Lecture: Memcached Setup and Tuning

Learning Objectives

Analyze Memcached hardware needs.
Configure Memcached for production.
Implement session caching techniques.
Tune Memcached for performance.

Prerequisites

Basic Linux command-line skills.
Understanding of web architecture.
Familiarity with caching concepts.

Section 1: Sizing Your Cache: Memcached Hardware Requirements

Introduction to Memcached's Philosophy

Before diving into the specifics of hardware, it's crucial to understand the design philosophy of Memcached. It is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Memcached is, at its core, a simple key-value store. It is designed for one primary purpose: to be fast. This speed is achieved through simplicity and by operating entirely in memory. Unlike Redis, which offers data persistence, or more complex systems like Apache Ignite, Memcached is ephemeral. If the server restarts, the cache is empty. This design choice has profound implications for its hardware requirements.

As Jainandunsing (2025) notes, Memcached is a "lightweight, blazing-fast in-memory key-value store... even leaner than Redis, making it perfect for on-prem, low-resource environments." This leanness is its greatest strength. It does one thing, and it does it exceptionally well: store and retrieve arbitrary data (strings, objects) from RAM based on a key.

Core Hardware Components Analyzed

When provisioning a server for Memcached, your focus will be overwhelmingly on one component: Random Access Memory (RAM). The other components are important for a stable system, but they are secondary to the primary function of the cache.

1. Random Access Memory (RAM)

RAM is the lifeblood of Memcached. Since all cached data resides in memory, the amount of RAM you allocate directly determines the size of your cache. Insufficient RAM is the most common cause of poor cache performance, leading to a high rate of evictions (where old items are discarded to make room for new ones). This defeats the purpose of the cache, as it forces the application to fall back to the slower, primary data source (like a database) more frequently.

How to Estimate RAM Needs: A precise calculation is difficult without profiling your application, but a good estimate can be derived from the following formula:
Estimated RAM = (Average Object Size in bytes * Number of Objects to Cache) * Overhead Factor
The Overhead Factor (typically 1.1 to 1.3) accounts for Memcached's own internal data structures, keys, and metadata associated with each item. For session caching, the calculation is more direct:
Estimated RAM = (Average Session Size * Peak Concurrent Users) * 1.2
For a small application with 20 users and an average session size of 5KB, this would be `(5KB * 20) * 1.2 = 120KB`. This illustrates why Memcached can run on such minimal hardware for smaller use cases. For a large e-commerce site with 50,000 concurrent users and 20KB sessions, the requirement jumps to `(20KB * 50000) * 1.2 = 1.2 GB`, just for session data. This calculation highlights the need to understand your data and traffic patterns.

2. Central Processing Unit (CPU)

Memcached is not CPU-intensive. Its operations (get, set, delete) are computationally simple. The server is multi-threaded, meaning it can leverage multiple CPU cores to handle concurrent connections. However, a single, modern CPU core is often sufficient for tens of thousands of requests per second. For most workloads, a minimal configuration of 1-2 cores is adequate. The primary benefit of more cores is handling a very high number of simultaneous client connections, not speeding up individual operations. The provided context suggests a minimum of "1 core (Intel/AMD @ 2.0+ GHz)," which is a very modest requirement for any modern server.

3. Storage (Disk)

Disk performance is largely irrelevant to Memcached's caching operations. As stated in the provided materials, "Memcached is entirely in-memory, no disk storage needed for data." The only storage requirements are for the operating system, the Memcached binaries, and system logs. A small, fast SSD (10-20 GB) is more than sufficient, primarily to ensure the underlying OS is responsive.

4. Network

While CPU is not a bottleneck, the network certainly can be. Memcached's performance is measured in sub-millisecond response times. This speed is lost if the network introduces latency.

Latency: This is the most critical network metric. The cache server should be as close as possible to the application servers, ideally within the same rack or data center availability zone. A low-latency 1 Gbps connection is a standard baseline.
Throughput: For applications caching very large objects or handling extremely high request volumes, a 1 Gbps connection could become saturated. In such high-performance scenarios, upgrading to 10 Gbps or faster networking may be necessary.

