HI,
I'm trying to scale out a openldap server deployment to serve around 100K users. I plan on having a master server and using syncrepl to create slaves that sit behind a load-balancer. Is there a good rule of thumb to abide by when creating a scenario like this? How many authentications/sec can a server typically handle? I've seen the benchmark comparisons ( http://www.usenix.org/event/lisa07/htgr_files/chu.pdf) that have been posted by Howard, but it doesn't say what the system specs were that the tests were performed on? I will have pretty beefy systems to use (lots of RAM and CPU)...
Thanks!!
Brian Zuromski wrote:
HI,
I'm trying to scale out a openldap server deployment to serve around 100K users. I plan on having a master server and using syncrepl to create slaves that sit behind a load-balancer. Is there a good rule of thumb to abide by when creating a scenario like this? How many authentications/sec can a server typically handle? I've seen the benchmark comparisons (http://www.usenix.org/event/lisa07/htgr_files/chu.pdf) that have been posted by Howard, but it doesn't say what the system specs were that the tests were performed on? I will have pretty beefy systems to use (lots of RAM and CPU)...
The test showing ~35,000 auths/second on 100Mbit ethernet was done using a Celestica A8440 with 4 Opteron 875s. The test was network-limited, the CPUs were pretty idle. The machine had 16GB of RAM.
Howard great thanks!! 32 or 64 bit OS? Can you share the tuning you made to get the results?
On Mon, Oct 12, 2009 at 4:26 AM, Howard Chu hyc@symas.com wrote:
Brian Zuromski wrote:
HI,
I'm trying to scale out a openldap server deployment to serve around 100K users. I plan on having a master server and using syncrepl to create slaves that sit behind a load-balancer. Is there a good rule of thumb to abide by when creating a scenario like this? How many authentications/sec can a server typically handle? I've seen the benchmark comparisons (http://www.usenix.org/event/lisa07/htgr_files/chu.pdf) that have been posted by Howard, but it doesn't say what the system specs were that the tests were performed on? I will have pretty beefy systems to use (lots of RAM and CPU)...
The test showing ~35,000 auths/second on 100Mbit ethernet was done using a Celestica A8440 with 4 Opteron 875s. The test was network-limited, the CPUs were pretty idle. The machine had 16GB of RAM.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
Brian Zuromski wrote:
Howard great thanks!! 32 or 64 bit OS? Can you share the tuning you made to get the results?
64 bit, running a Linux 2.6.26 kernel. No special config; since the authentication test is a read-only test all that matters is getting all the entries into cache and indexing the attributes used in a username-to-DN lookup (objectclass and uid) - very ordinary config. You don't have to get into any exotic tuning for a server on such a slow network.
On gigabit ethernet it was a bit more challenging - at maximum load the ethernet driver completely consumed 100% of a CPU core so at that point the server was CPU limited instead of network limited. Also in that case I had to pin slapd threads to specific CPU cores to get peak performance. Letting the Linux scheduler assign threads randomly to cores cost about 10-15% of performance. (There are no slapd config mechanisms for this; you just do it by hand on the commandline using taskset.) At any rate, the slapd code was never the bottleneck in any of these tests.
On Mon, Oct 12, 2009 at 4:26 AM, Howard Chu <hyc@symas.com mailto:hyc@symas.com> wrote:
Brian Zuromski wrote: HI, I'm trying to scale out a openldap server deployment to serve around 100K users. I plan on having a master server and using syncrepl to create slaves that sit behind a load-balancer. Is there a good rule of thumb to abide by when creating a scenario like this? How many authentications/sec can a server typically handle? I've seen the benchmark comparisons (http://www.usenix.org/event/lisa07/htgr_files/chu.pdf) that have been posted by Howard, but it doesn't say what the system specs were that the tests were performed on? I will have pretty beefy systems to use (lots of RAM and CPU)... The test showing ~35,000 auths/second on 100Mbit ethernet was done using a Celestica A8440 with 4 Opteron 875s. The test was network-limited, the CPUs were pretty idle. The machine had 16GB of RAM.
Howard great thanks!! 32 or 64 bit OS? Can you share the tuning you made to get the results?
On Mon, Oct 12, 2009 at 4:26 AM, Howard Chu hyc@symas.com wrote:
Brian Zuromski wrote:
HI,
I'm trying to scale out a openldap server deployment to serve around 100K users. I plan on having a master server and using syncrepl to create slaves that sit behind a load-balancer. Is there a good rule of thumb to abide by when creating a scenario like this? How many authentications/sec can a server typically handle? I've seen the benchmark comparisons (http://www.usenix.org/event/lisa07/htgr_files/chu.pdf) that have been posted by Howard, but it doesn't say what the system specs were that the tests were performed on? I will have pretty beefy systems to use (lots of RAM and CPU)...
The test showing ~35,000 auths/second on 100Mbit ethernet was done using a Celestica A8440 with 4 Opteron 875s. The test was network-limited, the CPUs were pretty idle. The machine had 16GB of RAM.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
openldap-technical@openldap.org
-
Brian Zuromski -
Howard Chu