More than 65K connections of a proxy on FreeBSD

Hello,

On Linux, NINGX can have more than 65K connections to backends per one local
address of a proxy (set via proxy_bind), as Linux support
IP_BIND_ADDRESS_NO_PORT socket option.

I wonder if it is possible to have more than 65K proxy connections on
FreeBSD? And if yes, does NGINX support it?

Thanks in advance.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,279368,279368#msg-279368

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

This may well help:
https://www.nginx.com/blog/overcoming-ephemeral-port-exhaustion-nginx-plus/

On 10/04/2018 13:54, Salikhov Dinislam wrote:
> Hello,
>
> On Linux, NINGX can have more than 65K connections to backends per one local
> address of a proxy (set via proxy_bind), as Linux support
> IP_BIND_ADDRESS_NO_PORT socket option.
>
> I wonder if it is possible to have more than 65K proxy connections on
> FreeBSD? And if yes, does NGINX support it?
>
> Thanks in advance.
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,279368,279368#msg-279368
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Unfortunately, the article says nothing about 65K+ connections _per_single_
local address.
Using of IP_BIND_ADDRESS_NO_PORT for Linux was mentioned in the comment and
there's nothing about FreeBSD.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,279368,279394#msg-279394

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

> Unfortunately, the article says nothing about 65K+ connections _per_single_
> local address.
> Using of IP_BIND_ADDRESS_NO_PORT for Linux was mentioned in the comment
> and there's nothing about FreeBSD.

Correct me if I'm wrong but in case of IP_BIND_ADDRESS_NO_PORT doesn't the unique 4-tuple (sourceip+sourceport+destip+destport) limit still remain?

As you only defer/delegate to kernel to assign the ephemeral port in connect() rather than at the bind() time (when the destination is not yet known) so in case of a single source ip and single backend/port the ~65k limit still exists.

rr

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

> Correct me if I'm wrong but in case of IP_BIND_ADDRESS_NO_PORT doesn't the
unique 4-tuple (sourceip+sourceport+destip+destport) limit still remain?

Yes, it still remains.

> As you only defer/delegate to kernel to assign the ephemeral port in
connect() rather than at the bind() time (when the destination is not yet
known) so in case of a single source ip and single backend/port the ~65k
limit still exists.

You are right for the case of single source IP and single backend-port
pair.
The thing is that in case of single source IP and multiple backend-port
pairs overall amount of connections is still limited by 65K. Linux's
IP_BIND_ADDRESS_NO_PORT increases the limit up to 65K connections per single
backend-port pair (single source IP remains the same for all connections to
all backends) and NGINX supports the feature. So I wonder if there's
something like on FreeBSD.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,279368,279396#msg-279396

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx