Date: Fri, 4 Jun 2004 10:38:37 -0400 From: Barney Wolff <barney@databus.com> To: Mike Silbersack <silby@silby.com> Cc: Don Lewis <truckman@freebsd.org> Subject: Re: net.inet.ip.portrange.randomized=1 hurts Message-ID: <20040604143837.GA80811@pit.databus.com> In-Reply-To: <20040603021629.S70117@odysseus.silby.com> References: <200406030427.i534RAdh003365@gw.catspoiler.org> <20040603021629.S70117@odysseus.silby.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 03, 2004 at 02:19:43AM -0500, Mike Silbersack wrote: > > On Wed, 2 Jun 2004, Don Lewis wrote: > > > Randomizing DNS query IDs without repeating any particular ID too > > quickly is a similar problem. I contributed some code to for this to > > BIND version 8 a number of years ago. See the nsid stuff in > > /usr/src/contrib/bind/bin/named/ns_main.c. There are some comments > > preceeding the code that explain the background and how it is supposed > > to work. Something like this might be suitable for port number > > allocation, though the potentially long time that a given port number > > might be in use would complicate things. > > I just thought more about the issue at hand, and I think that changing the > randomization algorithm is probably not worth the effort. Instead, we'll > have to fix the server-side TIME_WAIT problem Dmitry is experiencing. > The simple reason is that any other OS which uses randomized ephemeral > ports will tickle the exact same port recycling problem, so reverting our > client behavior isn't a long-term solution. The randomization algorithm is definitely wrong, and will need to be fixed. What's needed, as pointed out above, is a random *shuffle* not simply a random choice. The random choice as the code does now encounters the birthday paradox, resulting in re-use of a port number in sqrt(N) picks, meaning on average the re-use interval is 128, given the default 16384 range. That's far too short. The justified response to user complaints is "send patches" and I'm willing to try, if no-one else is working on it. -- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040604143837.GA80811>