[e2e] TCP improved closing strategies?
Joe Touch
touch at ISI.EDU
Mon Aug 24 17:45:09 PDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
William Allen Simpson wrote:
> Joe Touch wrote:
>> William Allen Simpson wrote:
>> ...
>>> With several hundred thousand clients per minute using 65,000 ports.
>>
>> The TCP state is supposed to be per socket pair (src/dst IP, src/dst
>> port). So unless you're running those clients behind a single NAT - or
>> keep track of only part of the state, this isn't an issue of port reuse.
>> The issue is more likely consumption of kernel space.
>>
> I've confirmed with Vixie. Here's my interpretation of his shorthand.
>
> The point of view of a busy recursive nameserver:
>
> 1) fin-wait-2 locks up the <ouraddress,ourport,theiraddress,theirport>
> tuple for 2*MSL.
TIME-WAIT has the 2*MSL delay.
FIN-WAIT-2 is supposed to clear after the FIN is sent, and then the
other side's FIN is received and an ACK is sent back.
> 2) ouraddress and ourport are both fixed.
>
> 3) fixed theiraddress, from our POV.
What does "fixed" mean? Presumably there is more than one DNS client, or
is that not the case?
> 4) they've discarded state for theirport, usually this is due to NAT.
Well, this is a huge bug with NATs. When a connection through them is
closed, they shouldn't be reusing the source port for new connections
for 2*MSL. The question is whether this is causing a problem for you,
though.
> The solution requires an improved closing strategy, where the onus is
> entirely on the session initiator.
The onus to do what?
Joe
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkqTNBUACgkQE5f5cImnZrvdCQCgvmphAjTRlor0wmPND6n1mXUc
J9UAniBnDAgiH3aOIOYvH8BFi7U0JGUE
=LAkL
-----END PGP SIGNATURE-----
More information about the end2end-interest
mailing list