Special Use Case: Memcached on a Raspberry Pi

The efficiency of Memcached is best demonstrated by its ability to run effectively on low-power, single-board computers like the Raspberry Pi. This makes it an excellent choice for home labs, small projects, or IoT applications where a lightweight, shared memory store is needed. The hardware requirements are incredibly modest and align perfectly with the capabilities of recent Pi models. Running Memcached on a Pi is not just possible; it's a practical solution for specific use cases like caching session data for a small internal web application or caching frequent API responses from an external service to avoid rate limiting.

Example Hardware Profiles

Profile 1: Small-Scale Session Caching (e.g., ~20 concurrent users)

This profile is based on the provided context for a minimal on-premise installation.

Component	Minimum Specification
CPU	1 core @ 2.0+ GHz
RAM	256 MB – 512 MB
Storage	5–10 GB SSD (OS + logs only)
Network	1 Gbps NIC

Profile 2: Recommended Hardware for a Raspberry Pi Cache

This profile is ideal for development, home projects, or very small production workloads.

Requirement	Minimum	Recommended
Model	Raspberry Pi 2 or newer	Raspberry Pi 4 or 5
RAM	256 MB	1 GB or more
Network	Wi-Fi	LAN (for low latency)

Did You Know?

Memcached was originally developed by Brad Fitzpatrick for his website LiveJournal in 2003. It was created to handle the massive database load generated by the rapidly growing social networking site. Its success in scaling LiveJournal led to it being open-sourced, and it quickly became a foundational technology for many of the world's largest websites, including Facebook, Twitter, and YouTube.

Section 1 Summary

Memcached's primary design goals are speed and simplicity, achieved by being an in-memory-only cache.
RAM is the most critical hardware component; its size directly dictates your cache capacity.
CPU and Storage requirements are minimal. A single core and a small SSD for the OS are usually sufficient.
Network latency is a key performance factor. Co-locate your cache and application servers for best results.
Memcached is so lightweight it can run effectively on minimal hardware like a Raspberry Pi, making it versatile for projects of all sizes.

Reflective Questions

When would the low hardware requirements and simplicity of Memcached become a disadvantage compared to a more feature-rich system like Redis or Apache Ignite?
Imagine you are building a small-scale internal application. How would you decide between provisioning a small cloud VM versus using a dedicated Raspberry Pi for your Memcached instance? What are the trade-offs?

Section 2: From Zero to Cache: Detailed Configuration Steps

Installation and Initial Setup

Getting Memcached running on a modern Linux distribution, such as Ubuntu or Debian, is a straightforward process using the system's package manager. The installation provides the Memcached server daemon, command-line tools for interacting with it, and a default configuration file that we will tune for our needs.

The first step is always to ensure your system's package list is up-to-date.

sudo apt update && sudo apt upgrade -y

Next, install the Memcached daemon and the `libmemcached-tools` package, which provides helpful command-line utilities for testing and administration.

sudo apt install memcached libmemcached-tools -y

Once installed, the Memcached service will typically start automatically with a default configuration. However, these defaults are rarely optimal for a production environment. Our next step is to customize the configuration to match our hardware and security requirements.

Dissecting the Configuration File

The main configuration for Memcached on Debian-based systems is located at /etc/memcached.conf. This file contains the startup parameters passed to the Memcached daemon. Let's explore the most critical directives you will need to tune.

