How do high traffic sites service more than 65535 TCP connections?
Solution 1
You misunderstand port numbers: a server listens only on one port and can have large numbers of open sockets from clients connecting to that one port.
On the TCP level the tuple (source ip, source port, destination ip, destination port) must be unique for each simultaneous connection. That means a single client cannot open more than 65535 simultaneous connections to a single server. But a server can (theoretically) serve 65535 simultaneous connections per client.
So in practice the server is only limited by how much CPU power, memory etc. it has to serve requests, not by the number of TCP connections to the server.
Solution 2
You are mistaken - the socket's uniqueness is determined by five factors:
- the local IP address
- the local port number
- the remote IP address
- the remote port number
- the transfer protocol (TCP/UDP)
When offering network services, 1. and 2. typically are static (e.g. IP 10.0.0.1, port 80) but unless you are expecting thousands of connections from a single client (or a single NAT gateway), you are not going to push the boundaries for the possible combinations of 3. and 4. before you run out of local resources.
So although practically a client will not use a port already in use for a connection to open a connection to a different destination IP address, port number depletion is going to be the least of your problems for nearly any application - be it on the server or client side.
The problem is a very real one with NAT gateways (routers) serving clients with a high number of open outbound connections (e.g. torrents) - there you will see port number depletion after the port pool available for NAT has been emptied. In this case the NAT gateway is unable to create any additional associations, thus effectively cutting clients off the internet.
Solution 3
The question was how to handle large (>64k) connection counts. The two most common methods are:
Adding more servers, which increases the number of src/dst addresses and port number tuples. There are multiple ways to share load across multiple servers; DNS round robin is one; there are others
Deploy "carrier-grade NAT" (which a friend derisively and correctly in my view refers to as "crummier-grade NAT"). This is essentially a NAT of a NAT. This has very bad implications for applications, but it's what some large providers do when they run out of IPv4 space and/or port numbers, and/or they don't want to move to IPv6.
Related videos on Youtube
user10670371
Updated on September 18, 2022Comments
-
user10670371 over 1 year
As I understand it,
file.getAbsolutePath()
gets the full path for a file. I thoughtfile.getAbsoluteFile()
would just get the file name, and not the path, but that didn't work. Basically I want to display the files and directories in aJTree
, but for obvious reasons, I don't want the path. Just the name. How can I get this done?-
Hovercraft Full Of Eels over 5 yearsCheck the answer by Duncan Jones in this duplicate
-
Hovercraft Full Of Eels over 5 yearsAlso please use a basic Google search strategy of this site (please check link) before asking a likely duplicate question.
-
Andy Turner over 5 years@HovercraftFullOfEels (and/or read the Javadoc of the class you're using)
-
Hovercraft Full Of Eels over 5 years@AndyTurner: indeed! :)
-
-
Bryan Mills over 10 yearsI wonder how carrier grade NAT will affect this
-
MDMarra over 10 yearsIf you read more than the title, you'll see that this question is about port exhaustion and the OP was mistaken about how it works. How exactly does this answer add anything new of value to that?
-
MDMarra over 10 yearsExcellent job of cutting off the question mid-sentence. The rest of that sentence says:
(more than the max port number)
. -
user8162 over 10 yearsPerhaps you missed the part where I stipulated the OP doesn't understand socket mechanics. I'm of the opinion that how to exceed 64k ports is a valid topic for discussion; I'm sorry if you disagree, but that WAS the question and that WAS what I provided a couple of answers for. You asked how this was responsive; that's how.
-
MDMarra over 10 yearsI think we're going to have to agree to disagree here. Especially considering the OP gave the accepted answer to Dennis who sets him straight about how tuples work :) I'm not saying that your information is incorrect, just that it doesn't answer the intent of the OP's question.
-
user8162 over 10 yearsThat's half the question. The bigger-picture question -- as supported by the OP's final sentence -- is how to break the 64k barrier.
-
kasperd about 10 years@TheLQ Without CGN each client cannot open more than 65535 connections to the same server, no client should need nearly that many connections to the same server. With CGN each CGN cannot open more than 65535 connections to the same server, those would have to be shared among all of the clients using that CGN. Whether the CGN can simultaneously open 65535 connections to one server and 65535 connections to another server is an implementation detail, which can vary between different CGN implementations.
-
kasperd about 10 yearsThe limit can be increased by adding more IP addresses to the CGN or by deploying more CGNs. But you can also just deploy dual stack. Then connections to servers with IPv6 support won't go through the CGN, so they won't be consuming precious port numbers.
-
Anthony over 7 years@user8162 I agree with you. It's ridiculous to downvote an answer that attempts to explain the other half of the question. The fundamental misunderstanding happened on multiple levels, all of which deserve an explanation.
-
thewebjackal about 4 years@Dennis Kaarsemaker, can you also please have a look at this question? serverfault.com/questions/1005157/…
-
thewebjackal about 4 yearscan you also please have a look at this question? serverfault.com/questions/1005157/…
-
Dannyboy over 2 yearsLImit is 65535 connections per ip address. You can easily add more virtual network interfaces/ virtual ips to the same physical network interface and have 1mln+ connections or more on same server.
-
YoavKlein over 2 years@DennisKaarsemaker, So the server can serve virtually endless clients using the same port. Can a client talk to virtually endless servers (different) using the same port also?