Re: Does Tomcat/Java get around the problem of 64K maximum client source ports?

[tomcat/perl]

On 26.03.2020 20:42, Eric Robinson wrote:
-----Original Message-----
From: Olaf Kock <tom...@olafkock.de>
Sent: Thursday, March 26, 2020 2:06 PM
To: users@tomcat.apache.org
Subject: Re: Does Tomcat/Java get around the problem of 64K maximum
client source ports?
Hi Eric,

On 26.03.20 18:58, Eric Robinson wrote:
Greetings,

Many people say the maximum number of client ports is 64K. However,
TCP connections only require unique sockets, which are defined as...

local_IP:local_port -> remote_ip:remote_port

Theoretically, it is possible for a client process to keep using the same local
source port, as long as the connections are to a unique destinations. For
example on a local machine, the following connections should be possible...

192.168.5.100:1400 -> 192.168.5.200:3306
192.168.5.100:1400 -> 192.168.5.201:3306
192.168.5.100:1400 -> 192.168.5.202:3306
192.168.5.100:1400 -> 192.168.5.203:3306

I've seen this demonstrated successfully here:

https://serverfault.com/questions/326819/does-the-tcp-source-port-have
-to-be-unique-per-host

As someone on that page pointed out, while it is possible, it does not
commonly occur in practice "because most TCP APIs don't provide a way to
create more than one connection with the same source port, unless they
have different source IP addresses." This leads to the 64K maximum client
port range, but it is really a limitation of the APIs, not TCP.

So how does tomcat handle things? Is it limited to a maximum 64K client
source ports, or is it 64K per destination, as it should be?

To be honest, I can't remember to have seen a web- or application server
that accepts 64K concurrent connections at all, let alone to a single client.

I can't come up with any reason to do so, I'd assume that there's a DOS attack
if I get 100 concurrent incoming connections from a single IP, and a
programming error if the server sets up more than 1K outgoing connections

Maybe I'm missing the obvious, or have only administered meaningless
installations, but I fail to see the real world relevance of this question.



I don't blame you for being puzzled, but this not about tomcat accepting 
connections. It's about tomcat acting as the client, where MySQL is the server. 
I'm referring to client connections from tomcat to MySQL. We have about 1800 
instances of tomcat running. This question comes up once in a while when tomcat 
can't connect to MySQL. Trust me, it can be an issue.

--Eric


The question is : is there even any Java API (method) (or even OS API) which allows a 
client to open a (client, non-LISTEN) socket AND specify the client IP address and/or port ?

I mean, if there is none, then the question may be interesting in the absolute, but 
ultimately pointless.

I believe that the IP address of client packets, will be determined by which /route/ the 
OS determines that the target server address can be reached (which will determine through 
which network interface the packets "go out", which will determine the sender IP address 
inserted in the packets). I don't think that the application-level software (here a java 
webapp) can determine this in advance.
And the client port will be decided by the OS-level TCP stack, in function of which ones 
are not yet in use (which a java webapp can also not determine in advance).

Example of creating a client socket :
Socket echoSocket = new Socket(hostName, portNumber);
The hostname (or IP address of ditto) and port numbers passed as arguments, are the 
IP:port of the server you are connecting /to/, not the ones of the local socket.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org