Hi,
This is a question that has been bugging me for some time now. If I use SER and the clients connected to it use only TCP, will there be a problem with the number of sockets that can be open at the same time, if these clients are behind NAT? I mean that for NAT bindings to stay open, each client has to keep open TCP connection to SER all the time after registration. What is the maximum number of open sockets that Linux can handle at the same time?
I've changed the maximum number of open files to 65535 (ulimit -n 65535). Doesn't this also mean the maximum number of sockets? Is this the absolute maximum? Also, does this mean the maximum number of clients that can connect to my proxy?
Regards,
Teemu -- Teemu Harju http://www.teemuharju.net
On Feb 01, 2006 at 09:20, Teemu Harju teemu.harju@gmail.com wrote:
Hi,
This is a question that has been bugging me for some time now. If I use SER and the clients connected to it use only TCP, will there be a problem with the number of sockets that can be open at the same time, if these clients are behind NAT? I mean that for NAT bindings to stay open, each client has to keep open TCP connection to SER all the time after registration. What is the maximum number of open sockets that Linux can handle at the same time?
First of all if you can, use UDP. tcp is more resource demanding (CPU wasted looking for the Content-Length, CPU wasted snychronizing writes to reuse the same connection, file descriptors and kernel tcp memory wasted to keep all the connections) and more DOS-prone (it's much easier to use tcp to try to DOS your sip server). If you have to use tcp, then if you use ser 0.9.x, it cannot handle more then 1024 connections (in fact it's a little less then 1024).
I've changed the maximum number of open files to 65535 (ulimit -n 65535). Doesn't this also mean the maximum number of sockets? Is this the absolute maximum? Also, does this mean the maximum number of clients that can connect to my proxy?
No, it's not that easy :-) You would need to use ser unstable (CVS HEAD), set tcp_max_connections=65535, start ser with a lot of shared memory and/or decrease TCP_BUF_SIZE to something smaller (e.g. 10k) and recompile ser. You should also watch for /proc/sys/fs/file-max (should be >=65535). If you have lots of disconnects (clients closing connections) you might also want to enable /proc/sys/net/ipv4/tcp_tw_recycle.
I was able to open 50K connections on the same machine (and if you have lots of RAM you could go further).
Andrei P.S.: if you want to use unstable, then better wait a few weeks, I'm currently working on the tcp code
Thanks Andrei for the clear answer... I might stick with the UDP then.
It seems clear that it would be better choice to use UDP for clients. I'm just wondering, since I've understood that TCP is sort of recommenend transport for SIP, but would this only be the case in the perfect world where no NATs exists and no persistent connections would be needed?
- Teemu
2006/2/1, Andrei Pelinescu-Onciul andrei@iptel.org:
On Feb 01, 2006 at 09:20, Teemu Harju teemu.harju@gmail.com wrote:
Hi,
This is a question that has been bugging me for some time now. If I use
SER
and the clients connected to it use only TCP, will there be a problem
with
the number of sockets that can be open at the same time, if these
clients
are behind NAT? I mean that for NAT bindings to stay open, each client
has
to keep open TCP connection to SER all the time after registration. What
is
the maximum number of open sockets that Linux can handle at the same
time?
First of all if you can, use UDP. tcp is more resource demanding (CPU wasted looking for the Content-Length, CPU wasted snychronizing writes to reuse the same connection, file descriptors and kernel tcp memory wasted to keep all the connections) and more DOS-prone (it's much easier to use tcp to try to DOS your sip server). If you have to use tcp, then if you use ser 0.9.x, it cannot handle more then 1024 connections (in fact it's a little less then 1024).
I've changed the maximum number of open files to 65535 (ulimit -n
65535).
Doesn't this also mean the maximum number of sockets? Is this the
absolute
maximum? Also, does this mean the maximum number of clients that can
connect
to my proxy?
No, it's not that easy :-) You would need to use ser unstable (CVS HEAD), set tcp_max_connections=65535, start ser with a lot of shared memory and/or decrease TCP_BUF_SIZE to something smaller (e.g. 10k) and recompile ser. You should also watch for /proc/sys/fs/file-max (should be >=65535). If you have lots of disconnects (clients closing connections) you might also want to enable /proc/sys/net/ipv4/tcp_tw_recycle.
I was able to open 50K connections on the same machine (and if you have lots of RAM you could go further).
Andrei P.S.: if you want to use unstable, then better wait a few weeks, I'm currently working on the tcp code
-- Teemu Harju http://www.teemuharju.net
-
Andrei Pelinescu-Onciul -
Teemu Harju