问题描述:
业务遇到这个情况,在重启服务时,出现50020端口被占用而无法启动,
非得等该端口释放后才启动成功。
问题分析:
50020端口被该服务器上的客户端 随机选取源端口给占用掉了。
解决方案:
使用net.ipv4.ip_local_port_range参数,规划出一段端口段预留作为服务的端口,
这种方法是可以解决当前问题,但是会有个问题,端口使用量减少了,
当服务器需要消耗大量的端口号的话,比如反代服务器,就存在瓶颈了。
最好的做法是将服务监听的端口以逗号分隔全部添加到ip_local_reserved_ports中,
TCP/IP协议栈从ip_local_port_range中随机选取源端口时,
会排除ip_local_reserved_ports中定义的端口,
因此就不会出现端口被占用了服务无法启动。
ip_local_reserved_ports解释如下:
ip_local_reserved_ports - list of comma separated ranges
Specify the ports which are reserved for known third-party
applications. These ports will not be used by automatic port
assignments (e.g. when calling connect() or bind() with port
number 0). Explicit port allocation behavior is unchanged.
The format used for both input and output is a comma separated
list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
10). Writing to the file will clear all previously reserved
ports and update the current list with the one given in the
input.
Note that ip_local_port_range and ip_local_reserved_ports
settings are independent and both are considered by the kernel
when determining which ports are available for automatic port
assignments.
You can reserve ports which are not in the current
ip_local_port_range, e.g.:
$ cat /proc/sys/net/ipv4/ip_local_port_range
32000 61000
$ cat /proc/sys/net/ipv4/ip_local_reserved_ports
8080,9148
although this is redundant. However such a setting is useful
if later the port range is changed to a value that will
include the reserved ports.
Default: Empty
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
|
|
# vim /etc/sysctl.conf
net
.
ipv4
.
ip_local_reserved_ports
=
50020
,
3000
-
4000
# sysctl -p
|
[warning]注意:内核版本要大于2.6.18-164,否则不支持该参数。[/warning]
refer to: http://www.ttlsa.com/linux/reserved-port-to-avoid-occupying-ip_local_reserved_ports/
please refer to : http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap6sec70.html
6.7. The ip_local_port_range parameters
The /proc/sys/net/ipv4/ip_local_port_range defines the local port range that is used by TCP and UDP traffic to choose the local port. You will see in the parameters of this file two numbers: The first number is the first local port allowed for TCP and UDP traffic on the server, the second is the last local port number. For high-usage systems you may change its default parameters to 32768-61000 -first-last.
The default setup for the ip_local_port_range parameters under Red Hat Linux is: "1024 4999"
To change the values of ip_local_port_range, type the following command on your terminal:
[root@deep] /# echo "32768 61000" >/proc/sys/net/ipv4/ip_local_port_range
|
Add the above commands to the
/etc/rc.d/rc.local
script file and you'll not have to type it again the next time you reboot your system.
Edit the
/etc/sysctl.conf
file and add the following line:
# Allowed local port range
net.ipv4.ip_local_port_range = 32768 61000
|
You must restart your network for the change to take effect. The command to manually restart the network is the following:
don't do it in your product environment:
[root@deep] /# /etc/rc.d/init.d/network restart
|
Setting network parameters [ OK ] Bringing up interface lo [ OK ] Bringing up interface eth0 [ OK ] Bringing up interface eth1 [ OK ]
using : #/sbin/sysctl -p
Linux increase ip_local_port_range TCP port range
For heavy traffic network servers, like proxy servers or load balancers, you may need to increase the networking port range.
On Linux, there is a sysctl parameter called ip_local_port_range that defines the minimum and maximum port a networking connection can use as its source (local) port. This applies to both TCP and UDP connections.
To find out the current IP range, use the following commands:
$ cat /proc/sys/net/ipv4/ip_local_port_range
32768 61000
or:
$ sysctl net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 32768 61000
The value is shown as "minimum maximum" value, so the local port for new connections will be between 32.768 and 61.000, by default that's a 28.232 range of ports. Sounds plenty, but heavy traffic servers can easily reach this limit.
For heavy traffic servers, you can increase the total port range like this.
$ sysctl -w net.ipv4.ip_local_port_range="15000 64000"
net.ipv4.ip_local_port_range = 15000 64000
Or, by using echo to pass a value directly into /proc.
$ echo 15000 64000 > /proc/sys/net/ipv4/ip_local_port_range
To make the changes persistent on boot, save your config in either /etc/sysctl.conf or in a custom file that gets included in your main configs.
$ cat /etc/sysctl.d/net.ipv4.ip_local_port_range.conf
net.ipv4.ip_local_port_range = 15000 65000
To find out how many sessions your server is currently handling, use the following commands:
$ ss -s
Total: 2933 (kernel 3131)
TCP: 43915 (estab 2655, closed 41080, orphaned 159, synrecv 0, timewait 41080/0), ports 30347
Transport Total IP IPv6
* 3131 - -
RAW 0 0 0
UDP 17 11 6
TCP 2835 2832 3
INET 2852 2843 9
FRAG 0 0 0
$ netstat -anp | more
...
tcp 0 0 10.50.1.6:41205 10.50.1.10:80 TIME_WAIT -
tcp 0 0 10.50.1.6:42515 10.50.1.10:80 TIME_WAIT -
tcp 0 0 10.50.1.6:59845 10.50.1.10:80 TIME_WAIT -
Please be careful with increasing the TCP port range though, there are limits!
refer to: https://ma.ttias.be/linux-increase-ip_local_port_range-tcp-port-range/
