WebSEAL performance is degraded during file downloads

In Security Verify Access, we can use the io-buffer-size parameter in the [junction] stanza to configure the buffer size for reading and writing data to-and-from the junction. This value limits the amount of data that can be written from the socket to a junctioned server.

The optimum value for this io-buffer-size parameter is 8191 bytes (one byte less than the typical TCP buffer size of 8 KB). Severe performance degradation might occur if the value of the io-buffer-size is larger than 8191.

Similarly, we can use the io-buffer-size parameter in the [server] stanza to control the buffer size to read and write data to-and-from the client. The amount of data that can be written from the socket to an HTTP browser depends on the value of this parameter.

For either of these io-buffer-size parameters, a small value (for instance, 10 bytes) can hurt performance by causing frequent calls to the low-level read/write APIs. Up to a certain point, larger values improve performance. However, if the io-buffer-size exceeds the size of low-level I/O functions, there is no longer any improvement in performance. Using an io-buffer-size value that is too high degrades performance.

Parent topic: Common problems with WebSEAL servers