Re: Re-Use TCP Source Ports if the Socket is Unique?
Eric, On 6/25/21 22:09, Eric Robinson wrote: -Original Message- From: Olaf Kock Sent: Friday, June 25, 2021 8:07 AM To: users@tomcat.apache.org Subject: Re: Re-Use TCP Source Ports if the Socket is Unique? On 25.06.21 14:46, Eric Robinson wrote: Olaf and Scott -- Thanks to both of you for your comments. I may have asked my question poorly, since what you both described is the way I understand TCP to work. There is no correlation between an incoming connection to tomcat and its outgoing connection to a database backend, nor would I expect there to be. Perhaps a simpler way to ask my question is: when a server has multiple IPs, which one does tomcat use as its source IP when it initiates a three-way handshake with a remote machine? For example, suppose my server has IP addresses 10.0.0.1 and 10.0.0.2, and my tomcat connector looks like this... Tomcat is now listening on IP 10.0.0.2. But here's the question. If tomcat needs to initiate a TCP session to a remote machine (acting as a TCP client), will it use 10.0.0.1 or 10.0.0.2 as the source IP of the outbound connection? I'm assuming it will use the same IP that the connector is configured to listen on. Hi Eric, again: There's no correlation. Your question boils down to a context-free "which source IP does tomcat use for outgoing connections?". In fact, Tomcat doesn't use any. It just asks the runtime environment (ultimately I'd expect the OS) for a connection to a particular destination, then it uses that. How the connection is then established will depend on * available network adapters * best route to the target address * OS or network configuration It will /not/ depend on any of Tomcat's Connector-configurations whatsoever Got it. Then, given a tomcat server with one NIC and two IP addresses, 10.0.0.2 and 10.0.0.3, when tomcat connects to a server on the same subnet at 10.0.0.50, what logic does the OS use to select the source IP, all else being equal? Obviously neither IP has a routing advantage. You are confusing NIC and interface. A NIC is a piece of hardware, while an interface is a software concept. Often, they are 1:1 so you have 1 NIC and 1 interface. But if you have two interfaces, they must have something which differentiates them, or the network configuration will be ... insane. I'm sure it's possible to get a pair of network interfaces configured with both of them on the same network segment, but the IP stack will surely have rules for deciding which interface is used for the (client) socket by default if you don't specify one. But those rules are beyond Tomcat, beyond the JVM, and rest with the OS itself. So the answer is "it depends" and "if you care, you should specify which one you want." -chris -Original Message- From: Olaf Kock Sent: Friday, June 25, 2021 3:01 AM To: users@tomcat.apache.org Subject: Re: Re-Use TCP Source Ports if the Socket is Unique? On 25.06.21 05:19, Eric Robinson wrote: Thanks for the feedback, Daniel. I guess the answer depends on whether the socket libraries use the tomcat listening port as the source IP. If you have three tomcat instances listening on three different IPs, each instance should be able to open a client connection using the same source port, as long as each tomcat uses its listening IP as the source IP of the socket. That's the part I'm still not sure about. My expectation is that database connections do not have any correlation with the listening port: Technically, DB connection pools can be shared across all contained Hosts and Connectors /within a single tomcat/, and when multiple processes are added to the game, it doesn't really change anything. In fact, it's not uncommon that there's a public facing network adapter, where a http-connector listens, but a completely different network adapter for any backend communication - e.g. to the database. All that I expect a database driver to do is to specify where it wants to connect to, and the OS figures out how that connection needs to be routed. That's utterly independent of any http connection that comes in to the same process. So: Don't expect any correlation, and you're safe. (Note: There /may/ be ways to configure a db-driver to specify a source address, but I'd expect that rather to add a potential failure rather than anything that I'd want to control. If you interpret such a situation differently: Please elaborate) Best, Olaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer : This email and any files transmitted with it are confidential and intended solely for intended recipients. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might no
RE: Re-Use TCP Source Ports if the Socket is Unique?
