In the past, HTTP Servers such as IIS, Apache, and other applications on Winodws, relied on the Winsock API running in User mode for creating what is known as a network listener.
When was HTTP.SYS introduced?
Starting with IIS6 on Windows Server 2003 SP1 and Windows XP SP2, Microsoft introduced a new HTTP listener. The HTTP listener is implemented as a kernel-mode device driver called the HTTP protocol stack (HTTP.sys). HTTP.sys is part of the networking subsystem of the Windows operating system, as a core component.
What’s good about Https.sys?
Robustness - Requests are processed faster because they are routed directly from the kernel to the appropriate user-mode worker process instead of being routed between two user-mode processes
Reliability - When a worker process fails, service is not interrupted; the failure is undetectable by the user because the kernel queues the requests while the WWW service starts a new worker process for that application pool.
Caching - static content is cached Kernel level providing even greater response
Logging Support - this is the IIS log capability that is now streamlined and faster, it is also text-based.
Bandwidth Control - It Implementes Quality of Service (QoS) functionality, which includes connection limits, connection timeouts, queue-length limits, and bandwidth throttling.
IP Port reuse - more than one application can listen on Port 80 - or any IP port leveraged within the Http.sys Kernel mode driver.
How does How HTTP.sys Works?
Once you create a new website or host a new WCF service in IIS , IIS registers the site/service with HTTP.sys, which then receives any HTTP requests for the site/service. HTTP.sys functions like a forwarder, sending the HTTP requests it receives to the request queue for the user-mode process that runs the Web site or the WCF service. HTTP.sys also sends responses back to the client.
While Http.sys retrieve stored responses from its internal cache, HTTP.sys does not process the requests that it receives. Therefore, no application-specific code is ever loaded into kernel mode. Which is good because bugs in application-specific code cannot affect the kernel or lead to system failures.
How to Configuring HTTP.SYS?
You can create the new DWORD values or modify them under the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\HTTP\Parameters
Which will be covered in details in another post.
Why does my website or http based WCF service stop responding sometimes in IIS 6 althought the application is started and the app pool is started, and no errors are being logged to the events log?
Most likely you have some kernal driver leaking non-paged pool (NPP) memory. HTTPS.SYS has a threshold for the minimum NPP memory free to use, if the available NPP is less than the required threshold HTTP.SYS stops responding. The easiest way to profile this issue is to check Httperr.log, the default location is: %WinDir%\system32\LogFiles\HTTPERR\
If you see something similar to this: Number_Connections_refused, that means that HTTP.SYS stopped responding because the avilable NPP fell below its minimum threshold.
Monday, May 18, 2009
Thursday, April 30, 2009
WCF NetTcp services and net TCP port sharing
WCF provides a TCP-based network protocol (net.tcp://) for high-performance communication. WCF also introduced the Net.TCP Port Sharing Windows Service (SMSvcHost.exe )that enables net.tcp ports to be shared across multiple user processes. The Net.TCP Port Sharing Service accepts net.tcp:// connections on behalf of the worker processes that connect through it. When a socket connection arrives, the port sharing service inspects the incoming message stream to find its destination address. Based on this address, the port sharing service can route the data stream to the application that ultimately processes it.
When a WCF service that uses net.tcp:// port sharing opens, the WCF TCP transport does not directly open a TCP socket in the application process. Instead, the transport registers the service’s base address URI with the Net.TCP Port Sharing Service and waits for the port sharing service to listen for messages on its behalf. The port sharing service dispatches messages addressed to the application service as they arrive.
When you expose a WCF service using NetTcpBinding, there is a property on the binding called “PortSharingEnabled”
// configure a binding with TCP port sharing enabled
NetTcpBinding binding = new NetTcpBinding();
binding.PortSharingEnabled = true;
If you target for example using port 15138 and port sharing is not allowed and another application is already using port 15138, this service would throw a “System.ServiceModel.AddressAlreadyInUseException” when opened.
The default path of SMSvcHost.exe is: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ ". The root directory also contains a configuration file called SMSvcHost.exe.config.
