Port Exhaustion - SQL

Reinis Rozitis r at roze.lv
Thu May 16 14:14:33 UTC 2019


> I love nginx and use it for other applications but maybe its the wrong product for this senerio

Does nginx connect to mysql (like you use some kind of embedded module (perl/lua etc)?) or do you proxy some backend app?
If not then it has no relation to this issue.


> We do not have an issue on the mysql server side with Port Exhaustion, just on the "Frontend webserver".  We have made a lot of changes, and are currently managing but I fear that we will reach the 65k limit again. 

Well it doesn't matter on which side as the tuples are constructed this way:

localip:localport - remoteip:remoteport


If you have a single mysql ip then it becomes:
localip:localport - 192.168.99.19:3306

And then if you have a single localip it becomes:
192.168.99.17:localport - 192.168.99.19:3306 

.. and 'localport' can have only ~65k values.


But now instead of having multiple local ips (as not all applications support binding to a specific outgoing interface  (for example as far as I know php with the default mysql(i)_connect() can't for different languages/apps/frameworks it might be different) and doing it with iptables/postrouting/snat is cumbersome, you could have just multiple remote ips which each would give you effectively 65k localports.

Then your application could just connect to a random remote ip (which is more simple from code point) or you can do it with a simple haproxy loadbalance setup:

frontend db
        bind :3306
        mode tcp
        default_backend mysqlserver

backend mysqlserver
        balance leastconn
        server c1 remotemysqlip1:3306
        server c2 remotemysqlip2:3306
        server c3 remotemysqlip3:3306


(would need to change the application to connect to 127.0.0.1:3306 (then again if not randomizing the 127.0.0.x you could hit the port exhaust anyways).

rr



More information about the nginx mailing list