smallvoid.com
Open in
urlscan Pro
94.231.107.206
Public Scan
Submitted URL: https://smallvoid.com/article/winnt-tcpip-max-limit.html
Effective URL: http://smallvoid.com/article/winnt-tcpip-max-limit.html
Submission: On June 06 via manual from US — Scanned from DK
Effective URL: http://smallvoid.com/article/winnt-tcpip-max-limit.html
Submission: On June 06 via manual from US — Scanned from DK
Form analysis 2 forms found in the DOM
POST http://smallvoid.com/wp-comments-post.php
<form action="http://smallvoid.com/wp-comments-post.php" method="post" id="commentform" class="comment-form">
<p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> Required fields are marked <span class="required">*</span></p>
<p class="comment-form-comment"><label for="comment">Comment</label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required="required"></textarea></p>
<p class="comment-form-author"><label for="author">Name <span class="required">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" required="required"></p>
<p class="comment-form-email"><label for="email">Email <span class="required">*</span></label> <input id="email" name="email" type="text" value="" size="30" maxlength="100" aria-describedby="email-notes" required="required"></p>
<p class="comment-form-url"><label for="url">Website</label> <input id="url" name="url" type="text" value="" size="30" maxlength="200"></p>
<p class="comment-form-cookies-consent"><input id="wp-comment-cookies-consent" name="wp-comment-cookies-consent" type="checkbox" value="yes"> <label for="wp-comment-cookies-consent">Save my name, email, and website in this browser for the next time
I comment.</label></p>
<p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="434" id="comment_post_ID">
<input type="hidden" name="comment_parent" id="comment_parent" value="0">
</p>
<p style="display: none;"><input type="hidden" id="akismet_comment_nonce" name="akismet_comment_nonce" value="0accbe7dfa"></p>
<p style="display: none !important;"><label>Δ<textarea name="ak_hp_textarea" cols="45" rows="8" maxlength="100"></textarea></label><input type="hidden" id="ak_js_1" name="ak_js" value="1654527138105">
<script>
document.getElementById("ak_js_1").setAttribute("value", (new Date()).getTime());
</script>
</p>
</form>GET http://smallvoid.com/
<form role="search" method="get" id="searchform" class="searchform" action="http://smallvoid.com/">
<div>
<label class="screen-reader-text" for="s">Search for:</label>
<input type="text" value="" name="s" id="s">
<input type="submit" id="searchsubmit" value="Search">
</div>
</form>Text Content
Smallvoid.com
* Home
* About
* Articles
* Links
* Forum
CONFIGURE THE MAX LIMIT FOR CONCURRENT TCP CONNECTIONS
March 6, 2004 by Snakefoot | 15 Comment
To keep the TCP/IP stack from taking all resources on the computer, there are
different parameters that control how many connections it can handle. If running
applications that are constantly opening and closing connections (P2P), or are
providing a service which many tries to connect to at the same time (Web-server
like IIS), then one can improve the performance of these applications by
changing the restriction limits.
There is a parameter that limits the maximum number of connections that TCP may
have open simultaneously.
> [HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Tcpip \Parameters]
> TcpNumConnections = 0x00fffffe (Default = 16,777,214)
>
> Note a 16 Million connection limit sounds very promising, but there are other
> parameters (See below), which keeps us from ever reaching this limit.
When a client makes a connect() call to make a connection to a server, then the
client invisible/implicit bind the socket to a local dynamic (anonymous,
ephemeral, short-lived) port number. The default range for dynamic ports in
Windows is 1024 to 5000, thus giving 3977 outbound concurrent connections for
each IP Address. It is possible to change the upper limit with this DWORD
registry key:
> [HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Tcpip \Parameters]
> MaxUserPort = 5000 (Default = 5000, Max = 65534)
>
> Note it is possible to reserve port numbers so they aren't used as dynamic
> ports in case one have a certain application that needs them. This is done by
> using the ReservedPorts (MS KB812873) setting.
