From owner-freebsd-net Tue Mar 19 9:37:39 2002 Delivered-To: freebsd-net@freebsd.org Received: from patrocles.silby.com (d123.as29.nwbl0.wi.voyager.net [169.207.73.123]) by hub.freebsd.org (Postfix) with ESMTP id 9F2E837B400 for ; Tue, 19 Mar 2002 09:37:32 -0800 (PST) Received: from patrocles.silby.com (localhost [127.0.0.1]) by patrocles.silby.com (8.12.2/8.12.2) with ESMTP id g2JHZmjJ049770 for ; Tue, 19 Mar 2002 17:35:48 GMT (envelope-from silby@silby.com) Received: from localhost (silby@localhost) by patrocles.silby.com (8.12.2/8.12.2/Submit) with ESMTP id g2JHZmTA049767 for ; Tue, 19 Mar 2002 11:35:48 -0600 (CST) X-Authentication-Warning: patrocles.silby.com: silby owned process doing -bs Date: Tue, 19 Mar 2002 11:35:48 -0600 (CST) From: Mike Silbersack To: freebsd-net@freebsd.org Subject: ephemeral port allocation - time for a change? Message-ID: <20020319111522.H49521-100000@patrocles.silby.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org By filing PR docs/32041, Mark Blackman has reminded me of an issue that has been nagging me for some time now. As Mark points out, one of the likely problems in the sysadmin mag benchmark run last spring was that the system ran out of ephemeral ports. Unforunately, nobody caught this at the time, and the benchmarkers were unable to explain why freebsd hit a connection limit below that of the other OSes. Right now, we're still using the traditional port range of 1024-5000, which limits us to a little under 4000 distinct outgoing connections. AFAIK, other OSes have started transitioning to the now preferred port range of 49152-65535, which would give us about 4x more breathing room. Looking through the logs for in.h, I can see that peter attempted changing the port range to 20000-30000 about 6 years ago, but reverted the change because of firewall issues. My question is this: Is anyone aware of a reason that using 49152-65535 by default would cause problems today? I quickly looked through netstat -n on freefall, and it appears that many systems are using those ports for ephemeral usage these days. If no problems will be caused, I'd like to go ahead and make the switch so that people running systems with large numbers of outbound connections are less likely to bump into the limit. One other issue relating to this is that ephermal ports are shared across all IPs, meaning that the ephemeral port limit is currently a hard limit on the number of outbound connections that may be made. If one were to rewrite the port allocation code so that the limit applied to each IP individually, many of the problems of running out of ephemeral ports would be mitigated. However, this is not an easy change, and doesn't negate all of the advantages of expanding the usable port range as mentioned above. (For example, even with such code we'd still hit a limit when establishing multiple connections to a single service on a single box, as is probably done when benchmarking.) Thanks, Mike "Silby" Silbersack To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message