How to Boost Linux TCP Concurrency: Raise File Limits & Tune Kernel Params

1. Increase the per‑process file descriptor limit

Linux restricts the number of files (including socket handles) a single process can open, which caps the maximum concurrent TCP connections. Check the current limit with: ulimit -n Typical output is 1024, leaving only about 1014 sockets for client connections after accounting for standard streams and other descriptors.

To raise this limit, edit /etc/security/limits.conf and add lines for the target user (or * for all users):

speng soft nofile 10240
speng hard nofile 10240

Then ensure the PAM module reads these settings by adding the following line to /etc/pam.d/login: session required /lib/security/pam_limits.so Verify the system‑wide maximum with: cat /proc/sys/fs/file-max If you need to raise the hard limit, append a command to /etc/rc.local (or another startup script): echo 22158 > /proc/sys/fs/file-max After reboot, re‑check with ulimit -n. If the value is still low, look for any ulimit -n statements in /etc/profile or user‑specific shell init files and adjust or remove them.

2. Tune kernel TCP connection limits

If the file‑descriptor limit is no longer the bottleneck, the kernel may still restrict the number of concurrent connections.

Local port range : The kernel’s default local port range (e.g., 1024‑32768) can be expanded by editing /etc/sysctl.conf: net.ipv4.ip_local_port_range = 1024 65000 Apply the change with: sysctl -p This allows a single process to open roughly 60 000 sockets.

Connection tracking limit : The netfilter conntrack subsystem also caps the number of tracked TCP connections. Increase the limit in /etc/sysctl.conf: net.ipv4.ip_conntrack_max = 10240 Reload the settings with sysctl -p. With this value, a single process can theoretically maintain over 10 000 concurrent connections.

3. Choose a high‑concurrency network I/O model

For applications handling many TCP connections, synchronous I/O with one thread per socket is inefficient. Preferred models are:

Non‑blocking I/O with event‑driven mechanisms : select() (limited to ~1024 fds), poll() (better but still inefficient at scale), and epoll() (scales to tens of thousands of fds).

Asynchronous I/O (AIO) : Modern Linux kernels provide an improved AIO implementation suitable for high‑throughput workloads.

In practice, epoll or AIO should be used to avoid the performance penalties of select or poll.

4. Recommended sysctl.conf tuning for high‑traffic servers

net.ipv4.ip_local_port_range = 1024 65536
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
net.ipv4.tcp_fin_timeout = 10
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_sack = 0
net.core.netdev_max_backlog = 30000
net.ipv4.tcp_no_metrics_save = 1
net.core.somaxconn = 262144
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_max_orphans = 262144
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2

These values are derived from cache server (Varnish) and SunOne server optimizations. Adjust tcp_fin_timeout to 10 seconds for better stability in the described environment.

5. Apply the new limits immediately

Reload the sysctl configuration and flush routing caches:

/sbin/sysctl -p /etc/sysctl.conf
/sbin/sysctl -w net.ipv4.route.flush=1

Optionally reboot the system to ensure all changes take effect.

Finally, raise the per‑process open‑file limit for the current session and make it persistent:

echo ulimit -HSn 65536 >> /etc/rc.local
echo ulimit -HSn 65536 >> /root/.bash_profile
ulimit -HSn 65536

After these adjustments, a Linux server can handle tens of thousands of simultaneous TCP connections, provided the application uses an efficient I/O model such as epoll or AIO.