3P1), and web (apache 1.0.3) server.
> Since it has four ethernets, we have configured DNS to have the mail
> on one port, anonymous ftp on a second, and web connections on a third
> (NFS and DNS are on all four). This machine does not allow interactive
> logins except for techstaff, and typically runs a load average between
> nil and 4. Mail, ftp, DNS, NFS, and techstaff interactive logins are
> all fine and peppy.
>
> The problem:
>
> We have repeatedly received compaints that our web server is painfully
> slow. I have increased SOMAXCONN as was mentioned in this forum about
> a month ago, but that has not helped. Apache is dynamically determines
> the number of httpd servers to run, and we typically run in the mid teens.
> No one in the department (or even university, as far as we know) has ever
> had a problem with the speed of the web server. The complaints are always
> from remote sites. The complains are exclusively for our web service, and
> never ftp, mail, etc.
>
> If anyone can make suggestions on how to determine, and hopefully fix,
> the problem, I would greatly appreciate it. Thanks much.
The Solutions:
Unfortunately no one had any ideas that I hadn't already tried. However,
for the purposes of the archive and the handful of "me too"s that I got
I'll present a full summary here.
* Perhaps Apache has authentication turned on, causing sites from within
firewalls to silently drop packets. We don't think this is the case,
but we're going to do the next option and check again then.
* Upgrade from Apache 1.0.3 to 1.0.5. We're planning to do this... Who
knows, perhaps the latest version will fix a bug we weren't aware of.
* Don't run httpd from inet, run it standalone. We already do that.
Running your http daemon from inetd is a painfully slow process.
* It could be the size of your network connection to the outside world.
A couple of people suggested that I might be at the end of a 14.4k
baud modem or some such rediculous setup. The University has two T1
connections which, while sometimes get near capacity, have not been
a problem for other departments. When our department server is very
very slow, others on campus are just fine. (And other services to
the department are fine as well).
* Upgrade the server from SunOS 4.1.4 to Solaris 2.5. We're planning to
do that this summer. Aside from better MP performance, it will allow
the NFS service on this machine to go from v2 to v3. It is also possible
to tune TCP services on a Solaris box to optimize for WWW service.
* Increase SOMAXCONN. I've already done so, following the excellent
instructions at http://www.islandnet.com/~mark/somaxconn.html .
* Remote sites could have their proxy services misconfigured. I don't
think this is a problem, since other web servers at this university
respond nice and quickly to the same remote users.
* Perhaps its the individual network interface: try swapping ftp and
www in the DNS. I tried this too (by having the remote users connect
to ftp.cs.uchicago.edu using their web client instead). Exactly the
same results.
* Remove everything else from this machine so that it runs WWW only.
This isn't feasible, since it would require buying another server.
But since the load on this machine is typically quite low, I don't
expect that would solve the problem. The other services on this
machine also do not show any slowdown in performance.
* Could be a problem in DNS name resolution. The fact that the same
problem can be seen when connecting to any of this machine's four names
suggests that that is not the problem.
+-----------------------------------------------------------------------+
| Christopher L. Barnard O When I was a boy I was told that |
| cbarnard@cs.uchicago.edu / \ anybody could become president. |
| (312) 702-8850 O---O Now I'm beginning to believe it. |
| http://www.cs.uchicago.edu/~cbarnard --Clarence Darrow |
| Cyber Rights Now: Accept No Compromise. |
+----------PGP public key available via finger or PGP keyserver---------+
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:00 CDT