>
> Note Vista changes the default range from 1024-5000 to 49152-65535, which can
> be controlled with the dynamicport setting using netsh. More Info MS KB929851.
>
> More Info The Cable Guy - Ephemeral, Reserved, and Blocked Port Behavior
> More Info MS KB196271
> More Info MS KB319502
> More Info MS KB319504
> More Info MS KB328476
> More Info MS KB836429
For each connection a TCP Control Block (TCB - Data structure using 0.5 KB
pagepool and 0.5 KB non-pagepool) is maintained. The TCBs are pre-allocated and
stored in a table, to avoid spending time on allocating/deallocating the TCBs
every time connections are created/closed. The TCB Table enables reuse/caching
of TCBs and improves memory management, but the static size limits how many
connections TCP can support simultaneously (Active + TIME_WAIT). Configure the
size of the TCB Table with this DWORD registry key:
> [HKEY_LOCAL_MACHINE \System \CurrentControlSet \Services \Tcpip \Parameters]
> MaxFreeTcbs = 2000 (Default = RAM dependent, but usual Pro = 1000, Srv=2000)
To make lookups in the TCB table faster a hash table has been made, which is
optimized for finding a certain active connection. If the hash table is too
small compared to the total amount of active connections, then extra CPU time is
required to find a connection. Configure the size of the hash table with this
DWORD registry key (Is allocated from pagepool memory):
> [HKEY_LOCAL_MACHINE \System \CurrentControlSet \services \Tcpip \Parameters]
> MaxHashTableSize = 512 (Default = 512, Range = 64-65536)
>
> Note Microsoft recommends for a multiprocessor environment, that the value
> should not be higher than the maximum amount of concurrent connections
> (MaxFreeTcbs), also if multiprocessor then it might be interesting to look at
> the registry-key NumTcbTablePartitions (Recommended value CPU-count multiplied
> by 4).
>
> More Info MS KB151418
> More Info MS KB224585
If having allocated a 1000 TCBs then it doesn't mean that one will be able to
have a 1000 active connections. Especially if the application is quickly opening
and closing connections, because after a connection is "closed" it enters the
state TIME_WAIT, and will continue to occupy the port number for 4 minutes
(2*Maximum Segment Live, MSL) before it is actually removed. This behavior is
specified in RFC 793, and prevents attempts to reconnect to the same party,
before the old socket is recognized as closed at both sides. It is possible to
change how long a socket should be in TIME_WAIT state before it can be re-used
freely:
> [HKEY_LOCAL_MACHINE \System \CurrentControlSet \services \Tcpip \Parameters]
> TcpTimedWaitDelay = 120 (Default = 240 secs, Range = 30-300)
>
> More Info MS KB137984
> More Info MS KB149532
> More Info MS KB832954
>
> Note with Win2k the reuse of sockets have been changed, so when reaching the
> limit of more than 1000 connections in TIME-WAIT state, then it starts to mark
> sockets that have been in TIME_WAIT state for more than 60 secs as free. It is
> possible to configure this limit:
>
> [HKEY_LOCAL_MACHINE \System \CurrentControlSet \services \Tcpip \Parameters]
> MaxFreeTWTcbs = 1000 (Default = 1000 sockets)
>
> Note with Win2k3 SP1 the reuse of sockets have been changed, so when it has to
> re-use sockets in TIME_WAIT state, then it checks whether the other party is
> different from the old socket. Eliminating the need to fiddle with
> (TcpTimedWaitDelay) and (MaxFreeTWTcbs) any more.
