Counting Concurrent Connections on Linux

Concurrent connections are the number of authenticated "handshakes" between a client and/or server during any given time before all communications have been disconnected whether by force or by refusal.

In practice, the number of TCP connections is currently limited only by Operating System implementation, and Computer Hardware capabilities.

The TCP standard sets up unique connection identifiers as the tuple of local IP address, local TCP port number, remote IP address, and remote TCP port number. For example, the local numbers are both fixed, which leaves approximately 2^32 remote IP (version 4) addresses, and 2^16 TCP port numbers, or an approximate total potential simultaneous TCP connections of 281,474,976,710,656 (2^48, or 2.81 * 10^14, or 281 trillion).

The system will most likely run out of RAM for the TCP state data structures, or the buffer RAM for the data being moved before that limit is hit.

In practice, it depends on:

- type of hardware (processing power & RAM),
- how the operating system processes connections, i.e. what's the overhead in operating system data structures (e.g. for UNIX, file descriptors, mbufs, TCP connection state structures) and processing to keep track of and move data through TCP connections; and whatever the RAM/processing requirements are of your actual network application.

Here's an easy way to count NEW connections on a Linux server.

Kernel modules and packages you are going to need:

ip_conntrack - iptables kernel module loaded or compiled in to the kernel

Load the kernel module and execute:

[root@server1 ~] modprobe ip_conntrack
[root@server1 ~] conntrack -E -e NEW | pv -l -i 1 -r > /dev/null

Here's a breakdown of the above command line:

conntrack -E -e NEW – display a real-time event log with event-mask ‘NEW’
pv -l -i 1 -r - pv is a pipe viewer -l turns the line mode for counting lines instead of bytes, waits 1 second between updates (-i 1) and -r turns the rate counter on

No comments:

Post a Comment