> -Original Message- > From: Mark H. Wood > Sent: Friday, June 25, 2021 12:30 PM > To: users@tomcat.apache.org > Subject: Re: Re-Use TCP Source Ports if the Socket is Unique? > > On Fri, Jun 25, 2021 at 12:46:03PM +, Eric Robinson wrote: > > Olaf and Scott -- > > > > Thanks to both of you for your comments. I may have asked my question > poorly, since what you both described is the way I understand TCP to work. > There is no correlation between an incoming connection to tomcat and its > outgoing connection to a database backend, nor would I expect there to be. > > > > Perhaps a simpler way to ask my question is: when a server has multiple > IPs, which one does tomcat use as its source IP when it initiates a three-way > handshake with a remote machine? > > > > For example, suppose my server has IP addresses 10.0.0.1 and 10.0.0.2, and > my tomcat connector looks like this... > > > > > port="8080" > > protocol="HTTP/1.1" > > address="10.0.0.2" > > connectionTimeout="2" > > redirectPort="8443" > > /> > > > > Tomcat is now listening on IP 10.0.0.2. > > > > But here's the question. If tomcat needs to initiate a TCP session to a > remote machine (acting as a TCP client), will it use 10.0.0.1 or 10.0.0.2 as > the > source IP of the outbound connection? I'm assuming it will use the same IP > that the connector is configured to listen on. > > man 7 tcp > > A client uses 'connect' and doesn't need to set a local address. Only a > service > needs to declare its own address and port. > > The kernel routing database knows which distant hosts should be reachable > via each local address. 'connect' should use this to pick an address that can > reach the distant host, assign an unallocated port, and send SYN to request a > connection. > > So the answer to your question is "it depends on the service host's address > and what networks the interfaces for 10.0.0.1 and 10.0.0.2 can see." > Gotcha, that is clearer to me now. Fortunately, Christopher Schultz turned me on to the Connector/J localSocketAddress property, and now I can control which source IP my tomcat instances use when connecting to remote database servers. > -- > Mark H. Wood > Lead Technology Analyst > > University Library > Indiana University - Purdue University Indianapolis > 755 W. Michigan Street > Indianapolis, IN 46202 > 317-274-0749 > www.ulib.iupui.edu Disclaimer : This email and any files transmitted with it are confidential and intended solely for intended recipients. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physician Select Management. Warning: Although Physician Select Management has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Re-Use TCP Source Ports if the Socket is Unique?
> -Original Message- > From: Christopher Schultz > Sent: Friday, June 25, 2021 11:33 AM > To: users@tomcat.apache.org > Subject: Re: Re-Use TCP Source Ports if the Socket is Unique? > > Eric, > > On 6/24/21 21:14, Eric Robinson wrote: > > I guess I may have answered this question for myself. At least I can > > simulate it with ncat. Note that I have two ncat sessions open to the > > same remote server using the same source port, but with different > > source IPs. > > > > [root@testserver ~]# netstat -antp|grep ncat > > tcp0 0 192.168.11.215:3456 192.168.10.59:9000 > > ESTABLISHED > 60946/ncat > > tcp0 0 192.168.10.58:3456 192.168.10.59:9000 > > ESTABLISHED > 60920/ncat > > > What is the command-line you used to invoke those nc processes? > Presumably, you had to specifically tell each process which source interface > to use. Yes, as follows. I forced each ncat to use a specific source IP and source port. # ncat -s 192.168.10.58 -p 3456 remoteserver 9000 # ncat -s 192.168.11.215 -p 3456 remoteserver 9000 > > I haven't done this myself, but my guess would be that every outgoing > connection would use the default network interface appropriate for that > type of communication. > > The IP/interface Tomcat uses to bind and listen for connections has no > bearing on which interface is chosen for outbound connections. > Gotcha. So I need to find a way to force all connections from a tomcat instance to remote IP "X" to always use source IP "Y." That's my challenge. > > Is there any reason why tomcat should not be expected to work the same > > way? And when I say tomcat, I really mean libraries like the mysql > odbc > connector that tomcat uses. > > Oh, you're using Connector/J? Then you want this setting: > > localSocketAddress > > https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-connp-props- > connection-authentication.html > > -chris > Om my goodness. You, sir, are my ever-livin' hero. That WORKED. I tested it, and now my tomcat instances connect to the database server using whatever local IP I specify in the localSocketAddress property. I am a happy man. -Eric > >> -Original Message- > >> From: Eric Robinson > >> Sent: Thursday, June 24, 2021 3:19 PM > >> To: Tomcat Users List > >> Subject: Re-Use TCP Source Ports if the Socket is Unique? > >> > >> Two quick questions. > >> > >> Question 1: > >> > >> When tomcat creates a TCP connection to a remote server (for example, > >> a back-end database) tomcat is acting as the TCP client in that case. > >> Does it use the IP it is listening on as the source IP for its outbound > >> client > connection? > >> > >> For example, Server1 has three IPs: 10.0.0.1 (primary), and two > >> additional IPs, 10.0.0.2 and 10.0.0.3. Tomcat is listening on > >> 10.0.0.2. It receives a request that requires it to connect to a > >> database server. When it creates a TCP connection the database server, > which IP does it use as the source address? > >> > >> Question 2: > >> > >> Suppose you have two instances of tomcat on the same server. TomcatA > >> is listening on 10.0.0.2 and TomcatB on 10.0.0.3. First, TomcatA > >> establishes a connection to a remote server from its source IP 10.0.0.2, > source port 3456. > >> Can TomcatB, which is listening on a different IP, also establish a > >> connection to the remote database server using the same source port > >> 3456, given that the sockets is unique (different source IP)? > >> > >> -Eric > >> > >> > >> > >> > >> > >> > >> Disclaimer : This email and any files transmitted with it are > >> confidential and intended solely for intended recipients. If you are > >> not the named addressee you should not disseminate, distribute, copy > >> or alter this email. Any views or opinions presented in this email > >> are solely those of the author and might not represent those of > >> Physician Select Management. Warning: Although Physician Select > >> Management has taken reasonable precautions to ensure no viruses are > >> present in this email, the company cannot accept responsibility for any > loss or damage arising from the use of this email or attachments. > > Disclaimer : This email and any files transmitted with it are confidential > > and > intended solely for intended recipients. If you are not the named addressee > you should not di
RE: Re-Use TCP Source Ports if the Socket is Unique?
