ArticleDirectory
- Maximum number of TCP connections per single IP Address
Maximum number of TCP connections per single IP Address Category: TCP/IP In a TCP application, the server listens on a fixed port in advance, the client initiates a connection, and establishes a TCP connection after three handshakes. What is the maximum number of concurrent TCP connections for a single machine?
Before determining the maximum number of connections, let's take a look at how the system identifies a TCP connection. The system uses a four-dimensional array to uniquely identify a TCP connection: {local IP, local port, remote IP, remote port }.
The maximum number of TCP connections of the client each time the client initiates a TCP connection request, unless it is bound to a port, the system usually selects an idle local port, which is exclusive, cannot be shared with other TCP connections. The data type of the TCP port is unsigned short. Therefore, the maximum number of local ports is 65536. Port 0 indicates all ports and cannot be used. In this way, the maximum number of available ports is 65535, as a client, the maximum number of TCP connections is 65535. These connections can be connected to different Server IP addresses. Simply put, a single IP address can be used as a client to connect only 65535 services at the same time (one connection for each service)
The maximum number of TCP connections of the server. The server usually listens on a local port and waits for the connection request from the client. Without considering address reuse (the Unix so_reuseaddr option), the local listening port is exclusive even if the server has multiple IP addresses, therefore, only the remote IP (Client IP) and remote port (client port) in the layer-4 array of TCP connections on the server are variable, therefore, the maximum number of TCP connections is the Client IP address count × the number of client ports. for IPv4 addresses, the maximum number of TCP connections is about 32 to the power of 2 regardless of IP address classification) the 16-power (port number) of 2, that is, the maximum number of TCP connections on the server side is about 48 to the power of 2. Simply put, a single IP Address can provide external services as a server, allowing two 48-power connections at the same time (each client uses all ports for connection)
The actual number of TCP connections is the theoretical maximum number of connections on a single machine. In the actual environment, it is limited by machine resources, operating systems, and so on, especially on the sever side, the maximum number of concurrent TCP Connections cannot reach the theoretical upper limit. In Unix/Linux, the main factor limiting the number of connections is the memory and the number of allowed file descriptors (each TCP connection occupies a certain amount of memory, and each socket is a file descriptor ), in addition, ports lower than 1024 are usually reserved ports. On the server side, by adding memory, modifying the maximum number of file descriptors, and other parameters, the maximum number of concurrent TCP connections on a single machine exceeds 0.1 million, foreign Urban airship companies have achieved 0.5 million concurrency in the product environment. In practical applications, c10k issues need to be considered for large-scale network applications.
Default Value of conntrack_max ------------------------------
In the i386 architecture, conntrack_max = ramsize (in bytes)/16384 = ramsize (in megabytes) * 64. Therefore, A 32-bit PC with 512 MB memory can handle 1024*2/16384 ^ 512 = 32768*64 = concurrent netfilter connections by default.
But the real formula is: conntrack_max = ramsize (in bytes)/16384/(x/32). Here, X is the number of bits of pointers (for example, 32 or 64bit)
Note:-The default value of conntrack_max is not lower than 128-for systems with more than 1 GB of memory, the default value of conntrack_max is limited to 65536 (but can be manually set to a greater value)
Default Value of hashsize -------------------------
Generally, conntrack_max = hashsize * 8. This means that the list of each link contains an average of 8 conntrack entries (when the optimization condition and conntrack_max reach). The list of each link is a Hasse table entry (one bucket ).
