Sign In
Nicholas Allen's Indigo Blog
Windows Communication Foundation From the Inside
Translate This Page
Translate this page
Powered by
Microsoft® Translator
Options
Blog Home
About
Email Blog Author
Share this
RSS for posts
Atom
RSS for comments
Search
Advanced search options...
Search In:
Everything
Blogs
Forums
People
Groups
Places
Pages
Date range:
All Time
Last Year
Last 6 Months
Last 3 Months
Last Month
Last Week
Last Two Days
Tags
Answers
Bindings
Channel Extensibility
Channels
Conferences
Contracts
Debugging
Hosting
HTTP
Indigo
Learning
Message Security
Messages
Net4
Networking
Orcas
Proxies
Releases
Security
Service Architecture
Service Model
Silverlight
TCP/IP
Transport Security
Transports
Archive
Archives
June 2010
(1)
May 2010
(9)
April 2010
(22)
March 2010
(23)
February 2010
(20)
January 2010
(20)
December 2009
(21)
November 2009
(21)
October 2009
(22)
September 2009
(22)
August 2009
(22)
July 2009
(22)
June 2009
(22)
May 2009
(20)
April 2009
(22)
March 2009
(22)
February 2009
(20)
January 2009
(21)
December 2008
(21)
November 2008
(18)
October 2008
(23)
September 2008
(21)
August 2008
(21)
July 2008
(22)
June 2008
(22)
May 2008
(21)
April 2008
(22)
March 2008
(21)
February 2008
(21)
January 2008
(22)
December 2007
(19)
November 2007
(20)
October 2007
(23)
September 2007
(19)
August 2007
(23)
July 2007
(21)
June 2007
(21)
May 2007
(22)
April 2007
(22)
March 2007
(22)
February 2007
(20)
January 2007
(23)
December 2006
(20)
November 2006
(23)
October 2006
(24)
September 2006
(24)
August 2006
(23)
July 2006
(21)
June 2006
(26)
May 2006
(23)
April 2006
(20)
March 2006
(26)
February 2006
(20)
Slicing the Windows Communication Foundation Technology Stack, Part 6
MSDN Blogs
>
Nicholas Allen's Indigo Blog
>
Slicing the Windows Communication Foundation Technology Stack, Part 6
Slicing the Windows Communication Foundation Technology Stack, Part 6
Nicholas Allen
17 Feb 2006 8:00 AM
Comments
2
The
architecture we saw last time
is actually a nice solution to the
original web service problem
. We did end up changing the security mechanism, transfer mode, message arrangement, and transport policy through a couple of different configurations in this series, but all of those individual changes are easy to do with WCF transports. The final solution is actually quite similar to the originally proposed architecture. However, the hardest part is not configuring WCF but knowing what mitigation steps to take for the specific problem you see with your service. A big goal I have with this blog is to disseminate this knowledge out to the world from the team here at Microsoft.
Even with chunking in place, when the number of concurrent users hitting the service starts increasing, we might still get a lot of dropped or incomplete connections. Fortunately, this probably isn't an architecture problem but rather more of the built-in Denial of Service protections we have in WCF. When the server starts quickly dropping connections even though plenty of resources are available, three settings to look at are
ListenBacklog
,
MaxPendingAccepts
, and
MaxInboundConnections
.
ListenBacklog limits the number of prospective connections that the server can have pending. When ListenBacklog is too low, we will stop servicing new connections until the server acknowledges some of the existing connections. This setting is right on the frontline preventing simple DOS attacks caused by flooding the server with lots of new connections.
MaxPendingAccepts limits the number of channels that the server can have waiting on a listener. When MaxPendingAccepts is too low, there will be a small interval of time in which all of the waiting channels have started servicing connections, but no new channels have begun listening. A connection can arrive during this interval and will fail because nothing is waiting for it on the server.
MaxInboundConnections limits the number of incoming connections that the server can be handling simultaneously. When MaxInboundConnections is too low, the server is not able to receive a new request until other requests have finished. If this condition persists for too long, the request will fail because the server didn't complete receiving it in time. Note that we sometimes expose this setting through MaxConnections instead of MaxInboundConnections.
I have a post coming up in a few weeks that clarifies this issue and goes into detail about all of the transport settings.
Next time:
The Old Indigo ABC's
2 Comments
Indigo
,
Service Architecture
Blog - Comment List MSDN TechNet
Comments
Loading...