> -Original Message- > From: Olaf Kock > Sent: Friday, June 25, 2021 8:07 AM > To: users@tomcat.apache.org > Subject: Re: Re-Use TCP Source Ports if the Socket is Unique? > > > On 25.06.21 14:46, Eric Robinson wrote: > > Olaf and Scott -- > > > > Thanks to both of you for your comments. I may have asked my question > poorly, since what you both described is the way I understand TCP to work. > There is no correlation between an incoming connection to tomcat and its > outgoing connection to a database backend, nor would I expect there to be. > > > > Perhaps a simpler way to ask my question is: when a server has multiple > IPs, which one does tomcat use as its source IP when it initiates a three-way > handshake with a remote machine? > > > > For example, suppose my server has IP addresses 10.0.0.1 and 10.0.0.2, and > my tomcat connector looks like this... > > > > > port="8080" > > protocol="HTTP/1.1" > > address="10.0.0.2" > > connectionTimeout="2" > > redirectPort="8443" > > /> > > > > Tomcat is now listening on IP 10.0.0.2. > > > > But here's the question. If tomcat needs to initiate a TCP session to a > remote machine (acting as a TCP client), will it use 10.0.0.1 or 10.0.0.2 as > the > source IP of the outbound connection? I'm assuming it will use the same IP > that the connector is configured to listen on. > > > Hi Eric, > > again: There's no correlation. Your question boils down to a context-free > "which source IP does tomcat use for outgoing connections?". In fact, Tomcat > doesn't use any. It just asks the runtime environment (ultimately I'd expect > the OS) for a connection to a particular destination, then it uses that. > > How the connection is then established will depend on > > * available network adapters > * best route to the target address > * OS or network configuration > > It will /not/ depend on any of Tomcat's Connector-configurations > whatsoever > Got it. Then, given a tomcat server with one NIC and two IP addresses, 10.0.0.2 and 10.0.0.3, when tomcat connects to a server on the same subnet at 10.0.0.50, what logic does the OS use to select the source IP, all else being equal? Obviously neither IP has a routing advantage. > Olaf > > > >> -Original Message- > >> From: Olaf Kock > >> Sent: Friday, June 25, 2021 3:01 AM > >> To: users@tomcat.apache.org > >> Subject: Re: Re-Use TCP Source Ports if the Socket is Unique? > >> > >> > >> On 25.06.21 05:19, Eric Robinson wrote: > >>> Thanks for the feedback, Daniel. > >>> > >>> I guess the answer depends on whether the socket libraries use the > >>> tomcat > >> listening port as the source IP. If you have three tomcat instances > >> listening on three different IPs, each instance should be able to > >> open a client connection using the same source port, as long as each > >> tomcat uses its listening IP as the source IP of the socket. > >>> That's the part I'm still not sure about. > >> My expectation is that database connections do not have any > >> correlation with the listening port: Technically, DB connection pools > >> can be shared across all contained Hosts and Connectors /within a > >> single tomcat/, and when multiple processes are added to the game, it > doesn't really change anything. > >> > >> In fact, it's not uncommon that there's a public facing network > >> adapter, where a http-connector listens, but a completely different > >> network adapter for any backend communication - e.g. to the database. > >> All that I expect a database driver to do is to specify where it > >> wants to connect to, and the OS figures out how that connection needs to > be routed. > >> That's utterly independent of any http connection that comes in to > >> the same process. > >> > >> So: Don't expect any correlation, and you're safe. > >> > >> (Note: There /may/ be ways to configure a db-driver to specify a > >> source address, but I'd expect that rather to add a potential failure > >> rather than anything that I'd want to control. If you interpret such a > situation differently: > >> Please elaborate) > >> > >> Best, > >> > >> Olaf > >> > >> > >> > >> - > >> To unsubscribe, e-mail: users-
Re: Re-Use TCP Source Ports if the Socket is Unique?
