Linux tcp connections limit

What limits the maximum number of connections on a Linux server?

What kernel parameter or other settings control the maximum number of TCP sockets that can be open on a Linux server? What are the tradeoffs of allowing more connections? I noticed while load testing an Apache server with ab that it’s pretty easy to max out the open connections on the server. If you leave off ab’s -k option, which allows connection reuse, and have it send more than about 10,000 requests then Apache serves the first 11,000 or so requests and then halts for 60 seconds. A look at netstat output shows 11,000 connections in the TIME_WAIT state. Apparently, this is normal. Connections are kept open a default of 60 seconds even after the client is done with them for TCP reliability reasons. It seems like this would be an easy way to DoS a server and I’m wondering what the usual tunings and precautions for it are. Here’s my test output:

# ab -c 5 -n 50000 http://localhost/ This is ApacheBench, Version 2.0.40-dev apache-2.0 Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Copyright 2006 The Apache Software Foundation, http://www.apache.org/ Benchmarking localhost (be patient) Completed 5000 requests Completed 10000 requests apr_poll: The timeout specified has expired (70007) Total of 11655 requests completed 
 # netstat --inet -p | grep "localhost:www" | sed -e 's/ \+/ /g' | cut -d' ' -f 1-4,6-7 | sort | uniq -c 11651 tcp 0 0 localhost:www TIME_WAIT - 1 tcp 0 1 localhost:44423 SYN_SENT 7831/ab 1 tcp 0 1 localhost:44424 SYN_SENT 7831/ab 1 tcp 0 1 localhost:44425 SYN_SENT 7831/ab 1 tcp 0 1 localhost:44426 SYN_SENT 7831/ab 1 tcp 0 1 localhost:44428 SYN_SENT 7831/ab 

Источник

What is the theoretical maximum number of open TCP connections that a modern Linux box can have

Assuming infinite performance from hardware, can a Linux box support >65536 open TCP connections? I understand that the number of ephemeral ports (<65536) limits the number of connections from one local IP to one port on one remote IP. The tuple (local ip, local port, remote ip, remote port) is what uniquely defines a TCP connection; does this imply that more than 65K connections can be supported if more than one of these parameters are free. e.g. connections to a single port number on multiple remote hosts from multiple local IPs. Is there another 16 bit limit in the system? Number of file descriptors perhaps?

Читайте также:  Edit scripts in linux

3 Answers 3

A single listening port can accept more than one connection simultaneously.

There is a ’64K’ limit that is often cited, but that is per client per server port, and needs clarifying.

Each TCP/IP packet has basically four fields for addressing. These are:

source_ip source_port destination_ip destination_port

Inside the TCP stack, these four fields are used as a compound key to match up packets to connections (e.g. file descriptors).

If a client has many connections to the same port on the same destination, then three of those fields will be the same — only source_port varies to differentiate the different connections. Ports are 16-bit numbers, therefore the maximum number of connections any given client can have to any given host port is 64K.

However, multiple clients can each have up to 64K connections to some server’s port, and if the server has multiple ports or either is multi-homed then you can multiply that further.

So the real limit is file descriptors. Each individual socket connection is given a file descriptor, so the limit is really the number of file descriptors that the system has been configured to allow and resources to handle. The maximum limit is typically up over 300K, but is configurable e.g. with sysctl.

The realistic limits being boasted about for normal boxes are around 80K for example single threaded Jabber messaging servers.

Источник

[Solved-4 Solutions] How to Increase the maximum number of tcp/ip connections in linux — Linux Tutorial

How to increase the maximum number of tcp/ip connections in linux ?

Solution 1:

Maximum number of connections are impacted by certain limits on both client & server sides.

Client side: Increase the ephermal port range, and decrease the tcp_fin_timeout

Default values to find out:

 sysctl net.ipv4.ip_local_port_range sysctl net.ipv4.tcp_fin_timeout
  • The ephermal port range is defines as the maximum number of outbound sockets a host can create from a particular I.P. address. The fin_timeout defines the minimum time these sockets will stay in TIME_WAIT state. Usual system defaults are:
    • net.ipv4.ip_local_port_range = 32768 61000
    • net.ipv4.tcp_fin_timeout = 60
    • Basically the system cannot consistently to guarantee more than (61000 — 32768) / 60 = 470 sockets per second.
    • To increase the availability by decreasing the fin_timeout . Suppose we do both, we should see over 1500 outbound connections per second, more readily.
     sysctl net.ipv4.ip_local_port_range="15000 61000" sysctl net.ipv4.tcp_fin_timeout=30

    The above should not be interpreted as the factors impacting system capability for making outbound connections per second. But rather these factors affect system’s ability to handle concurrent connections in a sustainable manner for large periods of «activity.»

