Performance Tuning Guidelines for Large Deployments

Revision as of 03:02, 18 May 2007 by Quanah (talk | contribs) (Add example output from db_stat -c)

To achieve top ZCS performance, you may need to modify the operating system (OS) settings on your server and fine-tune ZCS after it is installed. Note: The Best Practices described in this guide are designed for large ZCS deployments, usually sites with more than 2000 users.

Operating System Configuration and Hardening

General Note about using 32-bit or 64-bit Operating System

Under a 32-bit Linux kernel, a process can have a maximum address space of 4GB. With PAE (Physical Address Extension), a 32-bit kernel can address more than 4GB, but this is not useful for ZCS because only 4GB is allowed per process.

By default for ZCS, only 2GB of user space is allowed in a 32-bit kernel. This limits performance in large deployments.

Therefore, Zimbra recommends 64-bit operating systems for sites with more than 2000 users so that both MySQL and JVM can be given larger memory to work with if needed. Zimbra recommends 64-bit operating systems be used on the LDAP servers for the increased RAM addressing ability.

OS packages

When you install the operating system, you should only install packages that are required. Zimbra highly recommends that you review the packages installed on the server and turn off those that you do not need. If you do not recognize a service, consult your Linux documentation.

To see a list of all services on your server, run chkconfig --list. Review the list and turn off or remove services you do not need, including NFS, RPC, and mail services.

The following services must be OFF

autofs

AutoFS-Automounter, this automatically mounts file systems on demand.

cups

Common Unix Printer System.

netfs

Used in support of exporting NFS shares.

rpcgssd, rpcidmapd

These are NFS daemons used for NFS and Samba.

sendmail

All mail services, such as exim, sendmail, system postfix, IMAP and Qmail should be off or removed.

The following services must be On

sshd

SSH daemon.

syslog

Handles logging of system events. Logs autorotate and will not fill your hard drive.

systat

System performance tool for Linux.

xfs

Font server for X Windows. Turning off xfs prevents the virtual X process from starting on the server.xfs Note. Zimbra does not recommend running GUI processes on server boxes. Zimbra does need a virtual X processes for attachment conversions in the Network version, but that should be just one process and it is not started through the init/service mechanism.

NFS Consideration

Network File Systems (NFS) should not be used with ZCS services, as it will greatly impact performance. For security, Zimbra recommends that NFS be turned off.

Increase maximum open file descriptors

For high load conditions, the default limit of 1024 file descriptors is insufficient. We recommend that the following two lines be added to /etc/security/limits.conf on all servers configured with ZCS software to increase the limit.

  • zimbra soft nofile 10000
  • zimbra hard nofile 10000

Avoid port conflicts

The following ports are used by ZCS. If you have any other services running on these ports, turn them off.

Port

Postfix

25

HTTP

80

POP3

110

IMAP

143

LDAP

389

HTTPS

443

Secure SMTP (Beginning with ZCS 4.5.5)

465

Tomcat IMAP SSL

993

Tomcat POP SSL

995

Tomcat LMTP

7025

convertd

7047

mysqld

7306

logger mysqld

7307

amavisd

10024

postfix answering amavis

10025

Install diagnostic tools

The following are recommended diagnostic tools.

lsof

Lists information about files opened by processes.

tcpdump

Prints out headers of packets on a network interface.

iostat

Used to monitor system input/output activities.

vmstat

Used to report virtual memory statistics.

pstack

Used to trace the thread status of a process and for deadlocks detection.

strace

Traces system calls and signals.

File System Tuning

We recommend the ext3 file system for Linux deployments. The following file system tuning is required for your mail servers and recommended for the other servers. Options and performance characteristics change all the time. Please read the latest ext3 documentation.

To create a file system, use mke2fs and the following arguments.

Note: Running mke2Fs will wipe out any files on a partition. Make sure that you create the file system in the correct partition.

-j

Create the file system with an ext3 journal.

-L SOME_LABEL

Create a new volume label. Refer to the labels in /etc/fstab.

-O dir_index

dir_index - Use hashed b-trees to speed up lookups in large directories.

-m 2

Only 2% needs to be reserved for root.

-i 10240

For the message store, -i should be the average message size. Specify 1024 inode for every 10K of data. The larger the bytes-per-inode ratio, the fewer inodes will be created. Note: It is not possible to expand the number of inodes on a file system after it is created.