On Fri, Jun 25, 2021 at 12:46:03PM +, Eric Robinson wrote: > Olaf and Scott -- > > Thanks to both of you for your comments. I may have asked my question poorly, > since what you both described is the way I understand TCP to work. There is > no correlation between an incoming connection to tomcat and its outgoing > connection to a database backend, nor would I expect there to be. > > Perhaps a simpler way to ask my question is: when a server has multiple IPs, > which one does tomcat use as its source IP when it initiates a three-way > handshake with a remote machine? > > For example, suppose my server has IP addresses 10.0.0.1 and 10.0.0.2, and my > tomcat connector looks like this... > > port="8080" > protocol="HTTP/1.1" > address="10.0.0.2" > connectionTimeout="2" > redirectPort="8443" > /> > > Tomcat is now listening on IP 10.0.0.2. > > But here's the question. If tomcat needs to initiate a TCP session to a > remote machine (acting as a TCP client), will it use 10.0.0.1 or 10.0.0.2 as > the source IP of the outbound connection? I'm assuming it will use the same > IP that the connector is configured to listen on. man 7 tcp A client uses 'connect' and doesn't need to set a local address. Only a service needs to declare its own address and port. The kernel routing database knows which distant hosts should be reachable via each local address. 'connect' should use this to pick an address that can reach the distant host, assign an unallocated port, and send SYN to request a connection. So the answer to your question is "it depends on the service host's address and what networks the interfaces for 10.0.0.1 and 10.0.0.2 can see." -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu signature.asc Description: PGP signature
Re: Re-Use TCP Source Ports if the Socket is Unique?
Eric, On 6/24/21 21:14, Eric Robinson wrote: I guess I may have answered this question for myself. At least I can simulate it with ncat. Note that I have two ncat sessions open to the same remote server using the same source port, but with different source IPs. [root@testserver ~]# netstat -antp|grep ncat tcp0 0 192.168.11.215:3456 192.168.10.59:9000 ESTABLISHED 60946/ncat tcp0 0 192.168.10.58:3456 192.168.10.59:9000 ESTABLISHED 60920/ncat What is the command-line you used to invoke those nc processes? Presumably, you had to specifically tell each process which source interface to use. I haven't done this myself, but my guess would be that every outgoing connection would use the default network interface appropriate for that type of communication. The IP/interface Tomcat uses to bind and listen for connections has no bearing on which interface is chosen for outbound connections. > Is there any reason why tomcat should not be expected to work the same > way? And when I say tomcat, I really mean libraries like the mysql > odbc connector that tomcat uses. Oh, you're using Connector/J? Then you want this setting: localSocketAddress https://dev.mysql.com/doc/connector-j/5.1/en/connector-j-connp-props-connection-authentication.html -chris -Original Message- From: Eric Robinson Sent: Thursday, June 24, 2021 3:19 PM To: Tomcat Users List Subject: Re-Use TCP Source Ports if the Socket is Unique? Two quick questions. Question 1: When tomcat creates a TCP connection to a remote server (for example, a back-end database) tomcat is acting as the TCP client in that case. Does it use the IP it is listening on as the source IP for its outbound client connection? For example, Server1 has three IPs: 10.0.0.1 (primary), and two additional IPs, 10.0.0.2 and 10.0.0.3. Tomcat is listening on 10.0.0.2. It receives a request that requires it to connect to a database server. When it creates a TCP connection the database server, which IP does it use as the source address? Question 2: Suppose you have two instances of tomcat on the same server. TomcatA is listening on 10.0.0.2 and TomcatB on 10.0.0.3. First, TomcatA establishes a connection to a remote server from its source IP 10.0.0.2, source port 3456. Can TomcatB, which is listening on a different IP, also establish a connection to the remote database server using the same source port 3456, given that the sockets is unique (different source IP)? -Eric Disclaimer : This email and any files transmitted with it are confidential and intended solely for intended recipients. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physician Select Management. Warning: Although Physician Select Management has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. Disclaimer : This email and any files transmitted with it are confidential and intended solely for intended recipients. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physician Select Management. Warning: Although Physician Select Management has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Re-Use TCP Source Ports if the Socket is Unique?
