Skip to content

Reduce memory with many TLS connections #9761

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 23, 2023
Merged

Reduce memory with many TLS connections #9761

merged 1 commit into from
Oct 23, 2023

Conversation

ansd
Copy link
Member

@ansd ansd commented Oct 23, 2023
edited
Loading

By default, hibernate the SSL connection after 6 seconds, reducing its memory footprint. This reduces memory usage of RabbitMQ by multiple GBs with thousands of idle SSL connections.

This commit chooses a default value of 6 seconds because that hibernate_after value is currently hard coded for rabbit_writer.
rabbit_mqtt_reader uses 1 second, rabbit_channel uses 1 - 10 seconds.

This value can be overriden by advanced.config, similar to:

[{rabbit, [
    {ssl_options, [
        {hibernate_after, 30000},
        {keyfile, "/etc/.../server_key.pem"},
        {certfile, "/etc/.../server_certificate.pem"},
        {cacertfile, "/etc/.../ca_certificate.pem"},
        {verify,verify_none}
    ]}
]}].

See https://www.erlang.org/doc/man/ssl.html#type-hibernate_after

When an integer-value is specified, TLS/DTLS-connection goes into
hibernation after the specified number of milliseconds of inactivity,
thus reducing its memory footprint. When undefined is specified
(this is the default), the process never goes into hibernation.

Relates
#5346
https://groups.google.com/g/rabbitmq-users/c/be8qtkkpg5s/m/dHUa-Lh2DwAJ

Thanks to @mkuratczyk for suggesting that setting!

@ansd
Reduce memory with many SSL connections
512aaa5 
By default, hibernate the SSL connection after 6 seconds, reducing its memory footprint.
This reduces memory usage of RabbitMQ by multiple GBs with thousands of
idle SSL connections.

This commit chooses a default value of 6 seconds because that hibernate_after
value is currently hard coded for rabbit_writer.
rabbit_mqtt_reader uses 1 second, rabbit_channel uses 1 - 10 seconds.

This value can be overriden by advanced.config, similar to:
```
[{rabbit, [
    {ssl_options, [
        {hibernate_after, 30000},
        {keyfile, "/etc/.../server_key.pem"},
        {certfile, "/etc/.../server_certificate.pem"},
        {cacertfile, "/etc/.../ca_certificate.pem"},
        {verify,verify_none}
    ]}
]}].
```

See https://www.erlang.org/doc/man/ssl.html#type-hibernate_after
```
When an integer-value is specified, TLS/DTLS-connection goes into
hibernation after the specified number of milliseconds of inactivity,
thus reducing its memory footprint. When undefined is specified
(this is the default), the process never goes into hibernation.
```

Relates
#5346
https://groups.google.com/g/rabbitmq-users/c/be8qtkkpg5s/m/dHUa-Lh2DwAJ
@ansd ansd added this to the 3.13.0 milestone Oct 23, 2023
@ansd ansd marked this pull request as ready for review October 23, 2023 13:21
@michaelklishin michaelklishin merged commit d9f2e8c into main Oct 23, 2023
@michaelklishin michaelklishin deleted the hibernate-ssl branch October 23, 2023 14:48
@michaelklishin michaelklishin changed the title Reduce memory with many SSL connections Reduce memory with many TLS connections Jan 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michaelklishin michaelklishin michaelklishin approved these changes

@mkuratczyk mkuratczyk Awaiting requested review from mkuratczyk

@lhoguin lhoguin Awaiting requested review from lhoguin

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.13.0
Development

Successfully merging this pull request may close these issues.
2 participants
@ansd @michaelklishin