Hello there,
I’ve a simple query about clients consul connections limits.
I’ve set a limit in my consul Server to 1000 let’s say, shall I change the same value in Clients , what will happen if I set the limits in Consul Client servers to 500 and that limit’s been exceeded while it’s 1000 in Consul server.
Hi @mohammed_sd,
Welcome to the HashiCorp Forums!
The http_max_conns_per_client
configures the limit of how many concurrent TCP connections a single client IP address is allowed to open to the agent’s HTTP(S) server. The client mentioned here is not Consul Clients; it is a request from any IP Address.
There is no relationship between this limit (http_max_conns_per_client
) set on the Client Agents and that of the Server Agents.
Please note that the Consul Clients to the Consul Servers are over RPC (8300/TCP) and not HTTP.
Does this answer your question?
Ref:
1 Like
Hi @Ranjandas and thanks for your reply,
I do still have some doubts here, and hope you can clarify it, thanks in advance.
let’s be limited to Https Server & clients connection’s settings.
as per the parameter here [http_max_conns_per_client]it’s mentioned that the affects in HTTP(S) servers in both client and server agents. Default value is 200
.
so, If my http server max connection limit/client set to 2000, while my http client set to 200, shall I increase the client value instead of 200 to an expected rates of connections , note in mind my http client usually generating around 1000 connections towards my Http server.
Or, no need for such change as the value already increased in Http Server no matter how many connections will be originally generated at the end my server will respond to 2000 only.
Thanks in advance.
Regards,
Hi @mohammed_sd,
Sorry, I didn’t fully understand your question. I think the use of the term http server and http client makes it difficult to differentiate whether you are referring to Consul Agent or an external client that talks to Consul Agents over HTTP.
The http_max_conns_per_client
applies to any application that talks to a Consul Agent (Server or Client) over the HTTP interface (by default, port 8500/HTTP or 8501/HTTPS by convention). This config limits the maximum number of established TCP connections (for HTTP requests) from a single source IP at a given time.
Attached below is a demo of this in action. In the demo, I have a Consul agent with http_max_conns_per_client
set to 3
. Initially, I tried to send 1,000 requests, and all succeeded. The reason is the agent served the requests so fast that there were no more than three connections in flight at any point. Then, I have three long-polling connections, and you can see that the fourth one gets rejected. I hope this helps.
https://asciinema.org/a/K97XRx5L37xIk9NrYTe7eshcx
1 Like
@Ranjandas ,
Thank you very much , it make sense for me, really appreciated the time you spent to record the actions.
it’s an interesting experience, if you could share some extra resources to understand more about differences between fast requests vs long-poling connections that would be appreciated.
you can mark this topic as resolved,
thanks for the assistance.
Hi @mohammed_sd,
The long-polling implementation in Consul is known as Blocking Queries. You can read more about it here: Blocking Queries | Consul | HashiCorp Developer
Many features inside Consul (e.g.: watches) and other products that integrate with Consul use blocking queries to respond to changes inside Consul.
Please note that I used blocking queries as an example to easily show multiple active TCP connections and the effect of the http_max_conns_per_client
config. There are scenarios when the agents are slow to serve the request that end up having multiple parallel connections in-flight that would count towards the max connections.
I hope this answers all your questions.
1 Like
I have configured my consul client and server config with this
limits {
http_max_conns_per_client = 1000
}
But I can still see the waring in my consul-template service logs while I run systemctl status consul-template.
[WARN] (runner) watching 190 dependencies - watching this many dependencies could DDoS your server
Does this message of [WARN] gets disappear or it will keep showing ?
Consul version 1.12.1
consul-template v0.29.2 (06389a3)