[e2e] TCP improved closing strategies?

Joe Touch touch at ISI.EDU
Mon Aug 24 17:45:09 PDT 2009

Hash: SHA1

William Allen Simpson wrote:
> Joe Touch wrote:
>> William Allen Simpson wrote:
>> ...
>>> With several hundred thousand clients per minute using 65,000 ports.
>> The TCP state is supposed to be per socket pair (src/dst IP, src/dst
>> port). So unless you're running those clients behind a single NAT - or
>> keep track of only part of the state, this isn't an issue of port reuse.
>> The issue is more likely consumption of kernel space.
> I've confirmed with Vixie.  Here's my interpretation of his shorthand.
> The point of view of a busy recursive nameserver:
> 1) fin-wait-2 locks up the <ouraddress,ourport,theiraddress,theirport>
>    tuple for 2*MSL.

TIME-WAIT has the 2*MSL delay.

FIN-WAIT-2 is supposed to clear after the FIN is sent, and then the
other side's FIN is received and an ACK is sent back.

> 2) ouraddress and ourport are both fixed.
> 3) fixed theiraddress, from our POV.

What does "fixed" mean? Presumably there is more than one DNS client, or
is that not the case?

> 4) they've discarded state for theirport, usually this is due to NAT.

Well, this is a huge bug with NATs. When a connection through them is
closed, they shouldn't be reusing the source port for new connections
for 2*MSL. The question is whether this is causing a problem for you,

> The solution requires an improved closing strategy, where the onus is
> entirely on the session initiator.

The onus to do what?

Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the end2end-interest mailing list