-J size=400

Create a large journal.

-b 4096

Specifies the block size in bytes.

-R stride=16

The -R stride flag is used to tell the file system about the size of the RAID stripes. Knowing the size of a stripe allows mke2fs to allocate the block and inode bitmaps so that they do not all end up the same physical drive. Stride * block size should be equal to RAID stripe size. For example 4k blocks, 128k RAID stripes would set stride=32.

Important: Do not configure RAID5. RAID5 is not acceptable for use with ZCS in production environments.

Network Stack Tuning

TCP/IP configuration values are stored in the /proc/sys/net/ipv4 directory and typically accept a value or are turned on or off with "1" (on) or "0" (off).

For ZCS, the TCP default settings should be changed as described below.

Note: *-tw in the setting refers to “TIME_WAIT”. When a TCP connection ends without an explicit close, the OS puts the connection into TIME_WAIT state. Various RFCs specify how long to wait, but in practice, it can pay to be more aggressive.

net.ipv4.tcp_fin_timeout=15

net.ipv4.tcp_tw_reuse=1

net.ipv4.tcp_tw_recycle=1

These changes should be added to the runtime commands file, /etc/'sysctl.conf', so that the changes are enacted at each boot.

ZCS Tuning

For better performance change the following applications defaults. After you make these changes you will need to restart the server (zmcontrol stop; zmcontrol start).

Important: When you upgrade ZCS, you will need to make these changes again. Upgrading overrides your changes.

Zimbra MTA Settings

Postfix

Change the postfix process limit setting in the ZCS postfix directory, /opt/zimbra/postfix, from the 100 (default) to 200.

postconf -e default_process_limit=200

Note: If you change this Postfix setting, you may need to set the zimbraLmtpNumThreads setting higher.

Amavisd

IMPORTANT: Changes to Amavisd should only be made on dedicated MTA servers.

Change the following amavisd settings in /opt/zimbra/postfix/conf/master.cf.

smtp-amavis unix - - n - 20 smtp

Change the following amavisd settings in /opt/zimbra/conf/amavisd.conf.in.

$max_servers = 20

Then run the following command.

postconf -e default_destination_concurrency_limit=20

Zimbra LDAP Settings

As a best practice, we recommend that you set up one LDAP replica for each MTA. The following settings will need to be on both the master LDAP server and the replica servers.

For peak performance, the following settings in the /opt/zimbra/conf/'slapd.conf.in' file may need to be modified.

Add a command to set the thread count to 8. The default is 16. Type the directives on the line above the pidfile... line

threads 8

Add a command to set the idletimeout to 5. Idletimeout is disabled by default (that is it is set to 0).

idletimeout 5

Change the cachesize. The number set should be the number of configured active accounts and the number of configured active domains. The default is 10000. To find this command in slapd.conf.in, look for the following line and change the cachesize.

# number of entries to keep in memory
cachesize 50000

Important: You must restart the LDAP server after you make these changes.

If you have more than 100 domains, we suggest adjusting the following localconfig LDAP cache settings:

ldap_cache_domain_maxsize. This sets the cache of the number of domains in the server. The default is 100. If more than 100 domains are configured, you should adjust this to the lower of the number of domains you have configured and 30,000. For example, with 45,000 domains, set as ldap_cache_domain_maxsize=30000.

zmlocalconfig ldap_cache_domain_maxsize=30000

Configuring the BDB subsystem to increase LDAP server performance

BDB is the underlying high-performance transactional database used to store the LDAP data. Proper configuration of this database is essential to maintaining a performant LDAP service. There are several parameters involved in tuning the underlying BDB database. This always involves editing the DB_CONFIG file. Modifications to the DB_CONFIG file require a restart of the LDAP server before they are picked up, and should be made to both master and replica servers.

.

You can increase LDAP server performance by adjusting the BDB backend cache size to be at or near the size of your data set. This is subject to the limit of 4 GB for 32 bit and 10 TB for 64 bit, and the amount of RAM you have. The size of the data set is the sum of the Berkeley DataBase (BDB) files in
/opt/zimbra/openldap-data. To increase the cache size, add (or replace) the following line to the DB_CONFIG file in /opt/zimbra/openldap-data/. The following would set the database in-memory cachesize to 500MB.

set_cachesize 0 524288000 1

Note: The format for the set_cachesize command is <gigabytes> <bytes> <segments>

Note: On 32 bit systems, when setting cachesize greater than 2 GB, the cachesize must be split across multiple segments, such that no one segment is larger than 2 GB. For example, for 4 GB, to split across multiple segments, you would type

set_cachesize 4 0 2

.