On 25.06.21 14:46, Eric Robinson wrote: > Olaf and Scott -- > > Thanks to both of you for your comments. I may have asked my question poorly, > since what you both described is the way I understand TCP to work. There is > no correlation between an incoming connection to tomcat and its outgoing > connection to a database backend, nor would I expect there to be. > > Perhaps a simpler way to ask my question is: when a server has multiple IPs, > which one does tomcat use as its source IP when it initiates a three-way > handshake with a remote machine? > > For example, suppose my server has IP addresses 10.0.0.1 and 10.0.0.2, and my > tomcat connector looks like this... > > port="8080" > protocol="HTTP/1.1" > address="10.0.0.2" > connectionTimeout="2" > redirectPort="8443" > /> > > Tomcat is now listening on IP 10.0.0.2. > > But here's the question. If tomcat needs to initiate a TCP session to a > remote machine (acting as a TCP client), will it use 10.0.0.1 or 10.0.0.2 as > the source IP of the outbound connection? I'm assuming it will use the same > IP that the connector is configured to listen on. > Hi Eric, again: There's no correlation. Your question boils down to a context-free "which source IP does tomcat use for outgoing connections?". In fact, Tomcat doesn't use any. It just asks the runtime environment (ultimately I'd expect the OS) for a connection to a particular destination, then it uses that. How the connection is then established will depend on * available network adapters * best route to the target address * OS or network configuration It will /not/ depend on any of Tomcat's Connector-configurations whatsoever Olaf >> -----Original Message- >> From: Olaf Kock >> Sent: Friday, June 25, 2021 3:01 AM >> To: users@tomcat.apache.org >> Subject: Re: Re-Use TCP Source Ports if the Socket is Unique? >> >> >> On 25.06.21 05:19, Eric Robinson wrote: >>> Thanks for the feedback, Daniel. >>> >>> I guess the answer depends on whether the socket libraries use the tomcat >> listening port as the source IP. If you have three tomcat instances >> listening on >> three different IPs, each instance should be able to open a client connection >> using the same source port, as long as each tomcat uses its listening IP as >> the >> source IP of the socket. >>> That's the part I'm still not sure about. >> My expectation is that database connections do not have any correlation >> with the listening port: Technically, DB connection pools can be shared >> across >> all contained Hosts and Connectors /within a single tomcat/, and when >> multiple processes are added to the game, it doesn't really change anything. >> >> In fact, it's not uncommon that there's a public facing network adapter, >> where a http-connector listens, but a completely different network adapter >> for any backend communication - e.g. to the database. All that I expect a >> database driver to do is to specify where it wants to connect to, and the OS >> figures out how that connection needs to be routed. >> That's utterly independent of any http connection that comes in to the same >> process. >> >> So: Don't expect any correlation, and you're safe. >> >> (Note: There /may/ be ways to configure a db-driver to specify a source >> address, but I'd expect that rather to add a potential failure rather than >> anything that I'd want to control. If you interpret such a situation >> differently: >> Please elaborate) >> >> Best, >> >> Olaf >> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org > Disclaimer : This email and any files transmitted with it are confidential > and intended solely for intended recipients. If you are not the named > addressee you should not disseminate, distribute, copy or alter this email. > Any views or opinions presented in this email are solely those of the author > and might not represent those of Physician Select Management. Warning: > Although Physician Select Management has taken reasonable precautions to > ensure no viruses are present in this email, the company cannot accept > responsibility for any loss or damage arising from the use of this email or > attachments. > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Re-Use TCP Source Ports if the Socket is Unique?
Olaf and Scott -- Thanks to both of you for your comments. I may have asked my question poorly, since what you both described is the way I understand TCP to work. There is no correlation between an incoming connection to tomcat and its outgoing connection to a database backend, nor would I expect there to be. Perhaps a simpler way to ask my question is: when a server has multiple IPs, which one does tomcat use as its source IP when it initiates a three-way handshake with a remote machine? For example, suppose my server has IP addresses 10.0.0.1 and 10.0.0.2, and my tomcat connector looks like this... Tomcat is now listening on IP 10.0.0.2. But here's the question. If tomcat needs to initiate a TCP session to a remote machine (acting as a TCP client), will it use 10.0.0.1 or 10.0.0.2 as the source IP of the outbound connection? I'm assuming it will use the same IP that the connector is configured to listen on. > -Original Message- > From: Olaf Kock > Sent: Friday, June 25, 2021 3:01 AM > To: users@tomcat.apache.org > Subject: Re: Re-Use TCP Source Ports if the Socket is Unique? > > > On 25.06.21 05:19, Eric Robinson wrote: > > Thanks for the feedback, Daniel. > > > > I guess the answer depends on whether the socket libraries use the tomcat > listening port as the source IP. If you have three tomcat instances listening > on > three different IPs, each instance should be able to open a client connection > using the same source port, as long as each tomcat uses its listening IP as > the > source IP of the socket. > > > > That's the part I'm still not sure about. > > My expectation is that database connections do not have any correlation > with the listening port: Technically, DB connection pools can be shared across > all contained Hosts and Connectors /within a single tomcat/, and when > multiple processes are added to the game, it doesn't really change anything. > > In fact, it's not uncommon that there's a public facing network adapter, > where a http-connector listens, but a completely different network adapter > for any backend communication - e.g. to the database. All that I expect a > database driver to do is to specify where it wants to connect to, and the OS > figures out how that connection needs to be routed. > That's utterly independent of any http connection that comes in to the same > process. > > So: Don't expect any correlation, and you're safe. > > (Note: There /may/ be ways to configure a db-driver to specify a source > address, but I'd expect that rather to add a potential failure rather than > anything that I'd want to control. If you interpret such a situation > differently: > Please elaborate) > > Best, > > Olaf > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org Disclaimer : This email and any files transmitted with it are confidential and intended solely for intended recipients. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physician Select Management. Warning: Although Physician Select Management has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments.
