[Yahoo-eng-team] [Bug 1629066] Re: RFE Optionally bind load balancer instance to multiple IPs to increase available (source IP, source port) space to support > 64k connections to a single backend
** No longer affects: neutron -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1629066 Title: RFE Optionally bind load balancer instance to multiple IPs to increase available (source IP, source port) space to support > 64k connections to a single backend Status in octavia: Triaged Bug description: This limitation arose in while testing Neutron LBaaS using the HAProxy namespace driver, but applies to other proxying type backends including Octavia. A single load balancer instance (network namespace, or amphora) can only establish as many concurrent TCP connections to a single pool member as there are available distinct source IP, source TCP port combinations on the load balancing instance (network namespace or amphora). The source TCP port range is limited by the configured ephemeral port range, but this can be tuned to include all the unprivileged TCP ports (1024 - 65535) via sysctl. The available source addresses are limited to IP addresses bound to the instance, for the load balancing instance must be able to receive the response from the pool member. In short the total number of concurrent TCP connections to any single backend is limited to 64k times the number of available source IP addresses. This is because each TCP connection is identified by the 4-tuple: (src-ip, src-port, dst-ip, dst-port) and (dst-ip, dst-port) is used to define a specific pool member. TCP ports are limited by the 16bit field in the TCP protocol definition. In order to further increase the number of possible connections from a load balancing instance to a single backend we must increase this tuple space by increasing the number of available source IP addresses. Therefore, I propose we offer an option to attach multiple fixed-ips in the same subnet to the Neutron port of the load balancing instance facing the pool member. This would increase the tuple space allowing more than 64k concurrent connections to a single backend. While this limitation could be addressed by increasing the number of listening TCP ports on the pool member and adding additional members with the same IP address and different TCP ports, not all applications are suitable to this modification. To manage notifications about this bug go to: https://bugs.launchpad.net/octavia/+bug/1629066/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
[Yahoo-eng-team] [Bug 1629066] Re: RFE Optionally bind load balancer instance to multiple IPs to increase available (source IP, source port) space to support > 64k connections to a single backend
** Also affects: octavia Importance: Undecided Status: New ** Changed in: octavia Status: New => Triaged ** Changed in: octavia Importance: Undecided => Medium -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to neutron. https://bugs.launchpad.net/bugs/1629066 Title: RFE Optionally bind load balancer instance to multiple IPs to increase available (source IP, source port) space to support > 64k connections to a single backend Status in neutron: New Status in octavia: Triaged Bug description: This limitation arose in while testing Neutron LBaaS using the HAProxy namespace driver, but applies to other proxying type backends including Octavia. A single load balancer instance (network namespace, or amphora) can only establish as many concurrent TCP connections to a single pool member as there are available distinct source IP, source TCP port combinations on the load balancing instance (network namespace or amphora). The source TCP port range is limited by the configured ephemeral port range, but this can be tuned to include all the unprivileged TCP ports (1024 - 65535) via sysctl. The available source addresses are limited to IP addresses bound to the instance, for the load balancing instance must be able to receive the response from the pool member. In short the total number of concurrent TCP connections to any single backend is limited to 64k times the number of available source IP addresses. This is because each TCP connection is identified by the 4-tuple: (src-ip, src-port, dst-ip, dst-port) and (dst-ip, dst-port) is used to define a specific pool member. TCP ports are limited by the 16bit field in the TCP protocol definition. In order to further increase the number of possible connections from a load balancing instance to a single backend we must increase this tuple space by increasing the number of available source IP addresses. Therefore, I propose we offer an option to attach multiple fixed-ips in the same subnet to the Neutron port of the load balancing instance facing the pool member. This would increase the tuple space allowing more than 64k concurrent connections to a single backend. While this limitation could be addressed by increasing the number of listening TCP ports on the pool member and adding additional members with the same IP address and different TCP ports, not all applications are suitable to this modification. To manage notifications about this bug go to: https://bugs.launchpad.net/neutron/+bug/1629066/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
