Re: [Xen-users] port allocation on domU guest machine.

[Brendan Moynihan <brendan.moynihan@xxxxxxxxxxxxxxxx>]

Hello Ian.

No, there is a direct connection route from the client to the domU IP
that is running the server process.

Interestingly, the connection socket TIME_WAIT behaviour appears to be
the same when using external client or client on another domU.
But with the latter, the traffic is stable.

For dom1 to dom2 comms, ( ie, internal to the bare metal machine), I'm
assuming the comms stil go thru dom0? Not the physical interface (nic)
but via the bridging as all domU appear to be on same n/w?

There is no firewall on dom0.

For the external connections, anything else to consider for dom0?

Thank you. 





On Wed, 2014-01-08 at 10:46 +0000, Ian Campbell wrote:
> On Wed, 2014-01-08 at 10:38 +0000, Brendan Moynihan wrote:
> > Hello,
> > 
> > I am running a tcp server process on a domU guest machine.
> > Connections are established to the server, payload exchanged and the
> > connection is closed in a non persistent(non keep alive) tcp manner.
> > The client is external to the bare metal machine. 
> > 
> > Because the connections are ephemeral, 1000s of connections up to an
> > observed peak of ~15500 connections go to TIMED_WAIT state.
> > 
> > This is expected behaviour from TCP kernel perspective.
> > 
> > However traffic throughput is adversely impacted with the kernel unable
> > to accept connections.
> > 
> > 
> > Does the VM (domU instance) have access to the full range of ports?
> 
> Each domU is a completely independent kernel with its own network stack
> and IP address, so yes the full range of ports should be available.
> 
> Could it be possible that a firewall (e.g. in dom0 or further upstream)
> is doing NAT (or something else) and thereby introducing a bottleneck on
> the total number of ports flowing through it?
> 
> Ian.
> 



_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxx
http://lists.xen.org/xen-users