When a Transmission Control Protocol (TCP) connection is closed, the socket pair associated with the connection is placed into a state known as TIME-WAIT, which prevents other connections from using that protocol, source Internet Protocol (IP) address, destination IP address, source port, and destination port for a period of time.
This functionality presents a resource-related denial of service opportunity. Because the ports affected are not immediately returned to the system's pool of available ports, network applications that perform many outbound connections in a short time can use up all available ports before the ports can be recycled. At this point, the application either pauses, waiting for ports to become available, or ends with an error.
Effects of TIME-WAIT Delay on Port Availability
TIME-WAIT makes certain that enough time has passed to ensure that any TCP segments that might have been misrouted or delayed are not delivered unexpectedly to a new, unrelated application with the same connection settings. RFC 793: Transmission Control Protocol
DARPA Internet Program
Protocol Specification specifies the length of time that a socket pair should not be reused as two maximum segment lifetimes (MSL), or four minutes. This time period is the default setting for Windows Server 2003 TCP/IP. In some scenarios, such as when many connections are required simultaneously or in rapid succession, it is possible that the default time setting might not be short enough to prevent the system from running out of available ports to allocate to the application.
Controlling TIME-WAIT Behavior
Windows Server 2003 TCP/IP offers two methods of controlling TIME-WAIT behavior:
- The TcpTimedWaitDelay registry value under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters key can be used to alter the default setting. Windows Server 2003 TCP/IP allows this value to be set as low as 30 seconds, which should not cause problems in most environments, or as high as 300 seconds.
- The number of user-accessible ephemeral ports that can be used as sources for outbound connections can be configured using the MaxUserPorts registry value, also found under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters key. By default, when an application requests any socket from the system to use for an outbound call, a port numbered between 1024 and 5000 is supplied. MaxUserPorts can be used to set the value of the uppermost port that the administrator chooses to allow for outbound connections. For instance, setting this value to 10,000 (decimal) makes approximately 9000 user ports available for outbound connections. For more details on this concept, see RFC 793: Transmission Control Protocol
DARPA Internet Program
Protocol Specification.
Note Although 65,536 ports are available, by default Windows Server 2003 only allocates port numbers up to 5000 as source ports for outbound connections. If an application performs many network connections simultaneously or within a short window of time, the application developer might need to increase this number and reduce the TcpTimedWaitDelay value to avoid receiving a WSAENOBUFS (10055) error: "An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full."
See Also
Windows TCP Implementation Features