    Default Sysctl values on a typical linux box for tcp_tw_recycle & tcp_tw_reuse would be

     net.ipv4.tcp_tw_recycle=0 net.ipv4.tcp_tw_reuse=0

    Don’t allow a connection from a «used» socket (in wait state) and force the sockets to last the complete time_wait cycle.

     sysctl net.ipv4.tcp_tw_recycle=1 sysctl net.ipv4.tcp_tw_reuse=1 
    • To allows fast cycling of sockets in time_wait state and re-using them.
    • This change make sure that this does not conflict with the protocols to use for the application that needs these sockets.
    • On the Server Side: The net.core.somaxconn value has an important role. It limits the maximum number of requests queued to a listen socket.
    • If you are sure of your server application’s capability, bump it up from default 128 to something like 128 to 1024.
    • Now you can take advantage of this increase by modifying the listen backlog variable in your application’s listen call, to an equal or higher integer.
     sysctl net.core.somaxconn=1024

    txqueuelen parameter an ethernet cards also have a role to play. Default values are 1000, so bump them up to 5000 or even more the system can handle it.

     ifconfig eth0 txqueuelen 5000 echo "/sbin/ifconfig eth0 txqueuelen 5000" >> /etc/rc.local

    Similarly bump up the values for net.core.netdev_max_backlog and net.ipv4.tcp_max_syn_backlog. Their default values are 1000 and 1024 respectively.

     sysctl net.core.netdev_max_backlog=2000 sysctl net.ipv4.tcp_max_syn_backlog=2048

    Read Also

    Now remember to start both your client and server side applications by increasing the FD ulimts, in the shell.

    Solution 2:

    There are a couple of variables to set the max number of connections. Running out of file numbers first. To check ulimit -n. After that, there are settings in /proc, but those default to the tens of thousands.A single TCP connection ought to be able to use all of the bandwidth between two parties:

    • To check TCP window setting is large enough. Linux defaults are good for everything except really fast inet link (hundreds of mbps) or fast satellite links and also find your bandwidth*delay product.
    • Check for packet loss using ping to large packets (ping -s 1472 . )
    • Check for rate limiting. On Linux, this is configured with tc
    • Confirm that the bandwidth is exists actually exists using e.g., iperf
    • Confirm the protocol is sane.
    • Connections is actually using (try netstat or lsof). If that number is substantial:
    • Have a lot of bandwidth, e.g., 100mbps+. In this case, actually wants to up the ulimit -n. Still, ~1000 connections (default on my system) is quite a few.
    • Some network problems to slowing down in connections (e.g., packet loss)
    • Have something else slow down, e.g., IO bandwidth, especially in seeking. Have you checked iostat -x?

    Additionally, using a consumer-grade NAT router (Linksys, Netgear, DLink, etc.), beware that may exceed its abilities with thousands of connections.

    Solution 3:

    To determine OS connection limit is by catting nf_conntrack_max.For example: cat /proc/sys/net/netfilter/nf_conntrack_max Use the following script to count the number of tcp connections to a given range of tcp ports. By default 1-65535.

     #!/bin/bash OS=$(uname) case "$OS" in 'SunOS') AWK=/usr/bin/nawk ;; 'Linux') AWK=/bin/awk ;; 'AIX') AWK=/usr/bin/awk ;; esac netstat -an | $AWK -v start=1 -v end=65535 ' $NF ~ /TIME_WAIT|ESTABLISHED/ && $4 !~ /127\.0\.0\.1/ < if ($1 ~ /\./) else if ( sip ~ /:/ ) else split( sip, a, /:|\./ ) if ( a[d] >= start && a[d] > END '

    Read Also

    Solution 4:

    From server side:

    • To check if load balancer works correctly.
    • TCP timeouts turn slow into 503 Fast Immediate response, load balancer work correctly working resource to serve.

    Using node server, you can use toobusy from npm. To implementation:

     var toobusy = require('toobusy'); app.use(function(req, res, next) < if (toobusy()) res.send(503, "I'm busy right now, sorry."); else next(); >);

    From Client side:

    • To group calls in batch, reduce the traffic and total requests number between client and server.
    • Unnecessary duplicates requests handled by build a cache mid-layer.

    UP NEXT IN Linux

    linux red hat debian opensuse ubuntu arch linux mandrake get link linux computer linux pc linux server linux desktop learn linux red hat linux red hat enterprise linux linux software linux tutorial linux operating system suse linux linux download linux os linux ubuntu vmware linux lunix linux windows linux news linux usb linux commands unix linux linux version what is linux linux centos linux ftp linux maximum connections per port ulimit tcp connections number of tcp connections linux linux max sockets per process increase number of connections linux linux tcp ip tuning for scalability aix maximum number of tcp connections linux max connections per ip linux max connections per host max number connections linux check connection limit linux max number of ports linux ulimit number of connections ubuntu increase connection limit number of tcp ip connections maximum number of tcp connections linux ubuntu tcp connection limit linux max tcp

      INTERVIEW TIPS
    • Final Year Projects
    • HR Interview Q&A
    • GD Interview
    • Resume Samples
    • Engineering
    • Aptitude
    • Reasoning
    • Company Questions
    • Country wise visa
    • Interview Dress Code CAREER GUIDANCE
    • Entrance Exam
    • Colleges
    • Admission Alerts
    • ScholarShip
    • Education Loans
    • Letters
    • Learn Languages

    World’s No 1 Animated self learning Website with Informative tutorials explaining the code and the choices behind it all.

    Источник

Оцените статью
Adblock
detector