For heavy traffic network servers, like proxy servers or load balancers, you may need to increase the networking port range.
On Linux, there is a sysctl parameter called ip_local_port_range
that defines the minimum and maximum port a networking connection can use as its source (local) port. This applies to both TCP and UDP connections.
To find out the current IP range, use the following commands:
$ cat /proc/sys/net/ipv4/ip_local_port_range 32768 61000
or:
$ sysctl net.ipv4.ip_local_port_range net.ipv4.ip_local_port_range = 32768 61000
The value is shown as “minimum maximum” value, so the local port for new connections will be between 32.768 and 61.000, by default that’s a 28.232 range of ports. Sounds plenty, but heavy traffic servers can easily reach this limit.
For heavy traffic servers, you can increase the total port range like this.
$ sysctl -w net.ipv4.ip_local_port_range="15000 64000" net.ipv4.ip_local_port_range = 15000 64000
Or, by using echo
to pass a value directly into /proc
.
$ echo 15000 64000 > /proc/sys/net/ipv4/ip_local_port_range
To make the changes persistent on boot, save your config in either /etc/sysctl.conf
or in a custom file that gets included in your main configs.
$ cat /etc/sysctl.d/net.ipv4.ip_local_port_range.conf net.ipv4.ip_local_port_range = 15000 65000
To find out how many sessions your server is currently handling, use the following commands:
$ ss -s Total: 2933 (kernel 3131) TCP: 43915 (estab 2655, closed 41080, orphaned 159, synrecv 0, timewait 41080/0), ports 30347 Transport Total IP IPv6 * 3131 - - RAW 0 0 0 UDP 17 11 6 TCP 2835 2832 3 INET 2852 2843 9 FRAG 0 0 0 $ netstat -anp | more ... tcp 0 0 10.50.1.6:41205 10.50.1.10:80 TIME_WAIT - tcp 0 0 10.50.1.6:42515 10.50.1.10:80 TIME_WAIT - tcp 0 0 10.50.1.6:59845 10.50.1.10:80 TIME_WAIT -
Please be careful with increasing the TCP port range though, there are limits!