简体繁体 English

从同一端口上的单个客户端到同一服务器的最大连接数

[英]max number of connection from single client to same server on same port

原文 2014-04-24 14:56:51 7 2 sockets/ networking/ tcp/ client-server

If I have one 'live IP address', ie an IP address on which if I run a server anybody over internet can access this server. 如果我有一个“实时IP地址”，即一个IP地址，如果我运行服务器，任何人都可以访问该服务器。

Now let say I have an army of computers under the gateway which has the 'live IP address'. 现在让我说在网关下面有一大堆具有“实时IP地址”的计算机。

Is the below true? 以下是真的吗？

If all computers under this IP address hit the same google server on the same port 80 with keep-alive header then the max number of connection can be 2^16=65536 如果此IP地址下的所有计算机在具有keep-alive标头的同一端口80上命中相同的google服务器，则最大连接数可以是2 ^ 16 = 65536

How did I conclude that number? 我是如何得出这个数字的？

TCP/IP packet is identified by (src.ip, src.port, dst.ip, dst.port) TCP / IP数据包由（src.ip，src.port，dst.ip，dst.port）标识

For our case if we look from server side than src.ip=MY LIVE IP, dst.ip=google server ip, dst.port=80 so we are left with src.port which is 16 bit. 对于我们的情况，如果我们从服务器端看，而不是src.ip = MY LIVE IP，dst.ip = google server ip，dst.port = 80，所以我们留下了16位的src.port。

If the above is true then: 如果以上是真的那么：

Max number of socket connection is also 2^16 as there can be only one socket per TCP connection. 套接字连接的最大数量也是2 ^ 16，因为每个TCP连接只能有一个套接字。 Is this true ? 这是真的？

2 个解决方案

This is true in theory, the maximum number of concurrent connections from a client, regardless is to the same server or not, is 65536. However, IPv4 address space shortage is a reality and ISPs have started implementing A+P strategies to wide the number of available addresses. 理论上说，从客户端到同一服务器的最大并发连接数是否为65536.然而，IPv4地址空间不足已成为现实，ISP已开始实施A + P策略以扩大数量可用的地址。

A+P means address plus port sharing. A + P表示地址加端口共享。 What it means is that some bits of the port number are used for addressable purposes. 这意味着端口号的某些位用于可寻址目的。 What that means in practice is that an IPv4 public address it might be shared by different customers each of them being assigned a range of ports. 在实践中，这意味着IPv4公共地址可能由不同的客户共享，每个客户都被分配了一系列端口。 That limits the number of available connections for each customer. 这限制了每个客户的可用连接数。 Your operating system may still pick a random number between 0-65565 for the source port, but at some point your private IPv4 source address and port will be natted to your assigned range of source ports before going out in the wild. 您的操作系统仍然可以在0-65565之间为源端口选择一个随机数，但在某些情况下，您的私有IPv4源地址和端口将在您外出之前被指定为您指定的源端口范围。

This is sort of an advance topic but is worth considering it. 这是一个先进的话题，但值得考虑。 RFC6346 has more information about it. RFC6346有更多关于它的信息。

Wow, what a cool and evil attack idea. 哇，多么酷又邪恶的攻击想法。 Yes, as long as the gateway you are talking about does NAT, that attack should work. 是的，只要您正在谈论的网关执行NAT，该攻击应该有效。

However, note that google.com has a large number of IP addresses that each client is going to try, so you would need to do the attack for every one of those IPs. 但请注意， google.com有每个客户端都要尝试的大量IP地址，因此您需要对每个IP进行攻击。 For example, my PC sees 16 different IPs for google.com . 例如，我的PC为google.com看到了16种不同的IP。