From owner-freebsd-net@FreeBSD.ORG Fri Jun 4 07:38:47 2004 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E09716A4CE; Fri, 4 Jun 2004 07:38:47 -0700 (PDT) Received: from pit.databus.com (p70-227.acedsl.com [66.114.70.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id E58DC43D48; Fri, 4 Jun 2004 07:38:44 -0700 (PDT) (envelope-from barney@pit.databus.com) Received: from pit.databus.com (localhost [127.0.0.1]) by pit.databus.com (8.12.11/8.12.11) with ESMTP id i54Eccxo080957; Fri, 4 Jun 2004 10:38:38 -0400 (EDT) (envelope-from barney@pit.databus.com) Received: (from barney@localhost) by pit.databus.com (8.12.11/8.12.11/Submit) id i54EcbJ1080956; Fri, 4 Jun 2004 10:38:37 -0400 (EDT) (envelope-from barney) Date: Fri, 4 Jun 2004 10:38:37 -0400 From: Barney Wolff To: Mike Silbersack Message-ID: <20040604143837.GA80811@pit.databus.com> References: <200406030427.i534RAdh003365@gw.catspoiler.org> <20040603021629.S70117@odysseus.silby.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040603021629.S70117@odysseus.silby.com> User-Agent: Mutt/1.5.6i X-Scanned-By: MIMEDefang 2.43 cc: dmitry@atlantis.dp.ua cc: freebsd-net@freebsd.org cc: Don Lewis Subject: Re: net.inet.ip.portrange.randomized=1 hurts X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2004 14:38:47 -0000 On Thu, Jun 03, 2004 at 02:19:43AM -0500, Mike Silbersack wrote: > > On Wed, 2 Jun 2004, Don Lewis wrote: > > > Randomizing DNS query IDs without repeating any particular ID too > > quickly is a similar problem. I contributed some code to for this to > > BIND version 8 a number of years ago. See the nsid stuff in > > /usr/src/contrib/bind/bin/named/ns_main.c. There are some comments > > preceeding the code that explain the background and how it is supposed > > to work. Something like this might be suitable for port number > > allocation, though the potentially long time that a given port number > > might be in use would complicate things. > > I just thought more about the issue at hand, and I think that changing the > randomization algorithm is probably not worth the effort. Instead, we'll > have to fix the server-side TIME_WAIT problem Dmitry is experiencing. > The simple reason is that any other OS which uses randomized ephemeral > ports will tickle the exact same port recycling problem, so reverting our > client behavior isn't a long-term solution. The randomization algorithm is definitely wrong, and will need to be fixed. What's needed, as pointed out above, is a random *shuffle* not simply a random choice. The random choice as the code does now encounters the birthday paradox, resulting in re-use of a port number in sqrt(N) picks, meaning on average the re-use interval is 128, given the default 16384 range. That's far too short. The justified response to user complaints is "send patches" and I'm willing to try, if no-one else is working on it. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.