If using an application protocol that doesn't implement timeout checking, but
relies on the TCPIP timeout checking without specifying how often it should be
done, then it is possible to get connections that "never" closes, if the remote
host disconnects without closing the connection properly. The TCPIP timeout
checking is by default done every 2 hour, by sending a keep alive packet. It is
possible to change how often TCPIP should check the connections (Affects all
TCPIP connections):
> [HKEY_LOCAL_MACHINE \System \CurrentControlSet \services \Tcpip \Parameters]
> KeepAliveTime = 1800000 (Default = 7,200,000 milisecs)
>
> More Info MS KB140325
When data is sent/received the data is copied back and forth to non-paged pool
memory for buffering. If there are many connections receiving/sending data, then
it is possible to exhaust the non-paged pool memory. The max size of the
non-paged pool buffer allocated for each connection is controlled by
MaxBufferredReceiveBytes or TCPIP Receive Window depending on which is smallest.
More Info MS KB296265
Note if using the Professional/Home edition of Windows then it is very likely
that it is crippled (By Microsoft) not to handle many concurrent TCP
connections. Ex. Microsoft have officially stated that the backlog limit is 5
(200 when Server), so the Professional edition is not able to accept() more than
5 new connections concurrently. More Info MS KB127144
Note even if having optimized Windows to handle many concurrent connections,
then connections might still be refused when reaching a certain limit, in case a
NAT-Router/Firewall is placed infront of it, which is unable to handle so many
concurrent connections.
Note if having activated SYN-Attack-Protection (Enabled by default in Win2k3
SP1) or installed WinXP SP2, a limit is introduced on how many connection
attempts (half-open) one can make simultaneously (XP SP2 & Vista = 10; Vista SP2
= no limit). This will keep worms like blaster and sasser from spreading too
fast, but it will also limit other applications that creates many new
connections simultaneously (Like P2P).
> EventID 4226: TCP/IP has reached the security limit imposed on the number of
> concurrent TCP connect attempts
>
> More Info www.LvlLord.de
>
> Windows Vista SP2 removes the limit again, but it can be enabled with the
> following DWORD registry setting:
>
> [HKEY_LOCAL_MACHINE \SYSTEM \CurrentControlSet \Services \Tcpip \Parameters]
> EnableConnectionRateLimiting = 1
>
> More Info MS KB969710
Related No more than 10 connections to a remote computer
TAGS:
* crippled, ephemeral, tcpip
CATEGORY:
* Network,
* Network,
* Network,
* Network
COMMENTS:
1. twl says:
7 March 2009 at 1:32
Quite some article there. Hell you lost me couple times on definitions, but
considering I did understand the point of article and use of it this is
very god information to have.
As it seems ever since tcpip limitations the boxes has been suffering huge
lags in connecting/ons while now it seems that these methods compined and
bottom level (auto detections) disabled windows actually could work as some
sort of decent server.
Reply
2. Talgat-_- says:
5 January 2010 at 17:00
hi guys! im from kz... my provider is megaline.kz i have problems with my
connection speed also high ping in online games! I tried to call to
operator but in my town cant help me! speed is very low until morning to
evening. but sometimes in the night speed goes up.. i think that they
connect to one internet port many peoples because of this speed is low :(
how can i protect my connection or my port? plz help me! sorry for my
english... imho i can explain my situation write to my mailbox
taxa_91_virtual@inbox.ru thx
Reply
3. James Watt says:
27 February 2010 at 4:51
I know this information is a bit dated, but I have to give you credit for
such an in depth analysis of the Windows TCP/IP stack. Any changes with
Windows 7? Also, do 64bit Windows operating systems have different values?
Thanks.
Reply
4. Snakefoot says:
2 March 2010 at 0:32
> James Watt wrote:
> Any changes with Windows 7? Also, do 64bit Windows operating systems have
> different values? Thanks.
Vista/Win7 introduces the Next Generation TCP/IP stack, that requires less
fine tuning. Registry settings like TcpWindowSize, MaxFreeTcbs,
MaxHashTableSize, NumTcbTablePartitions are now ignored. But for outbound
connections there are still "only" 65534 port numbers available.
