Why reverse proxies are good for big web applications

July 2, 2008

One of the things that you can do to make a complex web application perform better is to put a reverse proxy in front of it. On the surface this seems counterintuitive, since you're adding an extra layer of software that does nothing but pass the traffic back and forth.

What's going on is simple: buffering. Namely, it's better to buffer replies in the reverse proxy than to 'buffer' them in your application itself.

Your web application uses a certain amount of memory in the process of handling a request and sending out the reply. Most of the time this is more memory than the size of the generated page and most of it stays tied down until your application has sent the last of the reply and gets to tear down all the data structures associated with the request. Thus you are much better off offloading the reply page into the reverse proxy's memory, where it will use only a tiny bit more memory than the size of the page itself, and having your application immediately tear down and throw away those resources.

This is compounded by the effects of talking to slow clients, which hold their connection open for a relatively long time as they very slowly accept data from you and thus hold down their per-connection resources on your end for a long time. It's much better for you if this is some small data structures in a reverse proxy rather than the full memory that your application required to answer their request.

You can to some extent work around this by making sure that your web application uses as little memory as possible, but you're unlikely to get as lean as a good reverse proxy; modern web environments just have too much intrinsic overhead. (I'm not talking about frameworks as such; consider the base memory usage of another thread or process in your favorite programming language. I suspect that Java comes off best here. The base language overhead also limits how much you can gain from imitating the reverse proxy approach in your application by tearing down as much as possible once you're ready to start sending out your reply.)

(This entry was inspired by reading this, which is on a related issue.)

Written on 02 July 2008.
« The many problems with bad security patches
Why system administrators like interpreted languages »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Wed Jul 2 00:26:04 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.