TIME_WAIT Accumulation and Port Exhaustion
客户端实现连接的唯一性
HTTP The Definitive Guide
4.2.7 TIME_WAIT Accumulation and Port Exhaustion
TIME_WAIT port exhaustion is a serious performance problem that affects performance
benchmarking but is relatively uncommon is real deployments. It warrants special attention because
most people involved in performance benchmarking eventually run into this problem and get
unexpectedly poor performance.
When a TCP endpoint closes a TCP connection, it maintains in memory a small control block
recording the IP addresses and port numbers of the recently closed connection. This information is
maintained for a short time, typically around twice the estimated maximum segment lifetime (called
"2MSL"; often two minutes
[8]
), to make sure a new TCP connection with the same addresses and port
numbers is not created during this time. This prevents any stray duplicate packets from the previous
connection from accidentally being injected into a new connection that has the same addresses and
port numbers. In practice, this algorithm prevents two connections with the exact same IP addresses
and port numbers from being created, closed, and recreated within two minutes.
[8]
The 2MSL value of two minutes is historical. Long ago, when routers were much slower, it was estimated
that a duplicate copy of a packet might be able to remain queued in the Internet for up to a minute before
being destroyed. Today, the maximum segment lifetime is much smaller.
Today's higher-speed routers make it extremely unlikely that a duplicate packet will show up on a
server's doorstep minutes after a connection closes. Some operating systems set 2MSL to a smaller
value, but be careful about overriding this value. Packets do get duplicated, and TCP data will be
corrupted if a duplicate packet from a past connection gets inserted into a new stream with the same
connection values.
The 2MSL connection close delay normally is not a problem, but in benchmarking situations, it can
be. It's common that only one or a few test load-generation computers are connecting to a system
under benchmark test, which limits the number of client IP addresses that connect to the server.
Furthermore, the server typically is listening on HTTP's default TCP port, 80. These circumstances
limit the available combinations of connection values, at a time when port numbers are blocked from
reuse by TIME_WAIT.
In a pathological situation with one client and one web server, of the four values that make up a TCP
connection:
<source-IP-address, source-port, destination-IP-address,
destination-port>
three of them are fixed—only the source port is free to change:
<client-IP, source-port, server-IP, 80>
Each time the client connects to the server, it gets a new source port in order to have a unique
connection. But because a limited number of source ports are available (say, 60,000) and no
connection can be reused for 2MSL seconds (say, 120 seconds), this limits the connect rate to 60,000 /
120 = 500 transactions/sec. If you keep making optimizations, and your server doesn't get faster than about 500 transactions/sec, make sure you are not experiencing TIME_WAIT port exhaustion. You
can fix this problem by using more client load-generator machines or making sure the client and
server rotate through several virtual IP addresses to add more connection combinations.
Even if you do not suffer port exhaustion problems, be careful about having large numbers of open
connections or large numbers of control blocks allocated for connection in wait states. Some operating
systems slow down dramatically when there are numerous open connections or control blocks.
TIME_WAIT Accumulation and Port Exhaustion的更多相关文章
- tcp连接的状态变迁以及如何调整tcp连接中处于time_wait的时间
一.状态变迁图 二.time_wait状态 针对time_wait和close_wait有个简单的描述帮助理解: Due to the way TCP/IP works, connections ca ...
- ease of rerouting traffic in IP networks without readdressing every host
https://en.wikipedia.org/wiki/Network_address_translation In the face of the foreseeable global IP a ...
- Azure 负载均衡器介绍
您现在访问的是微软AZURE全球版技术文档网站,若需要访问由世纪互联运营的MICROSOFT AZURE中国区技术文档网站,请访问 https://docs.azure.cn. Azure 负载均衡器 ...
- NetScaler ‘Counters’ Grab-Bag!
NetScaler ‘Counters’ Grab-Bag! https://www.citrix.com/blogs/author/andrewre/ https://www.citrix.com/ ...
