Linux服务启动报：Address already in use 解决方法：预留端口避免占用ip_local_reserved_ports

问题描述：
业务遇到这个情况，在重启服务时，出现50020端口被占用而无法启动，

非得等该端口释放后才启动成功。

问题分析：
50020端口被该服务器上的客户端 随机选取源端口给占用掉了。

解决方案：
使用net.ipv4.ip_local_port_range参数，规划出一段端口段预留作为服务的端口，

这种方法是可以解决当前问题，但是会有个问题，端口使用量减少了，

当服务器需要消耗大量的端口号的话，比如反代服务器，就存在瓶颈了。

最好的做法是将服务监听的端口以逗号分隔全部添加到ip_local_reserved_ports中，

TCP/IP协议栈从ip_local_port_range中随机选取源端口时，

会排除ip_local_reserved_ports中定义的端口，

因此就不会出现端口被占用了服务无法启动。

ip_local_reserved_ports解释如下：
ip_local_reserved_ports - list of comma separated ranges
Specify the ports which are reserved for known third-party
applications. These ports will not be used by automatic port
assignments (e.g. when calling connect() or bind() with port
number 0). Explicit port allocation behavior is unchanged.

The format used for both input and output is a comma separated
list of ranges (e.g. "1,2-4,10-10" for ports 1, 2, 3, 4 and
10). Writing to the file will clear all previously reserved
ports and update the current list with the one given in the
input.

Note that ip_local_port_range and ip_local_reserved_ports
settings are independent and both are considered by the kernel
when determining which ports are available for automatic port
assignments.

You can reserve ports which are not in the current
ip_local_port_range, e.g.:

$ cat /proc/sys/net/ipv4/ip_local_port_range
32000 61000
$ cat /proc/sys/net/ipv4/ip_local_reserved_ports
8080,9148

although this is redundant. However such a setting is useful
if later the port range is changed to a value that will
include the reserved ports.

Default: Empty
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

1 2 3

# vim /etc/sysctl.conf net . ipv4 . ip_local_reserved_ports = 50020 , 3000 - 4000 # sysctl -p

[warning]注意：内核版本要大于2.6.18-164，否则不支持该参数。[/warning]

refer to： http://www.ttlsa.com/linux/reserved-port-to-avoid-occupying-ip_local_reserved_ports/

please refer to : http://www.tldp.org/LDP/solrhe/Securing-Optimizing-Linux-RH-Edition-v1.3/chap6sec70.html

6.7. The ip_local_port_range parameters

The /proc/sys/net/ipv4/ip_local_port_range defines the local port range that is used by TCP and UDP traffic to choose the local port. You will see in the parameters of this file two numbers: The first number is the first local port allowed for TCP and UDP traffic on the server, the second is the last local port number. For high-usage systems you may change its default parameters to 32768-61000 -first-last.

The default setup for the ip_local_port_range parameters under Red Hat Linux is: "1024 4999"

To change the values of ip_local_port_range, type the following command on your terminal:

[root@deep] /# echo "32768 61000" >/proc/sys/net/ipv4/ip_local_port_range

Add the above commands to the  /etc/rc.d/rc.local  script file and you'll not have to type it again the next time you reboot your system.

Edit the  /etc/sysctl.conf  file and add the following line:

# Allowed local port range net.ipv4.ip_local_port_range = 32768 61000

You must restart your network for the change to take effect. The command to manually restart the network is the following:

don't do it in your product environment: 

[root@deep] /# /etc/rc.d/init.d/network restart

Setting network parameters [ OK ] Bringing up interface lo [ OK ] Bringing up interface eth0 [ OK ] Bringing up interface eth1 [ OK ] 

using ： #/sbin/sysctl -p

Linux increase ip_local_port_range TCP port range

Author:  Mattias Geniar 

Nov

02

2015

 1 Comment

For heavy traffic network servers, like proxy servers or load balancers, you may need to increase the networking port range.

On Linux, there is a sysctl parameter called ip_local_port_range that defines the minimum and maximum port a networking connection can use as its source (local) port. This applies to both TCP and UDP connections.

To find out the current IP range, use the following commands:

$ cat /proc/sys/net/ipv4/ip_local_port_range
32768	61000

or:

$ sysctl net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 32768	61000

The value is shown as "minimum maximum" value, so the local port for new connections will be between 32.768 and 61.000, by default that's a 28.232 range of ports. Sounds plenty, but heavy traffic servers can easily reach this limit.

For heavy traffic servers, you can increase the total port range like this.

$ sysctl -w net.ipv4.ip_local_port_range="15000 64000"
net.ipv4.ip_local_port_range = 15000 64000

Or, by using echo to pass a value directly into /proc.

$ echo 15000 64000 > /proc/sys/net/ipv4/ip_local_port_range

To make the changes persistent on boot, save your config in either /etc/sysctl.conf or in a custom file that gets included in your main configs.

$ cat /etc/sysctl.d/net.ipv4.ip_local_port_range.conf
net.ipv4.ip_local_port_range = 15000 65000

To find out how many sessions your server is currently handling, use the following commands:

$ ss -s
Total: 2933 (kernel 3131)
TCP:   43915 (estab 2655, closed 41080, orphaned 159, synrecv 0, timewait 41080/0), ports 30347

Transport Total     IP        IPv6
*	  3131      -         -
RAW	  0         0         0
UDP	  17        11        6
TCP	  2835      2832      3
INET	  2852      2843      9
FRAG	  0         0         0

$ netstat -anp | more
...
tcp        0      0 10.50.1.6:41205        10.50.1.10:80           TIME_WAIT   -
tcp        0      0 10.50.1.6:42515        10.50.1.10:80           TIME_WAIT   -
tcp        0      0 10.50.1.6:59845        10.50.1.10:80           TIME_WAIT   -

Please be careful with increasing the TCP port range though, there are limits!

refer to: https://ma.ttias.be/linux-increase-ip_local_port_range-tcp-port-range/