sudo nano /etc/memcached.conf

-m <memory_in_mb>: Memory Allocation. This is the most important setting. It specifies the maximum amount of RAM, in megabytes, that Memcached is allowed to use for storing items. The default is often a conservative 64MB. You should set this value based on your hardware analysis from Section 1, leaving enough memory for the operating system and other processes. For a server with 2GB of RAM dedicated to caching, you might set this to -m 1536.
-l <ip_address>: Listen Address. By default, Memcached listens on `127.0.0.1` (localhost), which is secure as it only allows connections from the same machine. If your application servers are on different machines, you must change this to the private IP address of the cache server (e.g., `-l 192.168.1.100`). Warning: Never set this to `0.0.0.0` or a public IP address without a firewall, as Memcached has no authentication and would be open to the world.
-p <port>: Port Number. The default port is `11211`. There is rarely a need to change this unless it conflicts with another service or for "security by obscurity" (which is not a real security strategy).
-u <user>: User. For security, Memcached should not run as the `root` user. The installation typically creates a `memcache` user. This directive ensures the process drops its root privileges after starting, which is a critical security best practice.
-t <threads>: Worker Threads. This sets the number of threads Memcached will use to process requests. The default is often 4. A good starting point is to set this to the number of CPU cores available on your server. For a 2-core machine, you would set `-t 2`. Increasing this beyond the number of cores can introduce context-switching overhead with diminishing returns.
-c <max_connections>: Max Connections. This defines the maximum number of concurrent client connections. The default is 1024. If you have many application servers or your application uses persistent connections, you may need to increase this. Monitor the `curr_connections` stat to see if you are approaching this limit.
-U 0: Disable UDP. The Memcached protocol can operate over both TCP and UDP. However, the UDP port has been historically exploited in DDoS amplification attacks. Unless you have a specific, trusted use case for UDP, it is highly recommended to disable it for security by setting the value to 0.
-v, -vv, -vvv: Logging Verbosity. These flags increase the amount of information Memcached logs to syslog. `-v` provides basic error and warning messages. `-vv` adds client command and response logging, which is useful for debugging but can generate a lot of log data. `-vvv` is for deep debugging and logs internal state transitions. Use these flags temporarily when troubleshooting.

Service Management and Verification

After editing the configuration file, you must restart the Memcached service for the changes to take effect. You should also enable the service to ensure it starts automatically on server reboot.

sudo systemctl restart memcached
sudo systemctl enable memcached

To verify that the service is running correctly and using your new configuration, check its status:

sudo systemctl status memcached

The most direct way to confirm Memcached is operational is to connect to it and request its statistics. The `netcat` (`nc`) tool is perfect for this.

echo "stats" | nc localhost 11211

This command sends the string "stats" to the Memcached server on port 11211 and prints the response. The output will be a list of key-value pairs describing the server's state, including its uptime, version, current connections, memory usage, and hit/miss counters. Seeing this output is a definitive confirmation that your cache server is up and running.

Example: Production Configuration and Verification

Annotated `memcached.conf`

This example configuration is for a dedicated cache server with 4 CPU cores and 8GB of RAM, listening on a private network interface.

# /etc/memcached.conf

# 1. Allocate 6GB of RAM for item storage.
# Leave 2GB for the OS and other processes.
-m 6144

# 2. Listen on the server's private network IP.
# This allows other servers in the 192.168.1.x network to connect.
-l 192.168.1.100

# 3. Use the standard port.
-p 11211

# 4. Run as the non-privileged 'memcache' user.
-u memcache

# 5. Use 4 worker threads, matching the number of CPU cores.
-t 4

# 6. Increase max connections to handle a large application cluster.
-c 4096

# 7. Disable the UDP port for security.
-U 0

Verifying with `stats` and Interpreting Output

After restarting with the configuration above, you can check the stats from another server on the same network (`192.168.1.20`, for example):

echo "stats" | nc 192.168.1.100 11211

Sample Output (annotated):

STAT pid 1234
STAT uptime 600                 # Server has been up for 600 seconds
STAT version 1.6.9
STAT libevent 2.1.12-stable
STAT pointer_size 64
STAT threads 4                   # Confirms our -t 4 setting
STAT curr_connections 10         # 10 clients are currently connected
STAT total_connections 50
STAT connection_structures 11
STAT cmd_get 15000               # 15,000 'get' commands received
STAT cmd_set 2500                # 2,500 'set' commands received
STAT get_hits 14500              # Out of 15k gets, 14.5k found the data
STAT get_misses 500              # 500 did not find the data (cache miss)
STAT evictions 0                 # 0 items have been forcefully removed (good!)
STAT bytes 512345678             # Current size of all items in cache
STAT limit_maxbytes 6442450944    # Confirms our -m 6144 (6GB) setting
END

Did You Know?

The protocol used by Memcached is a simple, human-readable, text-based protocol. This is a deliberate design choice that contributes to its high performance by minimizing parsing overhead. It also makes debugging incredibly easy, as you can use basic tools like `telnet` or `netcat` to connect to the server and issue commands like `get my_key` or `set my_key 0 3600 5\r\nhello` just as a client library would. There is also a binary version of the protocol for clients that want to optimize for even lower latency.

