Optimizing Linux for High Concurrency: Adjusting ulimit, sysctl, iptables, and I/O Mechanisms

By default, Linux does not handle high concurrency well because of limits on the maximum number of open files per process, kernel TCP settings, and the I/O event dispatch mechanism. The following steps adjust the system to support a large number of simultaneous TCP connections.

iptables : If not required, disable or uninstall the iptables firewall and prevent the kernel from loading its modules, as they can degrade concurrency performance.

Increase the per‑process file descriptor limit :

# ulimit -n 65535

If the command fails, edit /etc/security/limits.conf and add:

# vim /etc/security/limits.conf
* soft nofile 65535
* hard nofile 65535

Then modify /etc/pam.d/login to include:

# vim /etc/pam.d/login
session required /lib/security/pam_limits.so

Check the system‑wide maximum with:

# cat /proc/sys/fs/file-max
32568

If needed, raise it by adding fs.file-max = 131072 to /etc/sysctl.conf and reboot.

Kernel TCP parameter tuning :

Inspect TIME_WAIT sockets with:

# netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

Typical output shows many TIME_WAIT sockets, which consume ports. Edit /etc/sysctl.conf and add:

# vim /etc/sysctl.conf
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000
net.core.netdev_max_backlog = 32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_fastopen = 3

Apply the changes with:

# sysctl -p

Brief explanations: enabling SYN cookies mitigates SYN floods; tcp_tw_reuse and tcp_tw_recycle allow faster reuse of TIME_WAIT sockets; tcp_fin_timeout shortens the FIN‑WAIT period; the other parameters expand backlog queues, buffer sizes, and port ranges to accommodate more connections.

I/O event dispatch mechanism :

For high‑concurrency TCP servers, avoid select() (limited to ~1024 descriptors) and poll() (inefficient under heavy load). Prefer epoll or asynchronous I/O (AIO) which scale to thousands of sockets without the overhead of per‑connection threads.

After applying these configurations, the Linux server’s ability to handle massive simultaneous TCP connections improves significantly, though production environments should test and fine‑tune values based on actual workload.