On 13/09/2016 11:51 πμ, Lukas Tribus wrote: > Enable IP_BIND_ADDRESS_NO_PORT on backend connections when the source > address is specified without port or port ranges. This is supported > since Linux 4.2/libc 2.23. > >
I am going to hijack this thread to ask something related to ephemeral port exhaustion when HAProxy opens connections to servers. A single haproxy process can open up to 65K connections to a single server since those 65K connections are unique quadruple combinations of source port + source IP + dst IP + dst port. If you want to get more connections to the same dst IP then we need more source IPs. What improvements in the context of ephemeral port exhaustion does this new bind option bring? The commit on Linux kernel mentions: """ The port will be automatically chosen at connect() time, in a way that allows sharing a source port as long as the 4-tuples are unique. """ confused me a bit as it says that the same source port can be used as long as the 4-tuples are unique, which imply that we can not, without this option, have the following 2 sockets: 2.2.2.2 + 3232 + 1.1.1.1 + 80 3.3.3.3 + 3232 + 1.1.1.1 + 80 My understanding is that the ephemeral port limit of 65K is per unique socket and not across all possible sockets. Am I missing something here? Cheers, Pavlos
signature.asc
Description: OpenPGP digital signature
