Kbase P127410: Why define specific minport maxport ranges?
| Autor |
Progress Software Corporation - Progress |
| Acesso |
Público |
| Publicação |
06/09/2010 |
|
Status: Verified
GOAL:
Why define distinct minport maxport ranges?
GOAL:
Can databases share the same minport maxport range for client-server connections?
GOAL:
What are the -minport -maxport database login broker startup parameters used for?
GOAL:
Considerations in using default -minport -maxport ranges for all remote database connections
FACT(s) (Environment):
All Supported Operating Systems
Progress 8.2x
Progress 8.3x
Progress 9.x
OpenEdge 10.x
FIX:
Progress 8.2A introduced parameters designed to help tighten security with Firewalls with the introduction of the parameters -minport and -maxport. They allow the administrator to specify a distinct range of TCP ports available, per database, for the login database broker to assign to remote servers for client/server connections. In effect, the minport and maxport setting define a range of useable TCP ports.
When a client connects client server to the database on the service the database is spawned, the login broker spawns a remote server on the next available port in the minport maxport range, (if not already spawned) then assigns that connection to that remote server or the next available remote server depending on the -Mi -Ma database startup parameters.
There is however nothing stopping a remote client connecting directly to an existing remote server and this is one of the most important reasons that -minport -maxport need to be taken into consideration as part of the initial database configuration design.
Consider the following:
0 production database is started with -S 3000
0 test database uses -S 3010
0 both use the default -minport 3000 -maxport 5000 range.
0 the test database has since been shut down
0 the production database has a remote server spawned listening on port 3010
NOTE: if the test database were to be started at this juncture, it would fail with:
The port 3010 is already in use. (12036)
0 some tester/developer decides to do stuff on the test database:
Example: CONNECT -db dbname -S 3010
RESULT: The tester/developer is connected to the production database and runs (say) a performance benchmark on a massive delete code enhancement.
CAVEAT:
The production and test databases have the same name.
The client connects client-server
ADVICE:
1. Define distinct -minport -maxport ranges for each database in an application environment. The range needs to accomodate enough available ports to satisfy the value of -Mn (maximum remote servers)
2. Keep the portnumber/servicename that database brokers are started with, out of the -minport -maxport ranges.