Port ranges - restricting opening and closing ranges

Gustavo Niemeyer gustavo at niemeyer.net
Wed Aug 6 12:57:28 UTC 2014 

Why would any application well designed open thousands of ports
individually rather than a range? Sounds like an unreasonable use case.

I also don't get your point about concurrency. You don't seem to have
addressed the point I brought up that opening or closing ports concurrently
today already presents undefined behavior.

gustavo @ http://niemeyer.net
On Aug 6, 2014 2:53 PM, "roger peppe" <roger.peppe at canonical.com> wrote:

> On 6 August 2014 10:32, Gustavo Niemeyer <gustavo at niemeyer.net> wrote:
> > How many port ranges are typically made available? One.. Two? Sounds
> like a
> > trivial problem.
>
> Some applications might open thousands of individual ports.
> It would be nice if it worked well in that case too.
>
> > In terms of concurrency, there are issues either way. Someone can open a
> > port while it is being closed, and whether that works or not depends
> purely
> > on timing.
>
> When we've got several units sharing a port space, we'll want to
> keep a unique owner for each port range. That's trivial if the
> reference can be keyed by the port range, but not
> as straightforward if the lookup is two-phase.
>
> What we don't want is two units in the same machine to be
> able to have the same port open at the same time. I suppose
> we could rely on the fact that hooks do not execute simultaneously,
> but it would be preferable in my view to keep those
> concerns separate.
>
> In my view, "always close the range you've opened" is an easy
> to explain rule, and makes quite a few things simpler,
> without being overly restrictive.
>
> > gustavo @ http://niemeyer.net
> >
> > On Aug 6, 2014 9:41 AM, "roger peppe" <roger.peppe at canonical.com> wrote:
> >>
> >> On 5 August 2014 19:34, Gustavo Niemeyer <gustavo at niemeyer.net> wrote:
> >> > On Tue, Aug 5, 2014 at 4:18 PM, roger peppe <rogpeppe at gmail.com>
> wrote:
> >> >> close ports 80-110 -> error (mismatched port range?)
> >> >
> >> > I'd expect ports to be closed here, and also on 0-65536.
> >>
> >> I'm not sure. An advantage of requiring that exactly the
> >> same ports must be closed as were opened, you can use the port range
> >> as a key, which makes for a very simple (and trivially concurrent-safe)
> >> implementation in a mongo collection.
> >>
> >> I'd suggest that this compromise is worth it. We could always make an
> >> initial
> >> special case for 0-65535 too, if desired.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju-dev/attachments/20140806/dfd4fde2/attachment.html>

More information about the Juju-dev mailing list