The High-Stakes Problem
In modern distributed systems, the "Hello World" of WebSockets is deceptively simple. You spin up a Node.js server, implement socket.io, and you have bidirectional communication. This works perfectly fine for 5,000 users. It might even stretch to 50,000 if your vertical scaling strategy involves throwing money at AWS instances.
But at CodingClave, we don't design for 50,000. We design for the C1M (1 Million Concurrent Connections) threshold.
At this scale, standard architectural patterns collapse. You hit hard limits in the Linux kernel before your application logic even processes a frame. You face the "Thundering Herd" problem where a service restart results in a self-inflicted DDoS attack from 1 million reconnecting clients. You encounter memory fragmentation that turns your garbage collector into a latency generator.
Scaling stateful TCP connections in a stateless cloud environment is not a feature request; it is an infrastructure war. Here is how we win it.
Technical Deep Dive: The Solution
To handle 1M concurrents, we must optimize three layers: The Kernel, The Application Runtime, and The Event Bus.
1. Kernel Tuning: Beyond ulimit
Default Linux distributions are tuned for general-purpose computing, not high-concurrency I/O. If you rely on defaults, your load balancers and gateway servers will cap out around 65,000 connections due to ephemeral port exhaustion and file descriptor limits.
You must modify sysctl.conf to allow massive open files and optimize the TCP stack.
# /etc/sysctl.conf
# Increase system-wide file descriptor limit
fs.file-max = 2097152
# Increase the range of ephemeral ports (if acting as a proxy/client)
net.ipv4.ip_local_port_range = 1024 65535
# Enable reusing sockets in TIME_WAIT state for new connections
net.ipv4.tcp_tw_reuse = 1
# Increase the max number of backlog connections
net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 65535
# Optimize TCP buffer sizes to reduce RAM per connection
# This is critical. 1M connections * high buffer = OOM.
net.ipv4.tcp_rmem = 4096 87380 33554432
net.ipv4.tcp_wmem = 4096 87380 33554432
2. The Application Layer: Go & Epoll
While Node.js is popular, its V8 engine overhead per object makes 1M connections expensive regarding RAM. At CodingClave, we prefer Go (Golang) for this specific workload. A goroutine starts at ~2KB of stack space.
Mathematically:
- 1,000,000 connections * 4KB (Goroutine + Metadata) ≈ 4GB RAM.
- This is achievable on a single large instance, though we shard it for redundancy.
However, standard net/http in Go spawns a goroutine per request. For extreme scale, we utilize non-blocking I/O and interaction with epoll (on Linux) or kqueue (on BSD) to manage connections with fewer threads.
Below is a simplified architecture using a Hub pattern backed by NATS for horizontal scalability.
package main
import (
"github.com/gorilla/websocket"
"github.com/nats-io/nats.go"
"net/http"
)
// Hub maintains the set of active clients and broadcasts messages
type Hub struct {
// Registered clients.
clients map[*Client]bool
// Inbound messages from the clients.
broadcast chan []byte
// Register requests from the clients.
register chan *Client
// Unregister requests from clients.
unregister chan *Client
}
// Client acts as an intermediary between the websocket connection and the hub.
type Client struct {
hub *Hub
conn *websocket.Conn
send chan []byte
}
func (h *Hub) run() {
for {
select {
case client := <-h.register:
h.clients[client] = true
case client := <-h.unregister:
if _, ok := h.clients[client]; ok {
delete(h.clients, client)
close(client.send)
}
case message := <-h.broadcast:
for client := range h.clients {
select {
case client.send <- message:
default:
close(client.send)
delete(h.clients, client)
}
}
}
}
}
// NATS Subscription handling external events to broadcast to local WS clients
func (h *Hub) subscribeToNats(nc *nats.Conn, subject string) {
nc.Subscribe(subject, func(m *nats.Msg) {
h.broadcast <- m.Data
})
}
3. The Distributed Glue: NATS JetStream
You cannot serve 1M users from a single box due to CPU bottlenecks in SSL termination and packet processing. You will have a cluster of WebSocket servers.
The problem: If User A is connected to Server 1, and User B is connected to Server 50, how does a message route between them?
We reject HTTP polling between servers. We use NATS JetStream over Redis Pub/Sub. NATS provides lower latency, higher throughput, and better support for wildcard subject routing, which is essential for channel-based architectures (e.g., market.data.us.aapl).
Architecture & Performance Benefits
By implementing this low-level tuning and sharded architecture, we achieve:
- Linear Scalability: Adding capacity is simply adding more WebSocket Gateway nodes. The NATS layer decouples state from the connection.
- Resource Density: We reduce memory footprint by approximately 60% compared to standard Node.js implementations, significantly lowering cloud infrastructure costs.
- Latency Predictability: By removing Garbage Collection pauses associated with high-object-count languages, we ensure p99 latency remains under 50ms, even during traffic spikes.
How CodingClave Can Help
Implementing the architecture described above is not an experiment; it is a high-risk engineering endeavor.
While the code snippets provide a direction, they do not cover the operational nightmares of C1M systems:
- Reconnection Storms: How do you prevent your load balancer from crashing when 500k users reconnect simultaneously after a localized ISP outage?
- State Synchronization: How do you handle message ordering guarantees when a node fails?
- Security: How do you handle authentication (JWT) revocation without forcing a disconnect on 1 million live sockets?
At CodingClave, we do not just write code; we architect resilience. We have successfully deployed high-frequency trading platforms and massive-scale gaming backends that handle millions of concurrents without blinking.
If your internal team is struggling with scale, or if you are planning a launch where failure is not an option, do not guess.
Book a High-Scale Architecture Audit with CodingClave Today. Let's build a system that stays up when the world is watching.