TCP time_wait and port exhaustion for servers

JÁKÓ András jako.andras at
Wed Dec 5 16:56:06 UTC 2012


> With a 60 second timeout on TIME_WAIT, local port identifiers are tied
> up from being used for new outgoing connections (in this case a proxy
> server).  The default local port range on Linux can easily be
> adjusted; but even when bumped up to a range of 32K ports, the 60
> second timeout means you can only sustain about 500 new connections
> per second before you run out of ports.

Is that 500 new connections per second per {protocol, remote address, 
remote port} tuple, that's too few for your proxy? (OK, this tuple is more 
or less equivalent with only {remote address} if we talk about a web 
proxy.) Just curious.


More information about the NANOG mailing list