[
https://issues.apache.org/jira/browse/MESOS-2802?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14570477#comment-14570477
]
Peter Kolloch commented on MESOS-2802:
--------------------------------------
Hi Niklas, Hi Adam,
do you have to suggestion how to ensure security without a grace period for
ports? I'd be happy to hear it.
Otherwise, I see your point about resource utilization problems if you have
many short-lived tasks but that's typically not an issue. Let's say your
typical task has one port and you reserve 50,000 ports for Mesos on each slave.
That might be not typical but is possible. With a grace period of 2min you are
talking about sustained ~416 task launches per second on one slave until you
are out of port resources temporarily. If that is not sufficient, you could
maybe use multiple IPs on that host.
MESOS-2018 would allow frameworks to solve this themselves by implementing the
port grace periods. That's good.
Unfortunately, this would not solve the port starvation problem but move the
implementation burden to every single framework. And, what's worst, if they
forget to implement it, they are insecure by default.
> Prevent immediate reuse of network ports for different tasks
> ------------------------------------------------------------
>
> Key: MESOS-2802
> URL: https://issues.apache.org/jira/browse/MESOS-2802
> Project: Mesos
> Issue Type: Improvement
> Reporter: Peter Kolloch
>
> Currently, if a task finishes or dies, another task might reuse the same port
> immediately afterwards. If another task or a load balancer connects to this
> port, still expecting the old task, there might be unpleasant surprises.
> For example, imagine that a visitor of your Mesos hosted web page sees your
> internal reporting tool instead of your company market material when hitting
> your page during an update.
> To make this less likely, Marathon contains code which tries to randomize
> dynamically assigned ports. This is a workaround at best and we would like to
> get rid of this code. I imagine that other frameworks might include similar
> code.
> As a solution, I propose a grace period for ports. If a task dies, the
> associated ports resources should not immediately go back into the resource
> pool. Instead, Mesos should wait for a configurable time and only then offer
> them for new tasks again.
> If you then specify a grace period of 2 minutes and update your service
> discovery load balancer every 30 seconds, you can be reasonably sure that no
> improper port reuse occurs.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
