How safe is it to change the Linux Ephemeral Port range
Solution 1
Changing the ephemeral port range might cause problems if you are using Mesos.
Mesos advertises the resources of a host out to various Mesos Frameworks which then can choose to use the advertised resources. The advertised resources include CPU, memory, ports, etc. The default set of ports that Mesos advertises is 31000-32000. This avoids a clash with the default Linux ephemeral port range of 32768-61000.
Notably, Mesos doesn't know about whether a port is used by some other process, it just tracks the assignment of ports to the entities it orchestrates (Mesos Tasks & Mesos Executors). So if you change the ephemeral port range such that it overlaps with the Mesos port range, it's likely that some arbitrary process will use an ephemeral port that is actually one of those "Mesos ports". This could lead to Mesos offering that port to a Mesos Framework, which would encounter seemingly random failures of its Mesos Executors and/or Mesos Tasks as they will be unable to bind to that port.
If you need to increase your ephemeral port range and also need to run Mesos, then you can modify the advertised ports through a mesos-slave (soon to be renamed to mesos-agent) configuration parameter of --resources.
Solution 2
You can get a list of potentially affected services by looking what's in that range in your local /etc/services file, e.g.:
awk '/^#/ { next } $2+0 >= 16000 && $2+0 < 32768 { print }' /etc/services
Or at the authoritative place:
wget http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.csv
awk -F, '$2+0 >= 16000 && $2+0 < 32768 { print }' service-names-port-numbers.csv
Related videos on Youtube
07 : 54
01 : 58
02 : 02
06 : 10
03 : 39
07 : 16
03 : 52
ATP
Updated on September 18, 2022Comments
-
ATP over 1 year
I see the following ephemeral port range on my Linux box.
sysctl net.ipv4.ip_local_port_range net.ipv4.ip_local_port_range = 32768 61000I want to extend the port range to start from around 16000. A quick question here being: how safe is it to change the range in context to the other applications? Will other applications be affected by this change? I understand that an application is affected only if it is using the port(s) in the specified port range. But in general, how are these kind of issues dealt it?
-
Admin almost 9 yearsI don't think that there is any effect on other applications, but I'm not sure. Interesting question. -
Admin almost 9 yearsRight. Even I tried to look up some other documentation, and I did not find any effect on other applications. The following two links are excellent explanations of the reason of why I was facing this issue: vincent.bernat.im/en/blog/2014-tcp-time-wait-state-linux.html ncftp.com/ncftpd/doc/misc/ephemeral_ports.html
-
Admin almost 9 years@ikrabbe It certainly will have an effect on other applications if, e.g., your browser opens an ephemeral port to contact a web site, then someone/thing tries to start an application which by coincidence uses that port. The application will fail.
-
Admin almost 9 yearsJust for completeness sake, the syntax for editing the port number range is as follows: $ sudo sysctl -w net.ipv4.ip_local_port_range="15000 61000"
-
-
ATP almost 9 yearsThanks for the awk script, it definitely helps in identification of those ports which are listed in the services!