Section 2 Summary

Installation is simple via standard package managers like `apt`.
Configuration is controlled by startup flags in /etc/memcached.conf.
Key directives to tune are memory (`-m`), listen address (`-l`), threads (`-t`), and connections (`-c`).
Security is paramount: always run as a non-root user (`-u`), disable UDP (`-U 0`), and never expose Memcached directly to the internet. Use a firewall to restrict access.
Use `systemctl` to manage the service and `echo "stats" | nc` to verify its status and monitor key performance metrics.

Reflective Questions

You run `stats` and notice a high and constantly rising number of `evictions`. What are your first three steps to diagnose and solve the problem? What configuration parameters are most relevant?
A developer on your team suggests binding Memcached to `0.0.0.0` to "make it easier to connect from anywhere." What are the immediate security risks of this action, and what is the proper way to configure access for multiple application servers in a private network?

Section 3: Practical Application: Session Caching and Performance Tuning

The Case for Caching Sessions

In a traditional web application, user session data is often stored in files on the web server's local disk or in a relational database. While simple, this approach has significant drawbacks in a modern, scalable architecture. File-based sessions prevent easy load balancing across multiple web servers, as a user's session is tied to a single machine. Database-backed sessions solve this but introduce significant latency, adding a database query to nearly every user request. This is where Memcached excels.

By using Memcached as a session store, you create a centralized, high-speed, in-memory repository for session data that all your application servers can access. This decouples user state from the application servers, allowing for seamless scaling and fault tolerance. A request from a user can be handled by any application server, which can instantly retrieve the session data from Memcached, process the request, and write the updated session back. This drastically reduces database load and improves application response time.

Integrating Memcached with Web Applications

Most modern web frameworks and languages have robust, well-supported libraries for integrating Memcached as a session handler. The configuration is typically minimal, requiring only that you point the application to the Memcached server's address and port.

Deep Dive: Memcached's Memory Management - The Slab Allocator

To effectively tune Memcached, you must understand how it manages memory. Unlike systems that use `malloc()` and `free()` for every object, which can lead to memory fragmentation, Memcached employs a mechanism called the slab allocator.

Here's how it works:

Slabs and Pages: On startup, Memcached carves the total memory allocated to it (`-m`) into large 1MB blocks called "pages".
Slab Classes: These pages are then assigned to different "slab classes". Each slab class is responsible for storing items of a specific size range. For example, one class might handle items between 97-128 bytes, the next 129-160 bytes, and so on.
Chunks: Within a page, the memory is divided into equal-sized "chunks" appropriate for that slab class. All chunks in a given slab class are the same size.
Storage: When you store an item, Memcached finds the smallest slab class that can accommodate the item's size and places it into a free chunk within that class.

This pre-allocation strategy is extremely fast and completely eliminates memory fragmentation. However, it can lead to wasted memory if your item sizes are poorly distributed. For example, if you store a 130-byte item in a slab class with 160-byte chunks, 30 bytes of that chunk are wasted and cannot be used by any other item.

Tuning the Slab Allocator

For most general-purpose use cases, the default slab settings are sufficient. However, in high-performance environments, you can tune them with startup flags:

-f <factor>: Growth Factor. This controls the size progression between slab classes. The default is 1.25. A smaller factor creates more slab classes with finer-grained size differences, potentially reducing wasted memory but increasing overhead.
-n <bytes>: Minimum Chunk Size. This sets the size of the smallest chunk. The default is 48 bytes.

You can inspect the state of your slabs using the `stats slabs` command. This will show you how many chunks are used in each class, how much memory is allocated, and how much is wasted. If you see that certain slab classes are full and causing evictions while others are mostly empty, it might indicate a need for tuning or, more likely, an increase in total memory.

Eviction Policy: Least Recently Used (LRU)

What happens when a slab class runs out of free chunks? Memcached applies its one and only eviction policy: Least Recently Used (LRU). It identifies the item within that specific slab class that has not been accessed for the longest time and discards it to make room for the new item. This is a simple but effective "survival of the fittest" strategy for your data. The `evictions` counter in the main `stats` output is a critical health metric. A consistently rising number of evictions is a clear signal that your cache is too small for your workload or your item Time-to-Live (TTL) values are too long.

