yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1629066] Re: RFE Optionally bind load balancer instance to multiple IPs to increase available (source IP, source port) space to support > 64k connections to a single backend

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Michael Johnson <johnsomor@xxxxxxxxx>
Date: Mon, 05 Dec 2016 22:52:48 -0000
Reply-to: Bug 1629066 <1629066@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** No longer affects: neutron

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1629066

Title:
  RFE Optionally bind load balancer instance to multiple IPs to increase
  available (source IP, source port) space to support > 64k connections
  to a single backend

Status in octavia:
  Triaged

Bug description:
  This limitation arose in while testing Neutron LBaaS using the HAProxy
  namespace driver, but applies to other proxying type backends
  including Octavia. A single load balancer instance (network namespace,
  or amphora) can only establish as many concurrent TCP connections to a
  single pool member as there are available distinct source IP, source
  TCP port combinations on the load balancing instance (network
  namespace or amphora). The source TCP port range is limited by the
  configured ephemeral port range, but this can be tuned to include all
  the unprivileged TCP ports (1024 - 65535) via sysctl. The available
  source addresses are limited to IP addresses bound to the instance,
  for the load balancing instance must be able to receive the response
  from the pool member.

  In short the total number of concurrent TCP connections to any single
  backend is limited to 64k times the number of available source IP
  addresses. This is because each TCP connection is identified by the
  4-tuple: (src-ip, src-port, dst-ip, dst-port) and (dst-ip, dst-port)
  is used to define a specific pool member. TCP ports are limited by the
  16bit field in the TCP protocol definition. In order to further
  increase the number of possible connections from a load balancing
  instance to a single backend we must increase this tuple space by
  increasing the number of available source IP addresses.

  Therefore, I propose we offer an option to attach multiple fixed-ips
  in the same subnet to the Neutron port of the load balancing instance
  facing the pool member. This would increase the tuple space allowing
  more than 64k concurrent connections to a single backend.

  While this limitation could be addressed by increasing the number of
  listening TCP ports on the pool member and adding additional members
  with the same IP address and different TCP ports, not all applications
  are suitable to this modification.

To manage notifications about this bug go to:
https://bugs.launchpad.net/octavia/+bug/1629066/+subscriptions

References

[Bug 1629066] [NEW] RFE Optionally bind load balancer instance to multiple IPs to increase available (source IP, source port) space to support > 64k connections to a single backend
From: Dustin Lundquist, 2016-09-29