RE: Re-Use TCP Source Ports if the Socket is Unique?
Hi Eric, > I guess the answer depends on whether the socket libraries use the tomcat > listening port as the source IP. If you have three tomcat instances listening > on three different IPs, each instance should be able to open a client > connection using the same source port, as long as each tomcat uses its > listening IP as the source IP of the socket. I think there's couple of snippets of information that could help you understand this: - There is no predefined relationship between the incoming request and the outgoing request : they are normally entirely independent operations This does not mean that you can't code one should you ever find a good reason. - The port to connect to the, e.g., database service is the target port, not the source port A browser will connect to :8080 and assign a port on the client for receiving responses. Tomcat acting as a TCP client will do the same - connect to the database using :1521 and assign a port for receiving responses. That's how TCP works. For good security reasons Tomcat can be deployed on a server with two network cards. For example, listening on 192.168.5.20:8080 for incoming http requests to service the application and connecting to a database server at 10.10.40.50:1521 using its network interface for 10.10.40.x. This keeps your database network one further level removed from the publicly connectable network(s). The database connection may be made before any client requests arrive with Tomcat and may remain active even when all of the clients have "gone away". Our .war application connects to the database to load configuration on startup before the http endpoint is ready to respond to client requests and the database connection remains active until Tomcat is shut down. Does that help? Thanks, Tim -- Tim Scott OCLC · Senior Software Engineer / Technical Product Manager cc: IT file OCLC COVID-19 resources: oc.lc/covid19-service-info -Original Message- From: Eric Robinson Sent: 25 June 2021 04:19 To: Tomcat Users List Subject: [External] RE: Re-Use TCP Source Ports if the Socket is Unique? Thanks for the feedback, Daniel. I guess the answer depends on whether the socket libraries use the tomcat listening port as the source IP. If you have three tomcat instances listening on three different IPs, each instance should be able to open a client connection using the same source port, as long as each tomcat uses its listening IP as the source IP of the socket. That's the part I'm still not sure about. > -Original Message- > From: Daniel Baktiar > Sent: Thursday, June 24, 2021 9:16 PM > To: Tomcat Users List > Subject: Re: Re-Use TCP Source Ports if the Socket is Unique? > > Hi Eric, > > It should behave the same way. The socket client application will be assigned > an ephemeral port. > > On Fri, Jun 25, 2021 at 9:14 AM Eric Robinson > wrote: > > > I guess I may have answered this question for myself. At least I can > > simulate it with ncat. Note that I have two ncat sessions open to the > > same remote server using the same source port, but with different source > IPs. > > > > [root@testserver ~]# netstat -antp|grep ncat > > tcp0 0 192.168.11.215:3456 192.168.10.59:9000 > > ESTABLISHED 60946/ncat > > tcp0 0 192.168.10.58:3456 192.168.10.59:9000 > > ESTABLISHED 60920/ncat > > > > Is there any reason why tomcat should not be expected to work the same > > way? And when I say tomcat, I really mean libraries like the mysql > > odbc connector that tomcat uses. > > > > > > > -Original Message- > > > From: Eric Robinson > > > Sent: Thursday, June 24, 2021 3:19 PM > > > To: Tomcat Users List > > > Subject: Re-Use TCP Source Ports if the Socket is Unique? > > > > > > Two quick questions. > > > > > > Question 1: > > > > > > When tomcat creates a TCP connection to a remote server (for > > > example, a back-end database) tomcat is acting as the TCP client in > > > that case. Does > > it use > > > the IP it is listening on as the source IP for its outbound client > > connection? > > > > > > For example, Server1 has three IPs: 10.0.0.1 (primary), and two > > additional > > > IPs, 10.0.0.2 and 10.0.0.3. Tomcat is listening on 10.0.0.2. It > > > receives > > a request > > > that requires it to connect to a database server. When it creates a > > > TCP connection the database server, which IP does it use as the > > > source > > address? > > > > > > Question 2: > > > > > > Suppose you have two instances of tomcat on the same server. TomcatA >
Re: Re-Use TCP Source Ports if the Socket is Unique?
On 25.06.21 05:19, Eric Robinson wrote: > Thanks for the feedback, Daniel. > > I guess the answer depends on whether the socket libraries use the tomcat > listening port as the source IP. If you have three tomcat instances listening > on three different IPs, each instance should be able to open a client > connection using the same source port, as long as each tomcat uses its > listening IP as the source IP of the socket. > > That's the part I'm still not sure about. My expectation is that database connections do not have any correlation with the listening port: Technically, DB connection pools can be shared across all contained Hosts and Connectors /within a single tomcat/, and when multiple processes are added to the game, it doesn't really change anything. In fact, it's not uncommon that there's a public facing network adapter, where a http-connector listens, but a completely different network adapter for any backend communication - e.g. to the database. All that I expect a database driver to do is to specify where it wants to connect to, and the OS figures out how that connection needs to be routed. That's utterly independent of any http connection that comes in to the same process. So: Don't expect any correlation, and you're safe. (Note: There /may/ be ways to configure a db-driver to specify a source address, but I'd expect that rather to add a potential failure rather than anything that I'd want to control. If you interpret such a situation differently: Please elaborate) Best, Olaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Re-Use TCP Source Ports if the Socket is Unique?
