![]() ![]() Enabling Keepalive Connections in NGINX PlusĪnother way to reduce ephemeral port exhaustion is to enable keepalive connections between NGINX Plus and upstream servers. For more information about changing kernel settings, see our Tuning NGINX for Performance blog post. If you notice that you are running out of ephemeral ports, changing the range from the default to 1024 through 65000 is a practical way to double the number of ephemeral ports available for use. The default range is most commonly 32768 through 61000. One way to reduce ephemeral port exhaustion is with the Linux kernel _local_port_range setting. # ss -a | grep TIME-WAIT | wc -lġ43 Tuning the Kernel to Increase the Number of Available Ephemeral Ports In the example we get the count by using the wc command to list the number of lines in the command output. The example shows there are 143 sockets open with status TIME-WAIT. To check the number of sockets in the TIME-WAIT state on your NGINX Plus server, run the following ss command in the Linux shell. Here is a sample entry in the NGINX Plus access log. ![]() Port exhaustion also causes a spike in 500 errors originated by NGINX Plus rather than the upstream server. Here’s an example of the resulting error in the NGINX Plus error log. This results in errors from both the operating system and NGINX Plus. If the connection rate is high, such that the sockets being established are moved into a waiting state faster than existing open sockets are being closed, then eventually the available ports are exhausted and new sockets cannot be created. When NGINX Plus proxies a request to an upstream server, it is the client in the socket‑creation process described above, and its default behavior is to bind the socket for the proxied request automatically to a local IP address and an ephemeral port available on the host where it is running. Recognizing Ephemeral Port ExhaustionĪs mentioned in the introduction, NGINX Plus by nature is subject to ephemeral port exhaustion and the problems it causes. When the connection is terminated, the ephemeral port is available to be reused. The port is associated with the client only for the duration of the connection, and so is referred to as ephemeral. Finally, the local port is randomly selected from a defined range made available by the operating system. #EPHEMERAL PORT SOFTWARE#In most cases, the client automatically chooses which local IP address to use for the connection, but sometimes it is chosen by the software establishing the connection. The remote IP address and port belong to the server side of the connection, and must be determined by the client before it can even initiate the connection. These sockets are then connected to create a socket pair, which is described by a unique 4‑tuple consisting of the local IP address and port along with the remote IP address and port. When a connection is established over TCP, a socket is created on both the local and the remote host. Lastly, we discuss strategies for combatting those limitations using both Linux kernel tweaks and NGINX Plus directives. #EPHEMERAL PORT HOW TO#We then show how to determine when NGINX Plus is being affected by ephemeral port exhaustion. In this blog, we review the components of a TCP connection and how its contents are decided before a connection is established. (Ephemeral port exhaustion applies to both products, but for the sake of brevity we’ll refer just to NGINX Plus for the remainder of this blog.) ![]() But these characteristics make NGINX and NGINX Plus particularly subject to ephemeral port exhaustion – a condition where new connections cannot be created because the OS has run out of the port numbers allocated to establish new local sockets. They are very efficient at proxying large bursts of requests and maintaining a large number of concurrent connections. NGINX and NGINX Plus are extremely powerful HTTP, TCP, and UDP load balancers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |