nanog mailing list archives
Re: TCP time_wait and port exhaustion for servers
From: JÁKÓ András <jako.andras () eik bme hu>
Date: Wed, 5 Dec 2012 17:56:06 +0100 (CET)
Ray,
With a 60 second timeout on TIME_WAIT, local port identifiers are tied up from being used for new outgoing connections (in this case a proxy server). The default local port range on Linux can easily be adjusted; but even when bumped up to a range of 32K ports, the 60 second timeout means you can only sustain about 500 new connections per second before you run out of ports.
Is that 500 new connections per second per {protocol, remote address,
remote port} tuple, that's too few for your proxy? (OK, this tuple is more
or less equivalent with only {remote address} if we talk about a web
proxy.) Just curious.
Regards,
András
Current thread:
- TCP time_wait and port exhaustion for servers Ray Soucy (Dec 05)
- Re: TCP time_wait and port exhaustion for servers JÁKÓ András (Dec 05)
- Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 05)
- Re: TCP time_wait and port exhaustion for servers joel jaeggli (Dec 05)
- Re: TCP time_wait and port exhaustion for servers William Herrin (Dec 05)
- Re: TCP time_wait and port exhaustion for servers Owen DeLong (Dec 05)
- Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 05)
- Re: TCP time_wait and port exhaustion for servers William Herrin (Dec 05)
- Re: TCP time_wait and port exhaustion for servers Mark Andrews (Dec 05)
- Re: TCP time_wait and port exhaustion for servers William Herrin (Dec 05)
- Re: TCP time_wait and port exhaustion for servers Mark Andrews (Dec 05)
- Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 06)
- Re: TCP time_wait and port exhaustion for servers Ray Soucy (Dec 05)
- Re: TCP time_wait and port exhaustion for servers JÁKÓ András (Dec 05)