Re: Difference between "-c" and "-x"

From: Brian Candler <>
Date: Fri, 28 Mar 2008 11:16:03 +0000

On Fri, Mar 28, 2008 at 10:59:31AM +0100, Roberto Suarez Soto wrote:
> I think I don't fully grasp the difference between "-c" (max. number of
> clients) and "-x" (max. number of connections), and I'd like to confirm here
> just to be sure. We're having troubles with pen at one customer, and I think
> maybe I'm not understanding correctly how they work.

IIUC: "Max. number of clients" (-c) is the size of the clients table for
sticky associations. If you're using roundrobin loadbalancing (-r) then it
doesn't matter. If the clients table fills, then an old entry is dropped to
make way for a new client.

Now, if you consider pen like a TCP "patch panel" betwen incoming
connections and backend servers, then -x is the maximum number of
simultaneous patches in place at any one time. If further incoming
connections arrive, they are accepted but not patched through until one of
the existing patches is closed.

> "Max. number of clients" (-c) should be the maximum number of different IPs
> that can connect to pen. So if I have "-c 2", and two clients connected, the
> the third will be dropped.

It won't be dropped, but the sessions table will drop an old entry. Try

  (In one terminal)
  pen -f -d -c 2 -x 5 -C 8887 8888

  (Check status in another terminal)
  penctl status

  (From three different IP addresses)
  telnet x.x.x.x 8888

You'll see that all three connections are accepted and work, but only the
last two are kept in the 'clients' table. This means if the first client
disconnects and reconnects, it can't be guaranteed to be directed to the
same backend server.

> "Max. number of connections" (-x) should be the maximum number of connections
> allowed ... per client? Or per server?

In total. This time try:

  pen -f -d -c 5 -x 2 -C 8887 8888

Now open three simultaneous connections (they can be from the same host)

  telnet x.x.x.x 8888

All three are accepted. However checking the pen status (or with netstat),
you'll see that pen has only opened two connections to the backend.

If you type a request like this on the third telnet connection you opened:

  GET / HTTP/1.0
  <blank line>

you'll see that nothing happens, *until* you close one of the first two
telnet sessions, at which point the request is handled (i.e. a new
connection is made to the backend server, the data sent down it, and the
response relayed)

> In the former case, using "-x 5", a
> client that tries to establish a sixth connection will be denied

It's accepted but the data transfer is blocked until some point in the

Note that there's a third type of limit: the one you set on each backend
server. If pen hits the limit for all backends before hitting the -x limit,
and don't have an emergency (-e) server configured, then pen will accept
further client connections but disconnect them instantly.

> I'm a bit confused with this (and hope not to have confused you too with my
> theories). Could someone shed some light on this, please? Thanks in
> advance :-)

Hope this helps... I'm still working it out myself :-)


Received on Fri Mar 28 2008 - 12:16:21 CET

This archive was generated by hypermail 2.2.0 : Fri Mar 28 2008 - 12:16:22 CET