Thanks for the feedback, Daniel. I guess the answer depends on whether the socket libraries use the tomcat listening port as the source IP. If you have three tomcat instances listening on three different IPs, each instance should be able to open a client connection using the same source port, as long as each tomcat uses its listening IP as the source IP of the socket. That's the part I'm still not sure about. > -Original Message- > From: Daniel Baktiar > Sent: Thursday, June 24, 2021 9:16 PM > To: Tomcat Users List > Subject: Re: Re-Use TCP Source Ports if the Socket is Unique? > > Hi Eric, > > It should behave the same way. The socket client application will be assigned > an ephemeral port. > > On Fri, Jun 25, 2021 at 9:14 AM Eric Robinson > wrote: > > > I guess I may have answered this question for myself. At least I can > > simulate it with ncat. Note that I have two ncat sessions open to the > > same remote server using the same source port, but with different source > IPs. > > > > [root@testserver ~]# netstat -antp|grep ncat > > tcp0 0 192.168.11.215:3456 192.168.10.59:9000 > > ESTABLISHED 60946/ncat > > tcp0 0 192.168.10.58:3456 192.168.10.59:9000 > > ESTABLISHED 60920/ncat > > > > Is there any reason why tomcat should not be expected to work the same > > way? And when I say tomcat, I really mean libraries like the mysql > > odbc connector that tomcat uses. > > > > > > > -----Original Message- > > > From: Eric Robinson > > > Sent: Thursday, June 24, 2021 3:19 PM > > > To: Tomcat Users List > > > Subject: Re-Use TCP Source Ports if the Socket is Unique? > > > > > > Two quick questions. > > > > > > Question 1: > > > > > > When tomcat creates a TCP connection to a remote server (for > > > example, a back-end database) tomcat is acting as the TCP client in > > > that case. Does > > it use > > > the IP it is listening on as the source IP for its outbound client > > connection? > > > > > > For example, Server1 has three IPs: 10.0.0.1 (primary), and two > > additional > > > IPs, 10.0.0.2 and 10.0.0.3. Tomcat is listening on 10.0.0.2. It > > > receives > > a request > > > that requires it to connect to a database server. When it creates a > > > TCP connection the database server, which IP does it use as the > > > source > > address? > > > > > > Question 2: > > > > > > Suppose you have two instances of tomcat on the same server. TomcatA > > > is listening on 10.0.0.2 and TomcatB on 10.0.0.3. First, TomcatA > > establishes a > > > connection to a remote server from its source IP 10.0.0.2, source > > > port > > 3456. > > > Can TomcatB, which is listening on a different IP, also establish a > > connection > > > to the remote database server using the same source port 3456, given > > > that the sockets is unique (different source IP)? > > > > > > -Eric > > > > > > > > > > > > > > > > > > > > > Disclaimer : This email and any files transmitted with it are > > confidential and > > > intended solely for intended recipients. If you are not the named > > addressee > > > you should not disseminate, distribute, copy or alter this email. > > > Any > > views or > > > opinions presented in this email are solely those of the author and > > might not > > > represent those of Physician Select Management. Warning: Although > > > Physician Select Management has taken reasonable precautions to > > > ensure no viruses are present in this email, the company cannot > > > accept > > responsibility > > > for any loss or damage arising from the use of this email or attachments. > > Disclaimer : This email and any files transmitted with it are > > confidential and intended solely for intended recipients. If you are > > not the named addressee you should not disseminate, distribute, copy or > alter this email. > > Any views or opinions presented in this email are solely those of the > > author and might not represent those of Physician Select Management. > > Warning: Although Physician Select Management has taken reasonable > > precautions to ensure no viruses are present in this email, the > > company cannot accept responsibility for any loss or damage arising > > from the use of this email or attachments. > > > > --
Re: Re-Use TCP Source Ports if the Socket is Unique?
