qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adel Boutros <adelbout...@live.com>
Subject Re: [Java Broker] Port 0 range
Date Wed, 15 Mar 2017 22:32:47 GMT
Thanks Rob for the answer!

________________________________
From: Rob Godfrey <rob.j.godfrey@gmail.com>
Sent: Wednesday, March 15, 2017 2:39:46 PM
To: users@qpid.apache.org
Subject: Re: [Java Broker] Port 0 range

On 14 March 2017 at 17:47, Adel Boutros <Adelboutros@live.com> wrote:

> Hello Rob,
>
>
> I think I wasn't clear enough. Sorry for that.
>
>
> As referenced here[1], there are registered ports which are dynamic ports
> however they identify a know service (5672 is one of them).
>
> What I am talking about are private dynamic ports (ephemeral ports) which
> are not registered and to be used internally.
>
>
> As this is not a requirement useful for all users of the Broker, I was
> wondering if there was a way to specify a certain port range for the broker
> to get an available port from it and which is a lot more restrictive than
> the full dynamic range.
>


I understood your original question I think :-)  You want to restrict which
ports are allocated from when you pass in "0" as the service port number.
As per my original answer, Qpid (or rather the JVM) simply uses the
operating system to choose the port.  The operating system is configured
with a particular port range to pick the ephemeral port from... so I think
this is something you would want to configure in your OS rather than in the
broker.  If the broker on your operating system is allowing ports which you
believe should be restricted to well known services you should double check
the operating system configuration.  If the OS configuration looks correct,
but the broker is allocating outside of that range then that would be
interesting.

-- Rob


>
> [1]: https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
>
>
> ________________________________
> From: Rob Godfrey <rob.j.godfrey@gmail.com>
> Sent: Tuesday, March 14, 2017 5:25:56 PM
> To: users@qpid.apache.org
> Subject: Re: [Java Broker] Port 0 range
>
> So, the Broker is simply using the Java mechanism... and the Java mechanism
> is (I presume) just obeying the settings in your operating system.  Which
> operating system are you seeing the broker pick "low" ports on, and how is
> that operating system configured with respect to the "dynamic" port
> range[1]?  What sort of "low" numbers are you getting... which operating
> system are you seeing this on... and does the port number you are seeing
> lay outside the OS settings for dynamic port assignment?
>
> -- Rob
>
> [1] According to this (
> http://stackoverflow.com/questions/913501/how-to-let-
> kernel-choose-a-port-number-in-the-range-1024-5000-in-tcp-socket-pr)
> StackOverflow question, the following commands can be used to get the
> operating system settings:
>
> Linux:
>   cat /proc/sys/net/ipv4/ip_local_port_range
> Windows:
>   netsh int ipv4 show dynamicport tcp
> OS X:
>   sysctl net.inet.ip.portrange.first net.inet.ip.portrange.last
> Solaris:
>   /usr/sbin/ndd /dev/tcp tcp_smallest_anon_port tcp_largest_anon_port
>
> On 14 March 2017 at 16:56, Adel Boutros <Adelboutros@live.com> wrote:
>
> > Hello,
> >
> >
> > We are asked to deploy broker on random ports. So we thought about using
> > Port 0 and let the Broker find available ports.
> >
> > This works as expected however we have a concern with the port range.
> >
> >
> > It seems by default Java will take any port outside the well known ports
> > and assign it. However, in large environments, services are requested to
> > use private/dynamic ports (range 49152 to 65535 as specified by the
> > Internet Assigned Numbers Authority).
> >
> >
> > So I was wondering if there was a way to make the broker respect this
> port
> > range when it is passed a port value of 0?
> >
> >
> > Maybe allow the user to pass a property defining the range of ports
> > available.
> >
> >
> > What do you think?
> >
> >
> > Regards,
> >
> > Adel
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message