All geek questions in one place

Expand ephemeral ports by adding an optional Ethernet interface

Is there a way to double the number of ephemeral ports and work with a 16-bit limit? I tried to create virtual Ethernet interfaces via eth0, and I hope this raises the limit. Although the application uses the new virtual IP addresses in outgoing traffic, it seems that it still faces the same ephemeral port limit. I believe that virtual ports have a 1 to 1 mapping on the physical interface.

ifconfig eth0: 1 10.10.10.210 netmask 255.255.255.192 ifconfig eht0: 2 10.10.10.211 netmask 255.255.255.192

Can someone please tell me how I can double the total number of ephemeral ports in Linux without adding an additional network adapter?

(FYI, I tried to increase the open ulimit / max file by changing the port range, turning on tcp recycle / timestamps, decreasing the tcp timeout ... I guess we just need more than 65k ports for this proxy machine.)

+4
source share
4 answers

If you create virtual interfaces via eth0, you should be able to assign different IP addresses to these interfaces. At the same time, you can use the same ephemeral port numbers (they are allocated in the kernel, so you really do not have much control) for several sockets, each of which is associated with different addresses - you will probably have to set SO_REUSEADDR. The reason for this will be that for incoming packets (UDP / TCP) the stream is identified by looking for both the local source IP address and port number.

And as @Duck mentioned, since TCP / UDP headers only allocate 16 bits for port numbers, there isn’t much point in increasing the ephemeral range in the local stack.

+3
source

This is a limitation of network protocols. Both TCP and UDP, for example, have 16-bit source and destination ports. Even if you can increase the number of ports, no one can solve them.

+1
source

Turns out you can't use 0 to bind the ephemeral port if you want to exceed the 65535 limit. Instead, you need to use an explicit port number.

Also enabling tcp_tw_reuse can be useful: http://krenel.org/tcp-time_wait-and-ephemeral-ports-bad-friends.html

0
source

There seems to be a way, but it's not free. It is called "bind before connect". See this short but solid article that summarizes it very well.

Having multiple virtual IPs is just the beginning. Quoting a related article:

On Linux, the ephemeral range of ports is a global resource; it is not a specific parameter that is local to the IP address.

So, this is bad, and you need to improve your starting position with a few correct settings (where you have already found most of them) and bypass the global limit using the smart socket allocation technique. As a result, you will manage all outgoing IP addresses manually. It also does not do very well with other applications on the system using the traditional connection method.

0
source

Source: https://habr.com/ru/post/1501319/

More articles:


All Articles