Re: [PATCH RFC net-next] inet: add ip_retry_random_port sysctl to reduce sequential port retries

[Fernando Fernandez Mancera]

On 2/9/26 2:53 PM, longxie86@xxxxxxxxxxxxxx wrote:
> On Monday, February 9th, 2026 at 12:57 PM, Fernando Fernandez Mancera <fmancera@xxxxxxx> wrote:
>
> > On 2/6/26 6:09 PM, Eric Dumazet wrote:
> >
> > > On Fri, Feb 6, 2026 at 5:28 PM Fernando Fernandez Mancera
> > > fmancera@xxxxxxx wrote:
> > >
> > > > It makes sense. I have tested this approach and we got a more even
> > > > distribution of source ports when having thousands of reserved ports. No
> > > > difference at all when not using reserved ports.
> > > >
> > > > Please, you can find the distribution graph with the current algorithm
> > > > [1] and with the random step algorithm [2].
> > > >
> > > > While I understand that this approach is introducing a call to
> > > > get_random_u32_below() on every connect, I am wondering if it makes
> > > > sense to replace the existing algorithm with this variant. What do you
> > > > think?
> > >
> > > I would ask RFC 6056 experts like Fernando Gont what they think.
> > >
> > > Note that if we use random at each connect(), we defeat one of the principles
> > > of ephemeral port selection : try very hard to avoid 4-tuple collision.
> >
> >
> > Right. I will reach out to him and get his opinion. I have plenty of
> > time before net-next open again. I am also collecting some metrics
> > regarding the 4-tuple collision frequency.
>
> We have had this problem in AWS for a long time. The patch works on our system. What is needed for it to be included in the next Linux release?

This just an RFC, I discourage using it in production yet. An official 
v1 will be sent once net-next is open and there it needs to be reviewed 
and approved by the maintainers.

> Please bring this to the stable versions.

I don't think that will happen. This is an improvement not a "fix" per 
definition. Anyway, you could ask for a backport to your 
vendor/distribution.

Thanks,
Fernando.

> > > > Please, notice the implementation below. I plan to send an official v1
> > > > once net-next is open. In addition, I am rewriting the commit message as
> > > > I find the current one confusing.
> > > >
> > > > [1] https://0xffsoftware.com/port_graph_current_alg.html
> > > >
> > > > [2] https://0xffsoftware.com/port_graph_random_step_alg.html