Traditionally, much of the virtual environment is based on Microsoft Windows Server (as the basis for many machines, including MsSQL and vCenter). It is usually highly engaged environment, dozens of services and servers to each other non-stop “talking”. When it comes to such a large number of web servers, may be quite busy phenomenon, what is the depletion of the fields of dynamic ports on yours servers. This phenomenon is very difficult to detect unless involving persistent overload condition (the operating system itself does not indicate a problem, but reports other “problems” that are only effect). In our case, we have experienced very strange behavior of Tomcat and JBoss servers that repelled strange waves of correct motion. On the solution led us messages that served us some time Trend Micro Deep Sucurity : TCP / IP and UDP Port Limit, appearing occasionally in the course of communication between random machines.
So what is the TCP / IP Exhaustion? With a large number of calls to the Microsoft Windows (any version) can lead to exhaustion of the pool of available dynamic ports. The default is relatively small pool and a big waiting time for the release port. It is easy to check the command netstat-n, all connections to the status WAIT these are the “busy” ports. In Windows Server 2003 and 2008R2 parameter is TIME WAIT until 240 seconds. In 2008R2 expanded pool (Ephemeral Ports) from about 4K to 16K.
How and why before this “defend”? Imagine a situation in which the end ports on the machine application, the effect is such that for a moment watching machine “cut” (zero network traffic from a lack of available ports) and then after a pause, a sudden blast of queued packets causing congestion and “rolling over” applications .
The solution is simple, shorten the waiting time for the release of the port:
In HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ Tcpip \ Parameters, add a DWORD:
TcpTimedWaitDelay with parameter 30 (decimal).
MaxUserPort with parameter 65535 (decimal)
Just one note to a range of ports, but it is necessarily necessary to check whether the software installed on the machine (eg, vCenter, Trend Micro etc etc) does not use a static one input port of the range. Without this cure can be worse than the disease
Was this information is helpful? Tell me, please leave a comment!