Performance and cheap storage
Kjetil Torgrim Homme
kjetilho at ifi.uio.no
Sun Aug 6 19:04:04 EDT 2006
On Sun, 2006-08-06 at 11:40 +1000, Bron Gondwana wrote:
> On Sat, 5 Aug 2006 16:02:44 -0700 (PDT), "David Lang" <dlang at digitalinsight.com> said:
> > On Sat, 5 Aug 2006, Bron Gondwana wrote:
> >
> > > Your frontend only can make connections out using any port it likes, but
> > > there are only 65k of them, and at any one time, a fraction of those
> > > will be tied up doing other things.
> >
> > actually, it should only be the sourceIP,destIP,sourceport,destport that
> > needs
> > to be unique for a TCP connection so the ports that are in use going to
> > other
> > destinations should not affect you.
>
> Does the TCP stack know that when you request a port? My understanding
> was that when you requested an address/port pair you weren't given one
> already used by another program. I could be wrong though.
I think David is missing the issue: it's the proxied connection which is
problematic, not the connection to the client. this locks the IP
addresses to the frontend's and the backend's, and the port on the
backend side is always 143 (or whatever you prefer), so the only
variable part of the tuple is the port number on the frontend. this
restricts a frontend to 65k connections to each backend.
it should be noted that each tuple will stick around for two minutes
(IIRC) after the connection is closed, so a non-caching webmail solution
(ie. one which connects and authenticates for every click the user
makes, our Squirrelmail does this) may experience this problem quite
easily.
--
Kjetil T.
More information about the Info-cyrus
mailing list