

What is the theoretical maximum number of open TCP connections? (2010) - georgecmu
http://stackoverflow.com/q/2332741/1257977

======
susi22
"The Secret To 10 Million Concurrent Connections -The Kernel Is The Problem,
Not The Solution":

[http://highscalability.com/blog/2013/5/13/the-secret-
to-10-m...](http://highscalability.com/blog/2013/5/13/the-secret-
to-10-million-concurrent-connections-the-kernel-i.html)

[https://news.ycombinator.com/item?id=5711232](https://news.ycombinator.com/item?id=5711232)

~~~
bch
> [http://highscalability.com/blog/2013/5/13/the-secret-
> to-10-m...](http://highscalability.com/blog/2013/5/13/the-secret-
> to-10-million-concurrent-connections-the-kernel-i.html)

Really interesting read. Some of the notions espoused in this link really seem
to make a case for microkernels.

------
donado
This guy has some nice posts of scaling a single node.js server up to 1m
connections:

[http://blog.caustik.com/2012/08/19/node-js-w1m-concurrent-
co...](http://blog.caustik.com/2012/08/19/node-js-w1m-concurrent-connections/)

[http://blog.caustik.com/2012/04/10/node-
js-w250k-concurrent-...](http://blog.caustik.com/2012/04/10/node-
js-w250k-concurrent-connections/)

[http://blog.caustik.com/2012/04/08/scaling-node-js-
to-100k-c...](http://blog.caustik.com/2012/04/08/scaling-node-js-
to-100k-concurrent-connections/)

[http://blog.caustik.com/2012/04/06/node-js-scalability-
testi...](http://blog.caustik.com/2012/04/06/node-js-scalability-testing-with-
ec2/)

------
chrisdew
That's odd - a question I asked in 2010 has now made it to the front page.

~~~
finnw
But you already got the "Famous Question" badge for it a year ago:
[http://stackoverflow.com/help/badges/28/famous-
question?user...](http://stackoverflow.com/help/badges/28/famous-
question?userid=129805)

------
tedunangst
On the ipv4 Internet? 2^96. (32 bit src and dest addrs, 16 bit src and dest
ports)

~~~
sjg007
Can't you have multiple connections to the same host?

~~~
a-priori
Yes, but only to separate ports. A connection in TCP is uniquely identified by
a tuple of {source IP, source port, destination IP, destination port}. Usually
the source port is automatically assigned by the source system, and it picks
an unused one.

------
known
[http://www.kegel.com/c10k.html](http://www.kegel.com/c10k.html)

------
rdtsc
Also relevant: "1 million is so 2011" from WhatsApp's blog

[http://blog.whatsapp.com/index.php/2012/01/1-million-is-
so-2...](http://blog.whatsapp.com/index.php/2012/01/1-million-is-so-2011/)

------
pilom
Just be sure to turn off iptables because that doesn't support more than ~64K
connections.

~~~
chrisdew
Could you post a link to that info? I hadn't come across that limitation
before.

~~~
pilom
I'm looking for a link, but in the meantime, I was working on a product where
we had to map every connection between 2 routers to a new connection between 2
boxes (imagine having 2 boxes MITMing 2 routers and remapping every TCP
session internally so you could change the traffic transparently to the
recipient).

We needed to prove we could handle 100k TCP sessions and it would fail at ~64k
sessions when iptables was running on either box (even with an "allow all"
rule). Otherwise our hardware would fall over around the default File
Descriptor limit.

~~~
ismarc
You should have a look to see how much memory the connection tracking table is
actually taking up. IPTables stores a lot of its information in kernel space,
but modifications are copied to user space, updated, then written back. As an
example, for large project X with >100,000 users connecting through a linux-
based gateway device, using a single firewall rule to allow access for each
device grew larger than RAM available to the kernel. You can also tune the
size of the connection tracking table (and pretty much everything else
related), but 64k sessions was never a breaking point for us.

