[imp] Permformance issue

Andrew Morgan morgan@orst.edu
Mon, 15 Jul 2002 20:17:21 -0700 (PDT)



On Mon, 15 Jul 2002, Eric Rostetter wrote:

> Quoting Andrew Morgan <morgan@orst.edu>:
>
> > My personal opinion is that you are better off installing IMP on a
> > separate machine.  No matter where you install IMP, it will make an IMAP
> > or POP connection to your mail server.  In one case this happens locally
> > by connecting to localhost and in the other case it happens across the
> > network.
>
> That doesn't mean that localhost vs network access perform equally, or
> have the same security.
>
> > If for some reason you have a really slow network between the two
> > machines, then running it locally would make sense.  Otherwise, I'd rather
> > have the extra horsepower of a second machine.
>
> Unless you already have too much horsepower already, and/or cost is a concern.
>
> > IMP, especially using SSL
> > connections, does take some horsepower to run, so why not take that load
> > off of your mail server.  Let your mail server just handle IMAP/POP
> > connections.
>
> To be secure, you would then need ssl for the imap/pop connection, so basically
> you've doubled the amount of encryption on your web server now (https and
> simap/spop3) and haven't decreased the amount of encryption on the mail
> server (roughly, not an exact science here).
>
> > Where possible, I prefer to dedicate servers to separate services rather
> > than running it all on one big machine.
>
> I can't disagree with that from a management point of view.  But that is
> not the same issue as performance.
>
> For example, when I split my IMP installation from one machine to two,
> management became 100% better, but performance died (average request now
> takes about twice as long as before).  But we did the split for management
> reasons, and we're willing to eat the performance loss.
>
> The performance hit we saw is completely explainable and we knew it would
> happen.  But we desired it none-the-less.  Other setups would of course
> be different, and hence the outcome different.

Apparently we have different environments entirely, because you and I have
come to different conclusions on this.  :)

I'm providing email services for 30,000 users, with about 10,000 logins
per day on the webmail system.  During busy times, this is a full load for
both the mail server (IMAP) and the webmail server.  In our case, I trust
that the network is secure, at least for the level of security required
for our site.  Both servers are on the same switch, in the same room.  It
is not worth the performance hit on both servers to encrypt the IMAP
connection.  Obviously, this would be a different situation if the webmail
server made IMAP connections to remote internet sites.

I would guess the overhead of a network connection versus the loopback
interface is minimal, but I don't really know.  I'm sure the OS shortcuts
the operation when it knows it doesn't have to transmit across the
network, but I don't think the overhead of ethernet is a large part of the
overall performance.

I'm curious why your performance was twice as bad when you put IMP on one
server and IMAP on another.  Can you explain it for me?

As a side note, there are some times when having separate servers is
*more* of a management problem.  For example, the webmail server does
weird things when the IMAP server is unavailable...  :)

	Andy