As part of the transaction interface, BDB uses a number of locks, lockers, and lock objects. The default value for each of these parameters is 1000. How many of each are being used depends on the number of entries and indices in the BDB database. The /opt/zimbra/sleepycat/bin/db_stat -c -h /opt/zimbra/openldap-dataǀhead -n 12 command can be used to determine current usage. The following entries in DB_CONFIG would increase the number of locks to 3000, the lock objects to 1500, and the lockers to 1500.

Example Output:
5634 Last allocated locker ID.
2147M Current maximum unused locker ID.
9 Number of lock modes.
3000 Maximum number of locks possible.
1500 Maximum number of lockers possible.
1500 Maximum number of lock objects possible.
93 Number of current locks.
1921 Maximum number of locks at any one time.
483 Number of current lockers.
485 Maximum number of lockers at any one time.
93 Number of current lock objects.
1011 Maximum number of lock objects at any one time.

set_lk_max_locks 3000
set_lk_max_objects 1500
set_lk_max_lockers 1500

Zimbra Mailbox Server Settings

To improve performance the following may need to be modified. These settings can be set on both the global and server level. You should change the settings on the server.

POP3 threads. If POP3 service is refused or times out, increase the total number of assigned POP3 threads upward. The default is 20.

zmprov ms <localservername> zimbraPop3NumThreads 30

IMAP threads. If IMAP service is refused or times out, increase the total number of assigned IMAP threads upward. The default is 200.

zmprov ms <localservername> zimbraImapNumThreads 2000

LMTP threads. If mail is backing up in the queue, adjust the LMTP threads upwards to handle a larger number of simultaneous connections from your MTA servers. The default is 10. For large volume sites, you may need to set this at 100. Sites with large deployments should make this change before going live.

zmprov ms <localservername> zimbraLmtpNumThreads 100

Note: If the system is running out of memory and crashing, specifically, this means tomcat is running out of memory.

Important: You must stop and restart the Zimbra server after making these changes.

Changing Index settings

Some ZCS deployments may need to have the default index LRU and flush settings modified. With a small LRU (Least Recently Used) setting, you reduce Java heap consumption at the expense of increased IO writes to Lucene index directory/volume. If you have fast disks, you should tend toward smaller LRU. But if your disks are slow, increased index flushing can overwhelm the disks and the server becomes IO bound.

In short, configure a smaller LRU if memory is the bottleneck. Use a larger LRU if disk (for Lucene files) is the bottleneck.

Because many factors, such as amount of RAM, disk count/speed, load characteristics, etc, are involved in setting the index LRU size for best performance, we cannot recommend specific settings. Optimum value can only be determined through trial and error.

You would change the settings with the following commands

zmlocalconfig -e zimbra_index_lru_size=<number>zmloclconfig -e zimbra_index_idle_flush_time=<number>

Monitoring

You can monitor the mail queues for delivery problems from the administration console, Monitoring Mail Queues page. To view the queues from the command line, as zimbra type sudo -/libexec/zmqstat.

You should install port monitoring software to monitor IMAP and POP3 performance.

Backup and Recovery

The Network Edition of ZCS includes full backup and restore functionality. When ZCS is installed, a backup schedule is automatically added to the cron table. You can change the schedule, but you should not disable it. Backing up the server on a regular basis can help you quickly restore your mail service if an unexpected crash occurs.

The default full backup is scheduled for 1:00 a.m. every Sunday and the default incremental backups are scheduled for 1:00 a.m. Monday through Saturday. Backups are stored in /opt/zimbra/backup. You will need to make sure that this backup is on a different disk and partition than your data and set up the process to automatically copy the zmbackups offsite or to a different machine or tape backup to minimize the possibility of unrecoverable data loss in the event that the backup disk fails.

Backup and restore is documented in the Administrator’s Guide and more information can be found on the Zimbra wiki.

--------------------------------------------------------------------------------

.7

Jump to: navigation, search