[Standards] s2s and gracelessly broken streams

Tony Finch dot at dotat.at
Wed Apr 4 13:28:20 CDT 2007


On Wed, 4 Apr 2007, Dave Cridland wrote:
>
> [...] there's a clear theoretical limit of the number of TCP connections
> from a fixed IP address to a fixed service on a single remote IP address
> due to the only variable part of the TCP connection identifier space
> being the source port, which you'd typically get in a test environment.
> In the real world, this simply doesn't happen.

Actually, it does :-)

The specific scenario is if you have a proxy in front of your servers.
This is often done when there are multiple back ends and clients need to
connect to the correct one but can't be told how to do so. We have this
kind of setup for POP, IMAP, and SMTP; it's also common for HTTP.
Clustered XMPP servers tend to multiplex client connections into a single
inter-component connection which saves them from worries.

This setup can stress a TCP stack in interesting ways. Since the client
side of the proxy can chew through ephemeral ports very rapidly
(especially for HTTP and POP) the TIME_WAIT state becomes an important
limiter. If you use an OS with random source port allocation then the
birthday paradox can make TIME_WAIT-related connection failures much more
likely.

Tony.
-- 
f.a.n.finch  <dot at dotat.at>  http://dotat.at/
DOVER WIGHT PORTLAND PLYMOUTH BISCAY: NORTHEASTERLY 5 OR 6, OCCASIONALLY 7 IN
DOVER AT FIRST, DECREASING 3 OR 4 LATER. MODERATE, BECOMING SLIGHT. FAIR.
MAINLY GOOD.


More information about the Standards mailing list