Linux > 65535 TCP/IP connections

[n_K]

So I've been looking around the net for some info on the 65535 connecion limit with TCP/IP... Obviously a limit exists because of the number of ports that TCP has, but I remember reading that there's various hacks you can do so if you've got 12,000 connections from all different IPs then you can assign more then 1 per port and it _in theory_ works with compatibly-written software... I can't remember if that's true or not.

Anyway, chances of my server having more than 65535 connections is nil but I'm interested none-the-less, I remember seeing a choice in a firewall screenshot somewhere about allowing more than 65535 connections but it had a risk thing on it, can't remember when/where :(.

So, are there ways to get around the limit? Are these done at the kernel level or what and how would you go about doing/enabling them [any side effects to doing so?]? Does TCP/IP offload 'chimney' help with this at all? Also what's the effect with this and VMs like ESXi, does it establish each port with the IP/MAC of the VM or the IP/MAC of the actual hardware?

[dwntwn]

Port numbers are 16-bit numbers, with that in mind 65535 is the highest number which can be represented by an unsigned 16-bit number. So until port numbers can be 32-bit you're stuck at 65535 ports.

[+BudMan MVC]

I think you confusing the number of ports with the number of connections.

Sure since you can only have 65535 ports, with 1 IP then you would be limited to that many listening connections. but each connection could have multiple connection to it.

For example your http listens on ip address 1.2.3.4:80 You can clearly have more than 1 connection to this at a time, whatever random port the client used to connect to 80. So your server could have say

1.2.3.4:80 --> 2.2.2.2:12014

1.2.3.4:80 --> 3.3.3.3:4502

etc. etc.

I think the real limit would be more the file descriptors for each of these socket connections.. This is clearly a tunable number using sysctl, normally over 300,000 or something I do believe.

Now if you talking how many outgoing connections a linux client could make from 1 ip, then sure you would be limited to the source ports you had available to use. For example

your box 1.2.3.4 making connections.

1.2.3.4:1025 --> 2.2.2.2:80

1.2.3.4:1026 --> 3.3.3.3:80

etc..

Now connections are never normally kept open that long, and the source port will cycle over -- so you have a client making connections from its IP with >1024 to 65535, counting up as it makes each new connection. When it reaches 65535 it will just start over at 1024 for the next one, and then 1025 for the next, etc. So unless your wanting to maintain more than 65k concurrent open sessions I don't see where you could run into this issue. And again this would only be a limitation of the client making the connections from 1 IP, not inbound connections to services it was hosting.

Does that help?