Sum up of Omar’s Scaling up Asp.net sites

I watched Omar’s presentation at skillmatters. Omar shared some useful experience, think I ‘d better write them down when these knowledge with my research.

1. App level denial of service
Asp.net thread pool is limited resource. So while huge amount of requests to an expensive pages queueing there, it will quickly take down the site.
A solution:
Build a HttpModule and hook on OnInit event.Count some properties(IP,period,User-Agent,etc.) till exceed a threshold, then call Response.End().
Or set up another front-layer by using some third parties traffic manager.

More:Thread pool of Asp.net IIS.

2.Static resources’ useless cookie traffc
Set up seperate sub-domain for hosting static resources.
Without CDN, then bring some validation logic to global.asax’s EndResponse to set cookie under this sub-domain expired.
With CDN, CDN is the answer

3.1 Tweak the IIS server
maxworkerthreads 20->100
maxIOthread 20->100
memorylimit 30->60
Good resource on MSDN ASP.NET Thread Usage on IIS 7.5, IIS 7.0, and IIS 6.0

3.2 HttpWebRequestor and WebClient in default allow 2 connections per IP
Some times it will cause performence issues when the communication happening between machines.For example, a proxy server connecting with another service server, it only allow to create 2 connections.
Here is a post about Contention, poor performance, and deadlocks when you make Web service requests from ASP.NET applications.

4.Remove unused httpmodules from asp.net pipeline
For example
C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG\web.config

<httpModules>
  <add name="OutputCache" type="System.Web.Caching.OutputCacheModule"/>
  <add name="Session" type="System.Web.SessionState.SessionStateModule"/>
  <add name="WindowsAuthentication" type="System.Web.Security.WindowsAuthenticationModule"/>
  <add name="FormsAuthentication" type="System.Web.Security.FormsAuthenticationModule"/>
  <add name="PassportAuthentication" type="System.Web.Security.PassportAuthenticationModule"/>
  <add name="RoleManager" type="System.Web.Security.RoleManagerModule"/>
  <add name="UrlAuthorization" type="System.Web.Security.UrlAuthorizationModule"/>
  <add name="FileAuthorization" type="System.Web.Security.FileAuthorizationModule"/>
  <add name="AnonymousIdentification" type="System.Web.Security.AnonymousIdentificationModule"/>
  <add name="Profile" type="System.Web.Profile.ProfileModule"/>
  <add name="ErrorHandlerModule" type="System.Web.Mobile.ErrorHandlerModule, System.Web.Mobile, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"/>
  <add name="ServiceModel" type="System.ServiceModel.Activation.HttpModule, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</httpModules>

If you are using FormsAuthentication,SQLServerstorage,no web.config based role based permission then you can remove most of them.

<httpModules>
         <!-- Remove unnecessary Http Modules for faster pipeline -->
         <remove name="Session" />
         <remove name="WindowsAuthentication" />
         <remove name="PassportAuthentication" />
         <remove name="AnonymousIdentification" />
         <remove name="UrlAuthorization" />
         <remove name="FileAuthorization" />
</httpModules>

5.Async/Sync services
Omar posted an article on codeproject, Tweaking WCF to build highly scalable async REST API, which described a not very happy experience by using WCF.
Whether Async can really improve the performence of web application is still a big question, and it is still not very convinced by that.
Actually this topic introduced some debates on stackoverflow like Do asynchronous operations in ASP.NET MVC use a thread from ThreadPool on .NET 4.
The point is whether async operation in asp.net or wcf using a thread from threadpool.

Leave a Reply