On Sun, Mar 03, 2019 at 01:49:12AM -0800, Ronald F. Guilmette wrote:
> >> But this other fellow I've been taking to offered an unexpectedobservation:
> >> If a given Postfix installation was attempting to support, say, 1 million
> >> unique domain names (correponding to 1 million unique customers) and if
> >> just 11,000 of those were to all simultaneously attempt to send -outbound-
> >> emails to six (6) different destinations apiece, then... this other fellow
> >> asserted... all of the 65536 maximum available IPv4 port numbers would be
> >> exhausted, and then havoc would ensue.
> >
> >This mental model is deeply flawed.
>
> Thank you for the response Viktor, but could you please be more specific,
> just so that I have it on the record?
>
> Whose mental model is it that you are saying is "deeply flawed"? Mine or
> the other guy's?
There's only one "mental model" under discussion of what happens
when Postfix is delivering email. Namely, that no matter how many
messages arrive in quick succession, they'll all be "talking to the
network" (using an outbound TCP connection) at the same time. This
mental model is deeply flawed.
I could also point out that TCP stacks can allow the same local
ephemeral port to be used for multiple TCP connections, provided
the 4-tuple (remote ip, remote port, local ip, local port) is unique.
There is no requirement that just the local ports of established
TCP connections be distinct.
> Paraphrasing, it sounds to me like you just said that Postfix is designed
> to behave well, and in fact does behave well, even under very high loads.
I tried to provide a more accurate model of how Postfix delivers
email, from which you or anyone else can reach your own conclusions.
> But I, for one, already knew that. (And I suspect that most folks who use
> Postfix at "big" places knew that already also.)
Well, it seems that you only knew the empirical conclusions. Had you
known how Postfix ensures performance under load, you'd have refuted
the other fellow's false scenario without coming to the list.
> I still would like to know if the total number of outbound SMTP connections
> which Postfix may have open, at any one given point in time, may or may not
> exceed 65536.
This is a silly question. Typical message delivery latency can be
estimated at around 1s. A hypothetical server running at a concurrency
of 64k connections would be pumping out 64k msgs/sec, but the Postfix
queue manager and the disk are very unlikely to go that fast.
Realistically, a single email server may be able to deliver at best
O(1000) msgs/sec.
At a hypothetical sustained 64k messages per second, a server would
be able to deliver around 5.6 billion messages a day. That's not
a realistic load for a single machine, either inbound or outbound.
Real servers handle smaller loads with outbound concurrency limits
in the hundreds or a few thousand. With Postfix brief input spikes
that exceed the output rate lead growth in the size of the queue
without unbounded demand for CPU and network.
There are also caps on concurrent incoming connections, and
sufficiently high input rates will reduce opportunities for new
connections, forcing some or most senders to defer delivery. That's
what horizontal scaling is for, with anycast IPs to spread the load
geographically, and in-datacentre load-balancers to further spread
the load among multiple machines, ...
--
Viktor.
