The Curity Identity Server allows controlling various settings regarding incoming connections for each service-role.
This is specially important in case the server finds itself under a heavy load, as incorrect settings could lead the server to become unresponsive and all but stop accepting new connections.
The following settings are available:
The maximum number of concurrent connections that the service can accept. If this value is exceeded, the server may stop accepting new connections, which means it may seem unresponsive until some of the accepted connections complete or timeout.
Tip
Some Linux distributions limit the number of connections via /proc/sys/net/core/somaxconn. That value supersedes this setting. Consult your distribution documentation for how to update that.
/proc/sys/net/core/somaxconn
The maximum number of pending connections. If 0 (the default), a system-specific default is used. This setting is provided to the Operating System, hence behaviour may differ depending on which system is used.
On Linux, consult your distribution man page for int listen(int sockfd, int backlog) from sys/socket.h to understand the behaviour of the backlog parameter.
int listen(int sockfd, int backlog)
sys/socket.h
backlog
Maximum amount of time, in seconds, a connection may remain open while idle.
Maximum amount of time, in seconds, a connection may remain open while idle while the maximum number of accepted connections has been exceeded.
Note
Curity has sane defaults for all these settings, but adjusting their values may be necessary to achieve specific goals regarding resilience and responsiveness.
See the full configuration reference at Connections.