What is the cost of many TIME_WAIT on the server side?

Question

Let\'s assume there is a client that makes a lot of short-living connections to a server.

If the client closes the connection, there will be many ports in TIME

Answer 1

If you have a lot of connections from many different client IPs to the server IPs you might run into limitations of the connection tracking table.

Check:

sysctl net.ipv4.netfilter.ip_conntrack_count
sysctl net.ipv4.netfilter.ip_conntrack_max

Over all src ip/port and dest ip/port tuples you can only have net.ipv4.netfilter.ip_conntrack_max in the tracking table. If this limit is hit you will see a message in your logs "nf_conntrack: table full, dropping packet." and the server will not accept new incoming connections until there is space in the tracking table again.

This limitation might hit you long before the ephemeral ports run out.