Monitoring and Performance Metrics

Continuous monitoring is key to maintaining a healthy cache. The most important metrics to track are:

Cache Hit Ratio: This is the percentage of `get` requests that are successful (`get_hits`). A healthy cache should have a hit ratio of 90% or higher. Formula: `(get_hits / (get_hits + get_misses)) * 100`. A low hit ratio means your application is frequently going to the database, negating the benefits of the cache.
Evictions: As mentioned, this should be at or near zero. If it's climbing, you need more memory.
Memory Usage (bytes): Track this against your `limit_maxbytes` to understand how full your cache is.
Current Connections (curr_connections): Ensure this stays comfortably below your configured maximum (`-c`).

Example: Application Integration for Session Caching

The following snippets demonstrate how to configure different backends to use Memcached for session storage. Note how simple the configuration is across platforms.

PHP (`php.ini`)

To configure PHP sessions globally, edit your `php.ini` file:

; Tell PHP to use the memcached extension for sessions
session.save_handler = memcached

; Provide the server address and port
; For a cluster, separate servers with commas: "10.0.0.1:11211,10.0.0.2:11211"
session.save_path = "127.0.0.1:11211"

Python (Flask with Flask-Session)

First, install the required libraries: pip install Flask Flask-Session pymemcache

from flask import Flask, session
from flask_session import Session

app = Flask(__name__)

# Configure session to use Memcached
app.config['SESSION_TYPE'] = 'memcached'
app.config['SESSION_PERMANENT'] = False
app.config['SESSION_USE_SIGNER'] = True
app.config['SECRET_KEY'] = 'a_very_secret_key'
app.config['SESSION_MEMCACHED'] = '127.0.0.1:11211'

# Initialize the session extension
Session(app)

@app.route('/set')
def set_session():
    session['username'] = 'alice'
    return 'Session value set!'

@app.route('/get')
def get_session():
    return session.get('username', 'Not set')

Node.js (Express with connect-memcached)

First, install dependencies: npm install express express-session connect-memcached

const express = require('express');
const session = require('express-session');
const MemcachedStore = require('connect-memcached')(session);

const app = express();

app.use(session({
    secret: 'another_very_secret_key',
    resave: false,
    saveUninitialized: true,
    store: new MemcachedStore({
        hosts: ['127.0.0.1:11211'],
        secret: 'optional_store_secret' // For hashing session IDs
    }),
    cookie: { maxAge: 86400000 } // 24 hours
}));

app.get('/', (req, res) => {
    if (req.session.views) {
        req.session.views++;
        res.send(`You have visited this page ${req.session.views} times.`);
    } else {
        req.session.views = 1;
        res.send('Welcome to your first visit!');
    }
});

app.listen(3000);

Did You Know? The "Thundering Herd" Problem

A classic challenge with caching is the "thundering herd" or "cache stampede" problem. This occurs when a very popular cached item expires. Suddenly, dozens or hundreds of concurrent requests for that item result in a cache miss. All of these requests then "stampede" to the backend database simultaneously to regenerate the data, potentially overwhelming it. While Memcached itself doesn't solve this, applications can implement client-side logic to mitigate it. A common technique is for the first process that gets a miss to acquire a lock (also in Memcached), regenerate the data, and update the cache, while subsequent processes wait briefly for the lock to be released before retrying their `get` operation.

Section 3 Summary

Memcached is an ideal solution for session caching, providing a fast, scalable, and centralized store.
Integration with languages like PHP, Python, and Node.js is straightforward using dedicated libraries.
Memcached uses a slab allocator to manage memory, which prevents fragmentation but can lead to wasted space if not tuned.
The only eviction policy is LRU (Least Recently Used), which discards the oldest data when space is needed.
Monitor key metrics like cache hit ratio and evictions to ensure your cache is performing optimally.

Reflective Questions

Your application's cache hit ratio is consistently below 80%. What does this suggest about your caching strategy, and what tuning parameters or application logic changes would you investigate first?
How does Memcached's LRU-only eviction policy simplify cache management but also limit its potential use cases when compared to a system like Redis, which offers multiple, more complex eviction policies?