Added clarity around the use and need of max-way-points #776
Conversation
MichaelBaj
requested review from
avinashbhat80,
chao-128t,
ryankoss and
dmontgomeryJuniper
docs/concepts_waypoint_ports.md
Outdated
| Limiting this range will make your firewall team happy without putting too much of a crimp in your ability to SVR sessions. In fact, we have some customers that have limited their waypoint port allocation to only 10 ports on their head end routers! At face value this seems like it would severely restrict the number of unique, concurrent sessions that could be established by a peer, but in practice it doesn't. If a branch keeps its range to the default value of ports (49,148 ports), which can be sent to each of ten ports, you still wind up with a theoretical maximum of over 120,000 concurrent sessions *in each direction* to that branch over that adjacency. | ||
|
|
||
| It is important to note that despite the configured [port-range](config_reference_guide.md#port-range), the SSR will at most use 50K of those ports by default. The configuration [max-way-points](config_reference_guide.md#max-way-points) allows the SSR software to scale respective to the platform and the administrator's needs. A `max-way-points` setting that is smaller than the number of sessions traversing a peer path will result in port exhaustion. A `max-way-points` setting that is too large will result in wasted system resources. Best practice is to tune both the `port-range` and `max-way-points` to a factor of 1.5x of the max number of sessions traversing a peer path. |
There was a problem hiding this comment.
| It is important to note that despite the configured [port-range](config_reference_guide.md#port-range), the SSR will at most use 50K of those ports by default. The configuration [max-way-points](config_reference_guide.md#max-way-points) allows the SSR software to scale respective to the platform and the administrator's needs. A `max-way-points` setting that is smaller than the number of sessions traversing a peer path will result in port exhaustion. A `max-way-points` setting that is too large will result in wasted system resources. Best practice is to tune both the `port-range` and `max-way-points` to a factor of 1.5x of the max number of sessions traversing a peer path. | |
| It is important to note that despite the configured [port-range](config_reference_guide.md#port-range), the SSR will at most use 50,000 of those ports by default. The configuration [max-way-points](config_reference_guide.md#max-way-points) allows the SSR software to scale respective to the platform and the administrator's needs. A `max-way-points` setting that is smaller than the number of sessions traversing a peer path will result in port exhaustion. A `max-way-points` setting that is too large will result in wasted system resources. Best practice is to tune both the `port-range` and `max-way-points` to a factor of 1.5x of the max number of sessions traversing a peer path. |
docs/concepts_waypoint_ports.md
Outdated
| Limiting this range will make your firewall team happy without putting too much of a crimp in your ability to SVR sessions. In fact, we have some customers that have limited their waypoint port allocation to only 10 ports on their head end routers! At face value this seems like it would severely restrict the number of unique, concurrent sessions that could be established by a peer, but in practice it doesn't. If a branch keeps its range to the default value of ports (49,148 ports), which can be sent to each of ten ports, you still wind up with a theoretical maximum of over 120,000 concurrent sessions *in each direction* to that branch over that adjacency. |
There was a problem hiding this comment.
- The default local port range is 16384 ~ 65534, 49151 ports in total, not 49148.
the default value of ports (49,148 ports)
-
The default remote port range is 16385 ~ 65533, 49149 ports in total.
-
When (remote) port-range is not configured, local ports are even, remote ports are odd, the total combination is 24576 (even local ports) * 24575 (odd remote ports) = 603,955,200
-
When (remote) port-range is configured, local ports are continuous within that 16384 ~ 65534 range, remote ports are also continuous within the configured range, so the total combination is 49151 *
num of ports within the range. In the doc's example, the total combination is 49151 * 10 = 491,510.
There was a problem hiding this comment.
What do you mean by "local" vs "remote" port ranges? Are the settings per neighborhood, and therefore shared by both nodes? Or is that not the case and for any given neighborhood, there is both a local and remote, because the setting applies to that device specifically?
There was a problem hiding this comment.
For a given SVR session, waypoint ports are allocated by the ingress router. So, the notion of local vs. remote is from the ingress router's perspective. The local port does not have a configurable range only the remote port does. It tells the ingress router what ports are opened on the egress router for SVR sessions.
The port range is per neighborhood per network-interface and only shared across an HA pair if the interface is redundant.
The neighborhood->port-range on the hub is propagated to adjacency->port-range on the branch through adjacency generation by the conductor.
MichaelBaj
requested review from
Chr1st0ph3rTurn3r,
chao-128t and
avinashbhat80
No description provided.