PowerFlex How to tune the ephemeral port range on Linux

By default, the ephemeral port range is between 32768 and 60999.

Sometimes, it may be desirable to configure this range or reserve certain ports in this range. Third-party software may use a port in the ephemeral range, which could conflict with ScaleIO's SDC driver.

This can be achieved by:

• Setting the ephemeral port range, from which the programs can allocate a local port
  And
• Reserve ports from the ephemeral port range, so that they cannot be used as local port

Step-by-step guide

1. To check the current ephemeral port range:

   # cat /proc/sys/net/ipv4/ip_local_port_range
   32768	60999

2. To check the current reserved ports in the range (an empty line means that there is no reserved port):

   # cat /proc/sys/net/ipv4/ip_local_reserved_ports

3. To adjust the ephemeral port range dynamically (not persistent):

   # echo 40000 60000 > /proc/sys/net/ipv4/ip_local_port_range # cat /proc/sys/net/ipv4/ip_local_port_range 40000 60000

4. To adjust the reserved ports dynamically (not persistent):

   # echo "50000,50003" > /proc/sys/net/ipv4/ip_local_reserved_ports # cat /proc/sys/net/ipv4/ip_local_reserved_ports 50000,50003

5. To change the parameters persistently across reboots, edit /etc/sysctl.conf and then use "sysctl -w" to take effect.
   The parameters and format of the values can be found using "sysctl -a | grep ip_local", for example:

   # sysctl -a|grep ip_local net.ipv4.ip_local_port_range = 40000 60000 net.ipv4.ip_local_reserved_ports = 50000,50003 sysctl: reading key "net.ipv6.conf.all.stable_secret" sysctl: reading key "net.ipv6.conf.default.stable_secret" sysctl: reading key "net.ipv6.conf.eth0.stable_secret" sysctl: reading key "net.ipv6.conf.lo.stable_secret"

Related articles

https://access.redhat.com/solutions/26875Does RHEL support reserving local ports from ephemeral range using the /proc/sys/net/ipv4/ip_local_reserved_ports tunable? - Red Hat Customer Portal