[158609] in North American Network Operators' Group
Re: TCP time_wait and port exhaustion for servers
daemon@ATHENA.MIT.EDU (=?ISO-8859-15?Q?J=C1K=D3_Andr=E1s?)
Wed Dec 5 11:56:34 2012
Date: Wed, 5 Dec 2012 17:56:06 +0100 (CET)
From: =?ISO-8859-15?Q?J=C1K=D3_Andr=E1s?= <jako.andras@eik.bme.hu>
To: Ray Soucy <rps@maine.edu>
In-Reply-To: <CALFTrnNj2e9HUjukAUi-jtTsuGTugxe2-iEpm8v+wk8JKnuBQA@mail.gmail.com>
Cc: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Ray,
> With a 60 second timeout on TIME_WAIT, local port identifiers are tied
> up from being used for new outgoing connections (in this case a proxy
> server). The default local port range on Linux can easily be
> adjusted; but even when bumped up to a range of 32K ports, the 60
> second timeout means you can only sustain about 500 new connections
> per second before you run out of ports.
Is that 500 new connections per second per {protocol, remote address,=20
remote port} tuple, that's too few for your proxy? (OK, this tuple is more=
=20
or less equivalent with only {remote address} if we talk about a web=20
proxy.) Just curious.
Regards,
Andr=E1s
