This page applies to Java Broker versions before 0.18. For the master copy of this documentation see the Producer Flow Control section in the Java documentation
General Information
The Qpid Java Broker 0.6 release introduces a simplistic producer-side flow control mechanism into the Java Messaging Broker, causing producers to be flow-controlled when they attempt to send messages to an overfull queue or overfull message store on a virtual host.
Server configuration
Configuring a Queue to use flow control
Flow control is enabled on a producer when it sends a message to a Queue which is "overfull". The producer flow control will be rescinded when all Queues on which a producer is blocking become "underfull". A Queue is defined as overfull when the size (in bytes) of the messages on the queue exceeds the "capacity" of the Queue. A Queue becomes "underfull" when its size becomes less than the "flowResumeCapacity".
<queue>
<name>test</name>
<test>
<exchange>amq.direct</exchange>
<capacity>10485760</capacity> <!-- set the queue capacity to 10Mb -->
<flowResumeCapacity>8388608</flowResumeCapacity> <!-- set the resume capacity to 8Mb -->
</test>
</queue>
The default for all queues on a virtual host can also be set
<virtualhosts>
<virtualhost>
<name>localhost</name>
<localhost>
<capacity>10485760</capacity> <!-- set the queue capacity to 10Mb -->
<flowResumeCapacity>8388608</flowResumeCapacity> <!-- set the resume capacity to 8Mb -->
</localhost>
</virtualhost>
</virtualhosts>
Where no flowResumeCapacity is set, the flowResumeCapacity is set to be equal to the capacity. Where no capacity is set, capacity is defaulted to 0 meaning there is no capacity limit.
Broker Log Messages
There are four new Broker log messages that may occur if flow control through queue capacity limits is enabled.
Firstly, when a capacity limited queue becomes overfull, a log message similar to the following is produced
MESSAGE [vh(/test)/qu(MyQueue)] [vh(/test)/qu(MyQueue)] QUE-1003 : Overfull : Size : 1,200 bytes, Capacity : 1,000
Then for each channel which becomes blocked upon the overful queue a log message similar to the following is produced:
MESSAGE [con:2(guest@anonymous(713889609)/test)/ch:1] [con:2(guest@anonymous(713889609)/test)/ch:1] CHN-1005 : Flow Control Enforced (Queue MyQueue)
When enough messages have been consumed from the queue that it becomes underfull, then the following log is generated:
MESSAGE [vh(/test)/qu(MyQueue)] [vh(/test)/qu(MyQueue)] QUE-1004 : Underfull : Size : 600 bytes, Resume Capacity : 800
And for every channel which becomes unblocked you will see a message similar to:
MESSAGE [con:2(guest@anonymous(713889609)/test)/ch:1] [con:2(guest@anonymous(713889609)/test)/ch:1] CHN-1006 : Flow Control Removed
Obviously the details of connection, virtual host, queue, size, capacity, etc would depend on the configuration in use.
Disk quota-based flow control
Since version 0.18 of Qpid Broker, flow control can be triggered when a configured disk quota is exceeded. This is supported by the BDB and Derby message stores.
This functionality blocks all producers on reaching the disk overflow limit. When consumers consume the messages, causing disk space usage to falls below the underflow limit, the producers are unblocked and continue working as normal.
Two limits can be configured:
- overflow limit - the maximum space on disk (in bytes) which can be used by store.
- underflow limit - when the space on disk drops below this limit, producers are allowed to resume publishing.
An example of quota configuration for the BDB message store is provided below.
<store>
<class>org.apache.qpid.server.store.berkeleydb.BDBMessageStore</class>
<environment-path>${work}/bdbstore/test</environment-path>
<overfull-size>50000000</overfull-size>
<underfull-size>45000000</underfull-size>
</store>
The disk quota functionality is based on "best effort" principle. It means that broker cannot guarantee that disk space limit will not be exceeded. If several concurrent transactions are started before the limit is reached then all of them will be committed into disk even when disk quota is exceeded.
Broker Log Messages for quota flow control
There are 2 new Broker log messages that may occur if flow control through disk quota limits is enabled.
When virtual host is blocked due to exceeding of the disk quota limit the following message appears in the broker log
[vh(/test)/ms(BDBMessageStore)] MST-1008 : Store overfull, flow control will be enforced
When virtual host is unblocked after cleaning the disk space the following message appears in the broker log
[vh(/test)/ms(BDBMessageStore)] MST-1009 : Store overfull condition cleared
Client impact and configuration
If a producer sends to a queue which is overfull, the broker will respond by instructing the client not to send any more messages. The impact of this is that any future attempts to send will block until the broker rescinds the flow control order.
While blocking the client will periodically log the fact that it is blocked waiting on flow control.
WARN AMQSession - Broker enforced flow control has been enforced WARN AMQSession - Message send delayed by 5s due to broker enforced flow control WARN AMQSession - Message send delayed by 10s due to broker enforced flow control
After a set period the send will timeout and throw a JMSException to the calling code.
ERROR AMQSession - Message send failed due to timeout waiting on broker enforced flow control
If such a JMSException is thrown, the message will not be sent to the broker, however the underlying Session may still be active - in particular if the Session is transactional then the current transaction will not be automatically rolled back. Users may choose to either attempt to resend the message, or to rollback any transactional work and close the Session.
Both the timeout delay, and the periodicity of the warning messages can be set using java system properties. The amount of time (in milliseconds) to wait before timing out is controlled by the property qpid.flow_control_wait_failure (the default is 120000 - which is two minutes), the frequency at which the log message informing that the producer is flow controlled is sent is controlled by the system property qpid.flow_control_wait_notify_period: the default value is 5000 milliseconds (i.e. 5 seconds).
Adding the following to the command line to start the client would result in a timeout of one minute, with warning messages every ten seconds:
-Dqpid.flow_control_wait_failure=60000 -Dqpid.flow_control_wait_notify_period=10000
Using failover with flow control
If flow control feature is used with a failover functionality and connection is lost when producer is blocked by the flow control, the failover is not started immediately due to implementation limitation. But it is resumed after the flow control wait interval is expired. However, failover functionality has 1 minute timeout interval to try to re-establish the connection and counting of this interval starts after losing of connection. If this timeout is exceeded the failover will be interrupted and will not be resumed. On other hand, the default flow control wait interval is set to 2 minutes and as result, the failover can timeout whilst trying to re-establish the connection for blocked producer(s).
In order to avoid this from happening the failover timeout can be set to the value bigger than flow control wait interval. For setting of failover timeout the JVM setting "qpid.failover_method_timeout" can be used as follows
-Dqpid.failover_method_timeout=180000
Setting of flow wait interval to the value lower than a failover timeout would allow failover to restore connectivity.
Older Clients
This feature was added for the 0.6 releaase of the Java Broker. If an older client connects to the broker then the flow control commands will be ignored and they will not be blocked. So to fully benefit from this new feature both Client and Broker need to be at least version 0.6.