How do high traffic sites service more than 65535 TCP connections?

web-server http port tcp traffic-management
513

Solution 1

You misunderstand port numbers: a server listens only on one port and can have large numbers of open sockets from clients connecting to that one port.

On the TCP level the tuple (source ip, source port, destination ip, destination port) must be unique for each simultaneous connection. That means a single client cannot open more than 65535 simultaneous connections to a single server. But a server can (theoretically) serve 65535 simultaneous connections per client.

So in practice the server is only limited by how much CPU power, memory etc. it has to serve requests, not by the number of TCP connections to the server.

Solution 2

You are mistaken - the socket's uniqueness is determined by five factors:

  1. the local IP address
  2. the local port number
  3. the remote IP address
  4. the remote port number
  5. the transfer protocol (TCP/UDP)

When offering network services, 1. and 2. typically are static (e.g. IP 10.0.0.1, port 80) but unless you are expecting thousands of connections from a single client (or a single NAT gateway), you are not going to push the boundaries for the possible combinations of 3. and 4. before you run out of local resources.

So although practically a client will not use a port already in use for a connection to open a connection to a different destination IP address, port number depletion is going to be the least of your problems for nearly any application - be it on the server or client side.

The problem is a very real one with NAT gateways (routers) serving clients with a high number of open outbound connections (e.g. torrents) - there you will see port number depletion after the port pool available for NAT has been emptied. In this case the NAT gateway is unable to create any additional associations, thus effectively cutting clients off the internet.

Solution 3

The question was how to handle large (>64k) connection counts. The two most common methods are:

  • Adding more servers, which increases the number of src/dst addresses and port number tuples. There are multiple ways to share load across multiple servers; DNS round robin is one; there are others

  • Deploy "carrier-grade NAT" (which a friend derisively and correctly in my view refers to as "crummier-grade NAT"). This is essentially a NAT of a NAT. This has very bad implications for applications, but it's what some large providers do when they run out of IPv4 space and/or port numbers, and/or they don't want to move to IPv6.

Share:
513

Related videos on Youtube

user10670371
Author by

user10670371

Updated on September 18, 2022

Comments

  • user10670371
    user10670371 over 1 year

    As I understand it, file.getAbsolutePath() gets the full path for a file. I thought file.getAbsoluteFile() would just get the file name, and not the path, but that didn't work. Basically I want to display the files and directories in a JTree, but for obvious reasons, I don't want the path. Just the name. How can I get this done?

    • Hovercraft Full Of Eels
      Hovercraft Full Of Eels over 5 years
      Check the answer by Duncan Jones in this duplicate
    • Hovercraft Full Of Eels
      Hovercraft Full Of Eels over 5 years
      Also please use a basic Google search strategy of this site (please check link) before asking a likely duplicate question.
    • Andy Turner
      Andy Turner over 5 years
      @HovercraftFullOfEels (and/or read the Javadoc of the class you're using)
    • Hovercraft Full Of Eels
      Hovercraft Full Of Eels over 5 years
      @AndyTurner: indeed! :)
  • Bryan Mills
    Bryan Mills over 10 years
    I wonder how carrier grade NAT will affect this
  • MDMarra
    MDMarra over 10 years
    If you read more than the title, you'll see that this question is about port exhaustion and the OP was mistaken about how it works. How exactly does this answer add anything new of value to that?
  • MDMarra
    MDMarra over 10 years
    Excellent job of cutting off the question mid-sentence. The rest of that sentence says: (more than the max port number).
  • user8162
    user8162 over 10 years
    Perhaps you missed the part where I stipulated the OP doesn't understand socket mechanics. I'm of the opinion that how to exceed 64k ports is a valid topic for discussion; I'm sorry if you disagree, but that WAS the question and that WAS what I provided a couple of answers for. You asked how this was responsive; that's how.
  • MDMarra
    MDMarra over 10 years
    I think we're going to have to agree to disagree here. Especially considering the OP gave the accepted answer to Dennis who sets him straight about how tuples work :) I'm not saying that your information is incorrect, just that it doesn't answer the intent of the OP's question.
  • user8162
    user8162 over 10 years
    That's half the question. The bigger-picture question -- as supported by the OP's final sentence -- is how to break the 64k barrier.
  • kasperd
    kasperd about 10 years
    @TheLQ Without CGN each client cannot open more than 65535 connections to the same server, no client should need nearly that many connections to the same server. With CGN each CGN cannot open more than 65535 connections to the same server, those would have to be shared among all of the clients using that CGN. Whether the CGN can simultaneously open 65535 connections to one server and 65535 connections to another server is an implementation detail, which can vary between different CGN implementations.
  • kasperd
    kasperd about 10 years
    The limit can be increased by adding more IP addresses to the CGN or by deploying more CGNs. But you can also just deploy dual stack. Then connections to servers with IPv6 support won't go through the CGN, so they won't be consuming precious port numbers.
  • Anthony
    Anthony over 7 years
    @user8162 I agree with you. It's ridiculous to downvote an answer that attempts to explain the other half of the question. The fundamental misunderstanding happened on multiple levels, all of which deserve an explanation.
  • thewebjackal
    thewebjackal about 4 years
    @Dennis Kaarsemaker, can you also please have a look at this question? serverfault.com/questions/1005157/…
  • thewebjackal
    thewebjackal about 4 years
    can you also please have a look at this question? serverfault.com/questions/1005157/…
  • Dannyboy
    Dannyboy over 2 years
    LImit is 65535 connections per ip address. You can easily add more virtual network interfaces/ virtual ips to the same physical network interface and have 1mln+ connections or more on same server.
  • YoavKlein
    YoavKlein over 2 years
    @DennisKaarsemaker, So the server can serve virtually endless clients using the same port. Can a client talk to virtually endless servers (different) using the same port also?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

What is responsible for Connect/Send/Wait in a HTTP request?
Is it safe to serve HTTP/HTTPS over ports 8080/8443
How do multiple clients connect simultaneously to one port, say 80, on a server?
List used TCP port using C#
How does HTTP file upload work for large files?
Free web host with an open TCP port? (needed 4 websockets)
Send image over http python
golang get massive read tcp ip:port i/o timeout in ubuntu 14.04 LTS
How to start Jetty from command line with different ports for http and https
Apple Push Notifications and Port 2195