Port Exhaustion - SQL

Brandon Mallory brandonm at medent.com
Thu May 16 13:46:13 UTC 2019


This is a very busy server and tried to push our programming department to move to persistent connections, they feel that it could be a security issue if dealing with sensitive information since that connection could be hijacked. We do not have an issue on the mysql server side with Port Exhaustion, just on the "Frontend webserver". We have made a lot of changes, and are currently managing but I fear that we will reach the 65k limit again. If I could get something to load balance LAN interfaces I could double the port limitation. I see that haproxy has an article on this, I love nginx and use it for other applications but maybe its the wrong product for this senerio. I was thinking there might be a way using proxy_bind. 

[ https://www.haproxy.com/blog/haproxy-high-mysql-request-rate-and-tcp-source-port-exhaustion/ | https://www.haproxy.com/blog/haproxy-high-mysql-request-rate-and-tcp-source-port-exhaustion/ ] 



Best Regards, 
Brandon Mallory 
Network & Systems Engineer 
MEDENT EMR/EHR 
15 Hulbert Street 
Auburn, NY 13021 
Phone: [ callto:(315)-255-0900 | (315)-255-0900 ] 
Fax: [ callto:(315)-255-3539 | (315)-255-3539 ] 
Web: [ http://www.medent.com/ | www.medent.com ] 



This message and any attachments may contain information that is protected by law as privileged and confidential, and is transmitted for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any use, dissemination, copying or retention of this e-mail or the information contained herein is strictly prohibited. If you received this e-mail in error, please immediately notify the sender by e-mail, and permanently delete this e-mail. 




From: "Reinis Rozitis" <r at roze.lv> 
To: "nginx" <nginx at nginx.org> 
Sent: Thursday, May 16, 2019 9:35:18 AM 
Subject: RE: Port Exhaustion - SQL 

> Yes all of those changes you have mentioned have been made. 

Well imo there is nothing else besides to even more decrease the FIN timeout (in a LAN that shouldn't be an issue (no slow clients)) so the lingering sockets are closed faster. 

Also instead of adding the network adapter(s) on the webserver you should add the interfaces on the mysql server and then either via loadbalancer or on application level use a round robin fashion (as binding to a specific local interface is harder than just connect to a different remote ip). 


Other than that depending on the application you might want to consider using persistent connections to MySQL or use some kind of mysql proxy between which could pool the connections to the mysql server. 

rr 

_______________________________________________ 
nginx mailing list 
nginx at nginx.org 
http://mailman.nginx.org/mailman/listinfo/nginx 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190516/7fc0f13a/attachment.html>


More information about the nginx mailing list