From 8a2c6554030c90614c26ea586801454aeb566bb2 Mon Sep 17 00:00:00 2001 From: Alex Dadgar Date: Tue, 18 Jul 2017 13:47:53 -0700 Subject: [PATCH 1/2] Shrink dynamic port range This PR shrinks the dynamic port range to not overlap with most operating systems ephemeral port range: https://en.wikipedia.org/wiki/Ephemeral_port --- nomad/structs/network.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nomad/structs/network.go b/nomad/structs/network.go index 169a819eeb5..3f0ebff4f09 100644 --- a/nomad/structs/network.go +++ b/nomad/structs/network.go @@ -12,7 +12,7 @@ const ( MinDynamicPort = 20000 // MaxDynamicPort is the largest dynamic port generated - MaxDynamicPort = 60000 + MaxDynamicPort = 32000 // maxRandPortAttempts is the maximum number of attempt // to assign a random port From 24236e63093cf01af666729c915b075b9b960541 Mon Sep 17 00:00:00 2001 From: Alex Dadgar Date: Tue, 18 Jul 2017 14:07:28 -0700 Subject: [PATCH 2/2] docs --- website/source/guides/cluster/requirements.html.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/website/source/guides/cluster/requirements.html.md b/website/source/guides/cluster/requirements.html.md index 906d8cb80ee..682091a4e1e 100644 --- a/website/source/guides/cluster/requirements.html.md +++ b/website/source/guides/cluster/requirements.html.md @@ -72,3 +72,17 @@ port. * Serf WAN (Default 4648). This is used by servers to gossip over the WAN to other servers. TCP and UDP. + +When tasks ask for dynamic ports, they are allocated out of the port range +between 20,000 and 32,000. This is well under the ephemeral port range suggested +by the [IANA](https://en.wikipedia.org/wiki/Ephemeral_port). If your operating +system's default ephemeral port range overlaps with Nomad's dynamic port range, +you should tune the OS to avoid this overlap. + +On Linux this can be checked and set as follows: + +``` +$ cat /proc/sys/net/ipv4/ip_local_port_range +32768 60999 +$ echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range +```