Hacker News new | past | comments | ask | show | jobs | submit login
What is the theoretical maximum number of open TCP connections? (2010) (stackoverflow.com)
46 points by georgecmu on Nov 11, 2013 | hide | past | favorite | 20 comments



"The Secret To 10 Million Concurrent Connections -The Kernel Is The Problem, Not The Solution":

http://highscalability.com/blog/2013/5/13/the-secret-to-10-m...

https://news.ycombinator.com/item?id=5711232


> http://highscalability.com/blog/2013/5/13/the-secret-to-10-m...

Really interesting read. Some of the notions espoused in this link really seem to make a case for microkernels.



That's odd - a question I asked in 2010 has now made it to the front page.


But you already got the "Famous Question" badge for it a year ago: http://stackoverflow.com/help/badges/28/famous-question?user...


The Internet is forever.


The URL indicates that the user posted it to get a stack overflow badge just like you did.

I don't think you can fault it for him if you did the same:)


On the ipv4 Internet? 2^96. (32 bit src and dest addrs, 16 bit src and dest ports)


Can't you have multiple connections to the same host?


Yes, but only to separate ports. A connection in TCP is uniquely identified by a tuple of {source IP, source port, destination IP, destination port}. Usually the source port is automatically assigned by the source system, and it picks an unused one.


Yeah, that's why I included port numbers.


That would be encoded in the multiple source ports, and multiple source IP addresses if your box has them.


The actual question title limits it to a "modern Linux box", so they aren't really asking for the "theoretical maximum".



Also relevant: "1 million is so 2011" from WhatsApp's blog

http://blog.whatsapp.com/index.php/2012/01/1-million-is-so-2...


Just be sure to turn off iptables because that doesn't support more than ~64K connections.


You probably had the maximum number of connections in ip_conntrack_max set to ~64K


Could you post a link to that info? I hadn't come across that limitation before.


I'm looking for a link, but in the meantime, I was working on a product where we had to map every connection between 2 routers to a new connection between 2 boxes (imagine having 2 boxes MITMing 2 routers and remapping every TCP session internally so you could change the traffic transparently to the recipient).

We needed to prove we could handle 100k TCP sessions and it would fail at ~64k sessions when iptables was running on either box (even with an "allow all" rule). Otherwise our hardware would fall over around the default File Descriptor limit.


You should have a look to see how much memory the connection tracking table is actually taking up. IPTables stores a lot of its information in kernel space, but modifications are copied to user space, updated, then written back. As an example, for large project X with >100,000 users connecting through a linux-based gateway device, using a single firewall rule to allow access for each device grew larger than RAM available to the kernel. You can also tune the size of the connection tracking table (and pretty much everything else related), but 64k sessions was never a breaking point for us.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: