Web Policy Agents 2023.6

Connection pooling

Use a connection pool between Web Agent and AM to cache and reuse connections, and so reduce the overhead of creating new connections. The agent can use an array of connections concurrently, with multiple request threads.

To enable connection pooling, set Enable Connection Pooling to true. Test and tune the performance of your deployment with connection pooling before you use it in a production environment.

The following image shows the architecture of a connection pool:

Connection pool

The following image shows the flow of information when a request is treated in a connection pool:

connection-pool

When a client makes a request, the agent intercepts the request and uses the connection pool to connect to AM. If a connection is available, the agent uses that connection. The client is unaware of the connection reuse.

If a connection is not available, and fewer than 1024 connections are in use, the agent creates and uses a new connection. If 1024 connections are already in use, the request waits until an existing connection is released, or a new connection can be created.

When 1024 connections are in use, the agent creates additional temporary connections. Connections can be closed by AM/IDC, but the agent reopens them when it detects that they are closed.

When the request is complete, the agent closes the connection to the pool, but retains the physical connection. The connection is then available to requests with the same connection parameters.

Consider the following points for connection pooling:

  • The connection pool can contain up to 1024 cached connections

  • When more than 1024 connections are required, the agent creates temporary connection.

  • By default, connections timeout after four seconds of waiting for a response. To change this value, configure Connection Timeout

  • Tune Connection Timeout so that it is:

    • Long enough for systems to respond, and therefore prevent unnecessary failures

    • As short as possible to minimize the time to wait after a network failure

  • To reduce the overhead of making new connections and SSL handshakes, set the HTTP keep-alive headers for AM containers or reverse proxies to longer than Connection Timeout.

Copyright © 2010-2023 ForgeRock, all rights reserved.