[squid-users] Scaling concurrent TCP sessions beyond ephemeral port range
Amos Jeffries
squid3 at treenet.co.nz
Sat May 21 04:25:43 UTC 2022
On 20/05/22 19:44, Praveen Ponakanti wrote:
> Hi Alex,
>
> Thanks for going through several steps to help mitigate src port
> exhaustion. We are looking to achieve 400-500% more
> concurrent connections if we could :) as there is a significant buffer
> on the available CPU.
Then you require at least 4, maybe 5, IP addresses to handle that many
concurrent connections with Squid.
> The option to use multiple tcp_outoing_addresses appears to be promising
> along with some tweaks to the TCP timeouts. I guess we could use ACLs to
> pick a different outbound IP based on the requesting client's prefix. We
> had not considered that option as the ephemeral ports were no longer
> available to other applications when squid uses most of them with a
> single outbound IP configured. We are also looking to modify the code to
> use the IP_BIND_ADDRESS_NO_PORT sockopt as that could help delay port
> assignment with the bind() call on the outbound TCP sessions (to
> hopefully allow access to the 4-tuple on the socket).
Patches welcome.
However, please be aware that use of the 4-tuple is often no different
from the 3-tuple since the dst-port is typically identical for all
outgoing traffic to a given dst-IP.
Cheers
Amos
More information about the squid-users
mailing list