More Info Performance Tuning Guidelines for Windows Server 2008
More Info TCP/IP Registry Values for Vista and Win2k8
Reply
5. Emrah says:
2 August 2010 at 17:52
Hi,
My company hasgot a 50 terminal server licence but only 5 clients log on at
the same time. I check the terminal server
configuration->RDP-TCP->properties->network adapter->Maximum connections is
5 I can't change it. Could you please help me?
Reply
6. Yehuda says:
26 May 2011 at 18:27
Very nicely written
ill try to apply it on my production servers
Thanks
i
Reply
7. Tasneem says:
30 May 2012 at 10:49
Brilliant information. Thinking of making these changes on our servers for
our clients. Thank You!
Reply
8. SUNDAR says:
13 September 2013 at 8:51
Hi,
My company hasgot a 50 terminal server licence but only 10 clients log on
at the same time. I check the terminal server
configuration->RDP-TCP->properties->network adapter->Maximum connections is
10 I can’t change it. Could you please help me
Reply
9. AndrewK says:
7 November 2013 at 4:07
Hi,
Very nicely written article! Recently, all our computers were upgraded to
Windows 7. One particular application that runs makes multiple tcp
connections to a another application when the connection is made! Then
application has to be closed and opened again and sometimes it still makes
more than one connection. Any suggestion?
Reply
10. Duder says:
21 January 2014 at 18:59
This article is totally useless and doesn't give any good info on what most
people are trying to figure out: the max limit of connections from other
computers. All these numbers in the thousands are irrelevant. Windows XP
limits it to 10, and Win7 to 20, and it seems some people don't like to
admit they don't know how to do anything about it, or they confuse it with
the half-open connection garbage.
Reply
* Lame says:
18 May 2015 at 4:36
Duder you moron, you are replying to an article that was written 10 years
ago, obviously its outdated and you're mentioning about Win7?
And I'm also a moron for replying to your comment a year after.
But I just had to.
* Oly says:
11 February 2019 at 16:37
Duder obviously knows nothing about Windows or TCP. This article is still
as relevant and useful as it ever was.
11. ho909 says:
4 December 2015 at 1:25
MaxFreeTWTcbs = 1000 - ????
MaxFreeTWTcbs = 65000 !
Reply
12. Paul says:
28 February 2016 at 16:22
Hello- I am really desperate as we built a chat application that uses
websocket and stomp protocol, after about 1500 connections, users cannot
connect anymore.
I believe it has to do with some limit set to the number of concurrent open
to connections by the OS, but I am not sure how to increase this limit or
to determine if this really is the cause.
We are running our application on Windows 2008 server, the app is written
in Java and hosted in Tomcat.
Any help would be very much appreciated.
Thanks in advance
Reply
* Snakefoot says:
5 March 2016 at 10:56
TomCat/Apache can work in two modes. BIO - One thread per connection. NIO
- multiple connections for each thread.
Setup your connector in server.xml to use NIO. Http11Nio2Protocol (Tomcat
8+) or Http11NioProtocol (Tomcat 6+) and configure maxConnections.
For a chat-application consider to use small connector-buffers
(socket.appWriteBufSize="1024" and socket.appReadBufSize="1024") to lower
footprint for each chat-connection.
LEAVE A REPLY CANCEL REPLY
Your email address will not be published. Required fields are marked *
Comment
Name *
Email *
Website
Save my name, email, and website in this browser for the next time I comment.
Δ
Search for:
RELATED POSTS
* Improve latency for TCP by not waiting for Push flag
* Configure host name resolution order in Windows NT
* Description of host name resolution order
* Configure the priority of protocols bound to the network
* Diagnose performance issues with network hardware
RECENT POSTS
* Disable IPv6 imaginary tunnel network interfaces
* Encrypted backup to OneDrive or DropBox
* Description of soft and hard page faults
* Windows 10 Upgrade with black screen
* Wordpress 4.2 Upgrade
META
* Log in
* Entries feed
* Comments feed