SMSvcHost.exe.config manages the list of all those processes that might use the port sharing feature and list of user accounts that can run this Windows Service. By default, permission to use the port sharing service is granted to system accounts (LocalService, LocalSystem, and NetworkService) as and to the Administrators group.
On windows vista or windows 7, if you don’t turn off the UAC feature, even members of the Administrators group cannot use the port sharing service without elevated permissions. To allow these users to make use of the port sharing service without elevation, the user's SID , or the administrative group SID must be explicitly added to thesection of SMSvcHost.exe.config.
MaxPendingAccept is a socket-level property that describes the number of "pending accept" requests to be queued. The default value is 2. According to the WCF Team, you shouldn’t increase “maxPendingAccepts” too much. Up to 10 would be a good number. It means it spawns 10 concurrent threads to pull connections.
MaxPendingConnections This limits the number of simultaneous client connections awaiting dispatch. If this value is too low, client connection attempts may be rejected by the service. If it is too high, the service may appear slow or unresponsive to clients during heavy load periods. This property should be set to a value that allows the service to run at full capacity, and no higher.
TeredoEnabled indicates whether the port sharing service uses Microsoft Teredo service to listen on TCP ports on behalf of WCF services. This property is applicable only on Windows XP SP2, SP3 and Windows Server 2003. Windows Vista has a machine-wide configuration option for Teredo, so when running Windows Vista, this property is ignored. More about Teredo: Teredo Overview
NetTcpPortSharing also plays an important role in WAS architecture, which I’d like to dicuss later.
When a WCF service that uses net.tcp:// port sharing opens, the WCF TCP transport does not directly open a TCP socket in the application process. Instead, the transport registers the service’s base address URI with the Net.TCP Port Sharing Service and waits for the port sharing service to listen for messages on its behalf. The port sharing service dispatches messages addressed to the application service as they arrive.
When you expose a WCF service using NetTcpBinding, there is a property on the binding called “PortSharingEnabled”
<bindings>
<nettcpbinding name="binding" portsharingenabled="true">
</bindings>
// configure a binding with TCP port sharing enabled
NetTcpBinding binding = new NetTcpBinding();
binding.PortSharingEnabled = true;
If you target for example using port 15138 and port sharing is not allowed and another application is already using port 15138, this service would throw a “System.ServiceModel.AddressAlreadyInUseException” when opened.
The default path of SMSvcHost.exe is: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ ". The root directory also contains a configuration file called SMSvcHost.exe.config.
<net.tcp listenbacklog="10" maxpendingconnections="100" maxpendingaccepts="2" receivetimeout="00:00:10" teredoenabled="false">
<allowaccounts>
<add securityidentifier="S-1-5-18">
</allowaccounts>
</net.tcp>
SMSvcHost.exe.config manages the list of all those processes that might use the port sharing feature and list of user accounts that can run this Windows Service. By default, permission to use the port sharing service is granted to system accounts (LocalService, LocalSystem, and NetworkService) as and to the Administrators group.
On windows vista or windows 7, if you don’t turn off the UAC feature, even members of the Administrators group cannot use the port sharing service without elevated permissions. To allow these users to make use of the port sharing service without elevation, the user's SID , or the administrative group SID must be explicitly added to the
MaxPendingAccept is a socket-level property that describes the number of "pending accept" requests to be queued. The default value is 2. According to the WCF Team, you shouldn’t increase “maxPendingAccepts” too much. Up to 10 would be a good number. It means it spawns 10 concurrent threads to pull connections.
MaxPendingConnections This limits the number of simultaneous client connections awaiting dispatch. If this value is too low, client connection attempts may be rejected by the service. If it is too high, the service may appear slow or unresponsive to clients during heavy load periods. This property should be set to a value that allows the service to run at full capacity, and no higher.
TeredoEnabled indicates whether the port sharing service uses Microsoft Teredo service to listen on TCP ports on behalf of WCF services. This property is applicable only on Windows XP SP2, SP3 and Windows Server 2003. Windows Vista has a machine-wide configuration option for Teredo, so when running Windows Vista, this property is ignored. More about Teredo: Teredo Overview
NetTcpPortSharing also plays an important role in WAS architecture, which I’d like to dicuss later.
Subscribe to:
Posts (Atom)