In the i386 architecture, hashsize = conntrack_max/8 = ramsize (in bytes)/131072 = ramsize (in megabytes) x 8. For example, a 32-bit PC with 512 MB memory can store 1024*2/128 ^ 1024/512 = 4096*8 = buckets (chain tables)
But the real formula is: hashsize = conntrack_max/8 = ramsize (recorded in bytes)/131072/(x/32) where X is the number of bits of pointers (for example, 32 or 64bit)
Note:-The default hashsize value is no less than 16-for systems with over 1 GB memory, the default hashsize value is limited to 8192 (but can be set to a larger value manually)
After learning about the above situation, you can easily understand the problem of Server Load balancer and concurrent connections. The most important problem here is to clarify the client and server, because the client is limited by the number of ports and the number of connections is only more than 60 thousand, and when it is used as the server, it is limited by the system hardware configuration (of course, software configuration is also very important)
Let's assume a classic model:
Client Side server side client -----> Load balancer ------> RealServer pool.
In addition, we assume that the NAT mode is used for load balancing. In this mode: * 1. the server Load balancer only leaves the client with one public IP address (VIP). * 2. all requests sent from the client are intercepted by the Server Load balancer and then scheduled Algorithm Forward to a server in the RealServer pool. * 3. these realservers are in a private network and are invisible to the outside world. * 4. when the Server Load balancer forwards requests to the Real Server (RealServer), it performs Nat at the same time. The connections seen by the Real Server are all from the Server Load balancer (with the real server in a private network IP address ). Client Side (client-> Load balancer) is uniquely identified by sourceip: souceport-> desip: desport, so for us, the number of connections supported is limited by the memory size of the Server Load balancer (the number of connections can be more than 65000). In this case, the Server Load balancer serves as the server. See section "Maximum TCP connections of server. because both desip and desport are known and unique (for example, IP: 80) server side (Load balancer-> RealServer) connections are the opposite, each connection is identified by the Server Load balancer IP (MIP: mapped IP) and a random port. That is:
MIP: randomport-> realserverip: 80
In this case, the Server Load balancer acts as a client and its port is limited by the maximum number of TCP/IP Ports 64 K (65536). Therefore, you can only create a server connection (server connnections) of up to 64 K ).
The bottleneck is likely to occur on the server connection of the Server Load balancer. In this case, how do Server Load balancer manufacturers solve this problem? 1. NetScaler: first, let's look at the NetScaler solution. The NetScaler solution is simple. by increasing the number of MIP, the maximum number of server connections will become: maxserverconnections = 65536 * MIP count 2 and F5 actually use the same method, but F5 first creates a source-Nat pool and then adds multiple IP addresses to the SNAT pool. The maximum number of connections obtained is exactly the same as that obtained by NetScaler: SA: sP-> da: DP 10.1.1.1: 1024-> 10.1.1.100: 80 10.1.1.2: 1024-> 10.1.1.100: 80 10.1.1.1 and 10.1.1.2 are both in an SNAT pool.
The above are all theoretical computing values. The maximum number of connections in the real environment is also limited by various factors: * 1. Each connection consumes certain resources, such as CPU and mem. Therefore, the actual value is often difficult to reach the theoretical value. * 2. the maximum number of connections that can be reached varies depending on the Protocol. For example, the creation and closure of HTTP/1.0 connections are fast, in addition, the browser limits the number of concurrent connections, so it is difficult to reach the maximum theoretical value. HTTP/1.1 supports streamline technology. Multiple requests can reuse one connection, which greatly reduces the number of concurrent connections. FTP or Telnet connections are persistent connections, which can easily reach the maximum value. * 3. Many devices (such as NetScaler) support connection pools (connection multiplexing) on the server side. The connections in NetScaler are persistent connections, which also implement the streamline Technology in HTTP/1.1, one connection can process multiple client connections. This not only reduces connection resources, but also reduces other resource overhead of the Server Load balancer and Intranet bandwidth. * 4. Some devices (such as NetScaler's TCP-OFFLOAD) support TCP uninstallation. They only send established connections to the server, and TCP's three-way handshake completely takes over the Load balancer, server connections are multiplied.
Single-host maximum TCP connections http://wanshi.iteye.com/blog/1256282
What is the maximum number of connections a single IP can establish? http://hi.baidu.com/hawk418/blog/item/8377b86e8fe7b3c081cb4a84.html