Deep Understanding of Linux Networking – Key Q&A Highlights

Hello everyone, I'm Fei! Recently I participated in OSChina's "Expert Q&A" session where we discussed the book "Deep Understanding of Linux Networking" and answered many practical questions.

Question 1: In the virtualization era, are 65,535 ports insufficient?

Answer: The statement that a Linux host can only have 65,535 ports is inaccurate because each IP address can have its own full range of ports. Modern Linux kernels (e.g., 2.6.24) support network namespaces, giving each container its own independent IP, ports, and routing tables, so each Docker container also has 65,536 usable ports. Moreover, the same port number can be used to connect to different remote servers, so the limit is not a concern.

Question 2: Does accessing the local IP go through a switch or router?

Answer: No. Traffic to the local IP or 127.0.0.1 stays on the loopback interface (lo) and never leaves the host; you can verify this by capturing packets on lo.

Question 3: If a server exposes only one port, will requests interfere with each other?

Answer: When a new TCP connection arrives, the kernel creates a new socket with a unique four‑tuple (source IP, source port, destination IP, destination port). The kernel matches incoming packets to the correct socket using this four‑tuple, so multiple concurrent requests on the same listening port do not interfere.

Question 4: What is the famous C10K problem?

Answer: Historically, handling 10,000 concurrent connections required one thread or process per connection, which was unsustainable. The advent of epoll (and similar scalable I/O mechanisms) resolved the C10K issue.

Question 5: How to troubleshoot network packet loss?

Answer: Use tcpdump to capture traffic and look for retransmissions with Wireshark (filter tcp.analysis.retransmission ). Tools like the eBPF‑based tcpretrans can also help, though they require a recent Linux kernel.

Question 6: How many TCP connections can a machine support?

Answer: The limit depends on kernel parameters (e.g., max open file descriptors) and available memory. Roughly 3.3 KB of kernel memory is needed per connection, so a 64 GB server could theoretically handle about 64 GB / 3.3 KB ≈ 20 million connections, leaving room for other buffers.

Question 7: How much memory does a single TCP connection consume?

Answer: About 3.3 KB for the socket structure plus configurable send/receive buffers. Application‑level data (e.g., MySQL sessions) consumes memory in user space, not in the TCP kernel structures.

Question 8: CPU spikes to 100% while memory and I/O look normal – how to investigate?

Answer: Determine whether the load is in user space or kernel space using tools like top , vmstat , sar , mpstat . For kernel‑side issues, use strace to profile system calls or perf to generate flame graphs.

Question 9: Recommended network tuning and monitoring tools?

Answer: First understand the underlying principles (e.g., read "Deep Understanding of Linux Networking"). Then consult performance books such as "The Performance Handbook" for appropriate tools.

Question 10: Do I need to memorize all net.ipv4 parameters?

Answer: No. Focus on understanding the networking stack; then the parameters become intuitive, similar to a chef who knows the anatomy of a cow rather than memorizing every bone.

Question 11: High‑traffic server got overwhelmed – why many TIME_WAIT sockets?

Answer: Short‑lived connections leave sockets in TIME_WAIT for about two minutes. Enabling net.ipv4.tcp_tw_reuse and net.ipv4.tcp_tw_recycle reduces the wait time, freeing ports faster. Rate‑limiting with Nginx also helps.

Question 12: After a Linux network connection is established, what file‑system objects represent it?

Answer: In the kernel, both regular files and sockets are represented by a struct file object. However, sockets are not regular files on disk, so commands like cat cannot display socket contents. Tools like ncat can interact with sockets.

# ncat -v -lp 8081
Ncat: Version 6.40 ( http://nmap.org/ncat )
...
hello world

Client side:

# nc -v 127.0.0.1 8081
Ncat: Version 6.40 ( http://nmap.org/ncat )
Ncat: Connected to 127.0.0.1:8081.
hello world

Question 13: Are there universal core kernel parameters for production?

Answer: Most kernel defaults are reasonable, but workloads vary widely. Engineers must tune parameters based on specific application characteristics.

For the full original article, click the "Read Original" link.