Hi Eric, It should behave the same way. The socket client application will be assigned an ephemeral port. On Fri, Jun 25, 2021 at 9:14 AM Eric Robinson wrote: > I guess I may have answered this question for myself. At least I can > simulate it with ncat. Note that I have two ncat sessions open to the same > remote server using the same source port, but with different source IPs. > > [root@testserver ~]# netstat -antp|grep ncat > tcp0 0 192.168.11.215:3456 192.168.10.59:9000 > ESTABLISHED 60946/ncat > tcp0 0 192.168.10.58:3456 192.168.10.59:9000 > ESTABLISHED 60920/ncat > > Is there any reason why tomcat should not be expected to work the same > way? And when I say tomcat, I really mean libraries like the mysql odbc > connector that tomcat uses. > > > > -Original Message- > > From: Eric Robinson > > Sent: Thursday, June 24, 2021 3:19 PM > > To: Tomcat Users List > > Subject: Re-Use TCP Source Ports if the Socket is Unique? > > > > Two quick questions. > > > > Question 1: > > > > When tomcat creates a TCP connection to a remote server (for example, a > > back-end database) tomcat is acting as the TCP client in that case. Does > it use > > the IP it is listening on as the source IP for its outbound client > connection? > > > > For example, Server1 has three IPs: 10.0.0.1 (primary), and two > additional > > IPs, 10.0.0.2 and 10.0.0.3. Tomcat is listening on 10.0.0.2. It receives > a request > > that requires it to connect to a database server. When it creates a TCP > > connection the database server, which IP does it use as the source > address? > > > > Question 2: > > > > Suppose you have two instances of tomcat on the same server. TomcatA is > > listening on 10.0.0.2 and TomcatB on 10.0.0.3. First, TomcatA > establishes a > > connection to a remote server from its source IP 10.0.0.2, source port > 3456. > > Can TomcatB, which is listening on a different IP, also establish a > connection > > to the remote database server using the same source port 3456, given that > > the sockets is unique (different source IP)? > > > > -Eric > > > > > > > > > > > > > > Disclaimer : This email and any files transmitted with it are > confidential and > > intended solely for intended recipients. If you are not the named > addressee > > you should not disseminate, distribute, copy or alter this email. Any > views or > > opinions presented in this email are solely those of the author and > might not > > represent those of Physician Select Management. Warning: Although > > Physician Select Management has taken reasonable precautions to ensure > > no viruses are present in this email, the company cannot accept > responsibility > > for any loss or damage arising from the use of this email or attachments. > Disclaimer : This email and any files transmitted with it are confidential > and intended solely for intended recipients. If you are not the named > addressee you should not disseminate, distribute, copy or alter this email. > Any views or opinions presented in this email are solely those of the > author and might not represent those of Physician Select Management. > Warning: Although Physician Select Management has taken reasonable > precautions to ensure no viruses are present in this email, the company > cannot accept responsibility for any loss or damage arising from the use of > this email or attachments. > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
RE: Re-Use TCP Source Ports if the Socket is Unique?
I guess I may have answered this question for myself. At least I can simulate it with ncat. Note that I have two ncat sessions open to the same remote server using the same source port, but with different source IPs. [root@testserver ~]# netstat -antp|grep ncat tcp0 0 192.168.11.215:3456 192.168.10.59:9000 ESTABLISHED 60946/ncat tcp0 0 192.168.10.58:3456 192.168.10.59:9000 ESTABLISHED 60920/ncat Is there any reason why tomcat should not be expected to work the same way? And when I say tomcat, I really mean libraries like the mysql odbc connector that tomcat uses. > -Original Message- > From: Eric Robinson > Sent: Thursday, June 24, 2021 3:19 PM > To: Tomcat Users List > Subject: Re-Use TCP Source Ports if the Socket is Unique? > > Two quick questions. > > Question 1: > > When tomcat creates a TCP connection to a remote server (for example, a > back-end database) tomcat is acting as the TCP client in that case. Does it > use > the IP it is listening on as the source IP for its outbound client connection? > > For example, Server1 has three IPs: 10.0.0.1 (primary), and two additional > IPs, 10.0.0.2 and 10.0.0.3. Tomcat is listening on 10.0.0.2. It receives a > request > that requires it to connect to a database server. When it creates a TCP > connection the database server, which IP does it use as the source address? > > Question 2: > > Suppose you have two instances of tomcat on the same server. TomcatA is > listening on 10.0.0.2 and TomcatB on 10.0.0.3. First, TomcatA establishes a > connection to a remote server from its source IP 10.0.0.2, source port 3456. > Can TomcatB, which is listening on a different IP, also establish a connection > to the remote database server using the same source port 3456, given that > the sockets is unique (different source IP)? > > -Eric > > > > > > > Disclaimer : This email and any files transmitted with it are confidential and > intended solely for intended recipients. If you are not the named addressee > you should not disseminate, distribute, copy or alter this email. Any views or > opinions presented in this email are solely those of the author and might not > represent those of Physician Select Management. Warning: Although > Physician Select Management has taken reasonable precautions to ensure > no viruses are present in this email, the company cannot accept responsibility > for any loss or damage arising from the use of this email or attachments. Disclaimer : This email and any files transmitted with it are confidential and intended solely for intended recipients. If you are not the named addressee you should not disseminate, distribute, copy or alter this email. Any views or opinions presented in this email are solely those of the author and might not represent those of Physician Select Management. Warning: Although Physician Select Management has taken reasonable precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage arising from the use of this email or attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
