how-to block ads
|
Nerdtalker
Working Hard, Or Hardly Working?
Premium,MVM
join:2003-02-18
Tucson, AZ
clubs:
| reply to ChrisAdan650
Re: Total BS!
Amazon's servers were Xbox 360s (FRAG) |
I'd love to see the looks on the people's faces in their NAC or whatever, as everything went to hell in a handbasket.
Pretty good idea, this certainly generated an angry flood-storm of people talking about it...
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn
I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 12900+ messages currently using 406 MB. | |
knightmb
Everybody Lies
join:2003-12-01
Franklin, TN
 ·AT&T DSL Service
| Tech Info
For those that are curious, the most ports you can have open is 65,535 on a connection, so if more than (minus everything else below 1024 that the OS will need for various reasons) that many people are clicking to begin with, the server, no matter how beefy it is simply can't get the request because of this hard limit. If they had a server farm, maybe it could higher over a redistributed load. But if that many people are clicking on the page, anyone else afterwards is shut out no matter what connection they have. So there is nothing they could do to handle more incoming connections than this unless they built a amazon2.com or amazon3.com to allow more connections to some other web servers over an extra NIC for example. | |
koolman2
Premium
join:2002-10-01
Anchorage, AK | All of the requests would have gone to the same port.
--
huh? | |
knightmb
Everybody Lies
join:2003-12-01
Franklin, TN
·AT&T DSL Service
1 edit | True, but the absolute limit for IPv4 is 65,535 (coded on 16 bits). That's why those DoS attacks are effective because it just blast request until the 65,535 limit is reached and basically the web server is "deaf" to new request until the others timeout and new ports are available to use. Sure the web server can handle more than that, but when you only have port numbers 1 through 65,535 to send a response back out through then you've reached the hard limit because you can't have a port number being shared for two different connections.
That's the extreme case where you have at least that many inbound connections in one single instance. Which in the amazon case, that's exactly what happened.
»en.wikipedia.org/wiki/Transmissi···Protocol | |
sporkme
drop the crantini and move it, sister
Premium,MVM
join:2000-07-01
Morristown, NJ
 ·Optimum Online
| said by knightmb  :That's the extreme case where you have at least that many inbound connections in one single instance. Which in the amazon case, that's exactly what happened. So how long have you worked at Amazon?
You think they have one big webserver running the site? On one IP? Uh huh... | |
Harik
@rr.com
| reply to knightmb
said by knightmb :For those that are curious, the most ports you can have open is 65,535 on a connection, so if more than (minus everything else below 1024 that the OS will need for various reasons) that many people are clicking to begin with, the server, no matter how beefy it is simply can't get the request because of this hard limit. WOW. Just WOW. That's utterly and totally incorrect.
Your win32 machine _DOES_ have a hard limit of 64511 (or less) outgoing connections, because they each use one of the available ports. But on the server side, each of them connects to the same port (80). The server's "hard" limit is 281.4 trillion connections (32 bits IP, 16 bits port). That's per service port. Obviously no machine can support that, if there were even a way to get that many machines to connect at once. | |
Crazy Hacker
@comcast.net
| said by Harik :said by knightmb :For those that are curious, the most ports you can have open is 65,535 on a connection, so if more than (minus everything else below 1024 that the OS will need for various reasons) that many people are clicking to begin with, the server, no matter how beefy it is simply can't get the request because of this hard limit. WOW. Just WOW. That's utterly and totally incorrect. Your win32 machine _DOES_ have a hard limit of 64511 (or less) outgoing connections, because they each use one of the available ports. But on the server side, each of them connects to the same port (80). The server's "hard" limit is 281.4 trillion connections (32 bits IP, 16 bits port). That's per service port. Obviously no machine can support that, if there were even a way to get that many machines to connect at once. Actually, the server listens on port 80 and can accept the hard limit, but has to open a response port to talk back to the client, and that's where the real limitation comes in. Even though the port is in use for a short period before closing, most OS's don't allow port re-use for 60 seconds (this can be tweaked on Unix/Linux, but I'm not sure about Windows). So in reality, one server can only have 64k concurrent connections. Of course, for huge sites like Amazon, this is handled by geographic load balancing, so even the load balancer clusters, are load balanced across the world. | |
TCPguy
@rogers.com
| The response goes out on the same port (80), not some other port that the server "has to open".
TCP connections are defined by source ip, source port, destination ip, destination port. If any single one of those changes, it's a different connection. For web sites, the "destination" is the server, and your pc is the "source". If the server changes the port it sends the response on, the "destination port" changes, making it a different connection, so your pc has no way of knowing it's the response for the request it sent to port 80.
The TCP stack on the server has a maximum number of connections it can queue up; these are connections that are attempting to connect, but the server software hasn't accepted yet. When this limit is reached, then your pc "cannot connect" and it seems like the website is down.
Having a server farm lets the website answer more connections faster, but they are ALL going to (and responses coming from) the same port (80). | |
|
