Merge pull request #2856 from hashicorp/b-port-range

Shrink dynamic port range
hashicorp · Jul 19, 2017 · 9bd63fd · 9bd63fd
2 parents dc0fc82 + 24236e6
commit 9bd63fd
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/nomad/structs/network.go b/nomad/structs/network.go
@@ -12,7 +12,7 @@ const (
 	MinDynamicPort = 20000
 
 	// MaxDynamicPort is the largest dynamic port generated
-	MaxDynamicPort = 60000
+	MaxDynamicPort = 32000
 
 	// maxRandPortAttempts is the maximum number of attempt
 	// to assign a random port

diff --git a/website/source/guides/cluster/requirements.html.md b/website/source/guides/cluster/requirements.html.md
@@ -72,3 +72,17 @@ port.
 
 * Serf WAN (Default 4648). This is used by servers to gossip over the WAN to
   other servers. TCP and UDP.
+
+When tasks ask for dynamic ports, they are allocated out of the port range
+between 20,000 and 32,000. This is well under the ephemeral port range suggested
+by the [IANA](https://en.wikipedia.org/wiki/Ephemeral_port). If your operating
+system's default ephemeral port range overlaps with Nomad's dynamic port range,
+you should tune the OS to avoid this overlap.
+
+On Linux this can be checked and set as follows:
+
+```
+$ cat /proc/sys/net/ipv4/ip_local_port_range 
+32768   60999
+$ echo "49152 65535" > /proc/sys/net/ipv4/ip_local_port_range 
+```