- HTTP学习笔记(一)报文和连接管理
对TCP/IP协议簇有些了解的同学们应该都知道.TCP/IP协议通过精简ISO网络7层协议(事实上了解历史渊源的话,TCP/IP协议本来目的并非简化ISO的7层协议.仅仅是因为ISO协议簇制定速度慢于 ...
- 从Linux源码看Socket(TCP)Client端的Connect
从Linux源码看Socket(TCP)Client端的Connect 前言 笔者一直觉得如果能知道从应用到框架再到操作系统的每一处代码,是一件Exciting的事情. 今天笔者就来从Linux源码的 ...
- 解Bug之路-Nginx 502 Bad Gateway
解Bug之路-Nginx 502 Bad Gateway 前言 事实证明,读过Linux内核源码确实有很大的好处,尤其在处理问题的时刻.当你看到报错的那一瞬间,就能把现象/原因/以及解决方案一股脑的在 ...
- netstat监控大量ESTABLISHED连接与Time_Wait连接问题
问题描述: 在不考虑系统负载.CPU.内存等情况下,netstat监控大量ESTABLISHED连接与Time_Wait连接. # netstat -n | awk '/^tcp/ {++y[$NF] ...
- zabbix proxy 服务器 netstat 出现大量Time_Wait连接问题
问题描述: 监控系统云网关监控几万个TCP port的存活情况, 最近发现有几个端口出现告警闪断情况,怀疑因为运行TCP检查的 zabbix proxy 服务器 tcp参数配置不合理. netstat ...
随机推荐
- 思科ACL不连续通配符掩码的计算
access-list 120 permit ip 10.0.0.0 0.0.0.191 any 这条ACL看似简单,却又复杂,因为正常我们见到的通配符掩码都是诸如0.0.0.255(255. ...
- 利用GitHub Pages和Hexo搭建个人博客
本文首发地址: 非生异也 本项目源码托管在GitHub上 Why 阮一峰曾经说过:喜欢写Blog的人,会经历3个阶段. 第一阶段,刚接触Blog,觉得很新鲜,试着选择一个免费空间来写. 第二阶段,发现 ...
- c# 程序调试出现“未在本地计算机上注册“Microsoft.Jet.OLEDB.4.0”提供程序。”
简单的程序代码如下:DataSet ds=new DataSet();try{ string strCon = @"Provider=Microsoft.Jet.OLEDB.4.0;Data ...
- 终极方法,pjsip发起多方对讲出错Too many objects of the specified type (PJ_ETOOMANY)
http://blog.csdn.net/zhangjm_123/article/details/26727221 —————————————————————————————————————————— ...
- 性能加速 - 开启opcache
说明 PHP 5.5+版本以上的,可以使用PHP自带的opcache开启性能加速(默认是关闭的).对于PHP 5.5以下版本的,需要使用APC加速,这里不说明,可以自行上网搜索PHP APC加速的方法 ...
- C++ 类的深拷贝和浅拷贝完美解决
//类的深拷贝和浅拷贝 #define _CRT_SECURE_NO_WARNINGS #include<iostream> using namespace std; class Poin ...
- (转自)视频流中的DTS/PTS到底是什么;
翻译了一下: Q:hi,这可能是一个弱智问题,但是当我使用bbMEG1.24beta17编码时,一直以来总是遇到这个下溢的问题.我从日志文件中得到的唯一启示就是我应该更改mux率...但是帮助文档却 ...
- 【BZOJ】1653: [Usaco2006 Feb]Backward Digit Sums(暴力)
http://www.lydsy.com/JudgeOnline/problem.php?id=1653 看了题解才会的..T_T 我们直接枚举每一种情况(这里用next_permutation,全排 ...
- CSS伪类选择器 - nth-child(an+b):
CSS伪类选择器 - nth-child(an+b): 第一种:简单数字序号写法:nth-child(number)直接匹配第number个元素.参数number必须为大于0的整数.li:nth-ch ...
- ssh证书登录(实例详解)
前言 本文基于实际Linux管理工作,实例讲解工作中使用ssh证书登录的实际流程,讲解ssh证书登录的配置原理,基于配置原理,解决实际工作中,windows下使用SecureCRT证书登录的各种问 ...