Memcached currently have a “per port” setting of the maximum number of client which may be connected to the port. The motivation behind that was that we wanted to keep a pool of connections available to make sure that ns_server could connect to the system (via the 11209 port). Later on when we added support for SSL we didn’t have time to look at the overall model, we just copied the “per port” setting into the new SSL connection. This leads into the following “problem” with the current configuration:
I can have 5000 connections to 11209 (plain, ipv4/6)
I can have 30 000 connections to 11210 (plain, ipv4/6)
I can have 30 000 connections to 11207 (SSL, ipv4/6)
In a deployment which use a mix of SSL and plain clients one may use 60k clients connected to the system (30k of each type), but deployments which only use PLAIN connections may only use 30k connections (trying to use 30 001 would fail, even if we don’t use a single SSL connection).
The configuration file provided to memcached contains two new toplevel keys in the configuration:
|max_connections||A number containing the maximum number of connections allowed to memcached (65k if we use the values in the example above)|
|system_connections||A number reserved for users authenticated as system users. (5k if we use the values in the example above)|
memcached will accept all sockets until we reach max_connections, at that time it'll close the connection immediately. As part of the command validation phase memcached determines if the connection should be disconnected by using the following logic:
- If the connection is represent a system-internal user, leave the connection alone and continue to execute the command.
- If we've exceeded the number of "user" connections (60k in the example above) and used more than half of the system connections the connection is disconnected if it is authenticated or the commad being executed isn't one of Hello, SaslListMech, SaslAuth or SaslStep.