Why Does TIME_WAIT Accumulate in High‑Concurrency Scenarios and How to Fix It?

Problem Description

When simulating high‑concurrency traffic, a large number of TCP connections enter the TIME_WAIT state. After a short period the TIME_WAIT connections disappear as ports are reclaimed, which is normal. However, a massive amount of TIME_WAIT sockets can exhaust the 65,535 local ports and cause errors such as address already in use: connect , especially when Nginx is used as a reverse proxy.

Problem Analysis

The root causes of abundant TIME_WAIT connections are:

Many short‑lived connections are created; some TIME_WAIT sockets are reclaimed while new ones are generated.

In extreme cases a large number of TIME_WAIT sockets appear because the server actively closes connections (e.g., HTTP Connection: close).

The TCP four‑handshake termination keeps the socket in TIME_WAIT for twice the Maximum Segment Lifetime (MSL) to ensure ACK retransmission and to discard delayed packets.

Key characteristics of the TIME_WAIT state:

It is entered by the side that actively closes the connection after receiving the FIN and sending the final ACK.

The state lasts for 2 × MSL (typically 4 minutes, because MSL is 2 minutes).

Each TIME_WAIT socket occupies one local port, limiting the total number of simultaneous connections to 65,535.

Solution

To mitigate the impact of excessive TIME_WAIT sockets:

Client side : set the HTTP Connection header to keep-alive so the client keeps the connection open for a period instead of closing it immediately.

Server side :

Enable reuse of sockets in TIME_WAIT (e.g., set SO_REUSEADDR).

Reduce the TIME_WAIT timeout to 1 MSL (≈2 minutes) instead of the default 2 MSL.

Example command to count TCP connection states:

$ netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
ESTABLISHED 1154
TIME_WAIT 1645

For more details see the referenced blog post.

Conclusion

The side that actively closes a TCP connection enters TIME_WAIT.

The state lasts for 2 × MSL (usually 4 minutes) to guarantee reliable termination and to discard delayed packets.

Each TIME_WAIT socket consumes a local port; the total number of ports is limited to 65,535.

Excessive TIME_WAIT sockets can cause new connection failures ( address already in use ).

In typical HTTP/1.1 traffic browsers now use Connection: keep-alive, reducing the frequency of TIME_WAIT on the server.

Appendix A – Query TCP Connection State

On macOS, you can list connections in TIME_WAIT with:

$ netstat -nat | grep TIME_WAIT
$ netstat -nat | grep -E "TIME_WAIT|Local Address"
Proto Recv-Q Send-Q Local Address Foreign Address (state)
 tcp4 0 0 127.0.0.1.1080 127.0.0.1.59061 TIME_WAIT

Appendix B – MSL (Maximum Segment Lifetime)

MSL is the maximum time a TCP segment can exist in the network before being discarded. RFC 793 defines MSL as 2 minutes, but many systems use 30 seconds, 1 minute, or 2 minutes.

Appendix C – 2 MSL (TIME_WAIT) Explanation

After the active closer sends the final ACK, it stays in TIME_WAIT for 2 × MSL to handle possible retransmitted FIN packets.

During this period both endpoints cannot reuse the ports.

Delayed packets arriving after the connection is closed are discarded.

Setting SO_REUSEADDR can allow a new socket to bind before the 2 MSL period expires.

Appendix D – TCP Three‑Way Handshake and Four‑Way Teardown

For a visual illustration see the diagram below: