Piszki Lab | EN

My case study in the clouds…

TCP/IP Exhaustion, a problem in your network.


Traditionally, much of the virtual environment is based on Microsoft Windows Server (as the basis for many machines, including MsSQL and vCenter). It is usually highly engaged environment, dozens of services and servers to each other non-stop “talking”. When it comes to such a large number of web servers, may be quite busy phenomenon, what is the depletion of the fields of dynamic ports on yours servers. This phenomenon is very difficult to detect unless involving persistent overload condition (the operating system itself does not indicate a problem, but reports other “problems” that are only effect). In our case, we have experienced very strange behavior of Tomcat and JBoss servers that repelled strange waves of correct motion. On the solution led us messages that served us some time Trend Micro Deep Sucurity : TCP / IP and UDP Port Limit, appearing occasionally in the course of communication between random machines.


So what is the TCP / IP Exhaustion? With a large number of calls to the Microsoft Windows (any version) can lead to exhaustion of the pool of available dynamic ports. The default is relatively small pool and a big waiting time for the release port. It is easy to check the command netstat-n, all connections to the status WAIT these are the “busy” ports. In Windows Server 2003 and 2008R2 parameter is TIME WAIT until 240 seconds. In 2008R2 expanded pool (Ephemeral Ports) from about 4K to 16K.

How and why before this “defend”? Imagine a situation in which the end ports on the machine application, the effect is such that for a moment watching machine “cut” (zero network traffic from a lack of available ports) and then after a pause, a sudden blast of queued packets causing congestion and “rolling over” applications .

The solution is simple, shorten the waiting time for the release of the port:

In HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters, add a DWORD:

TcpTimedWaitDelay with parameter 30 (decimal).

MaxUserPort with parameter 65535 (decimal)

Just one note to a range of ports, but it is necessarily necessary to check whether the software installed on the machine (eg, vCenter, Trend Micro etc etc) does not use a static one input port of the range. Without this cure can be worse than the diseaseSmile

Edit: The same settings  also apply to Microsoft Server 2012R2, good guide of tuning Windows for TCP/IP performance is there.

Was this information is helpful? Tell me, please leave a comment!


Rate this article:
[Total: 1 Average: 3]

Author: Piotr Pisz

Computer always, since I got a Commodore 64 at the end of primary school, through his beloved Amiga and Linux infinite number of consoles, until today, fully virtual day. Since 2001, Unix/Linux Systems Administrator, for seven years a faithful companion and protector of Solaris system, until his sad end. In the year 2011 came in the depths of virtualization, then smoothly ascended into the clouds and continues there today. Professionally working as Systems Architect in the Polish Security Printing Works.

Leave a Reply

Required fields are marked *.