TCP/IP Port Exhaustion on RavenDb client side

[micro]

This is happening for a back end process that open/close session rapidly. The error is:

Unable to connect to the remote server
System.Net.Sockets.SocketException: Only one usage of each socket address (protocol/network address/port) is normally permitted.

http://msdn.microsoft.com/en-us/library/aa560610(v=bts.20).aspx

Here is what I found, open a new session will need to open a new TCP/IP socket connection which is a limited resource.

The test application can process 10K documents in 3-5 minutes, assume one by one process/per session and it turned out trying to open too many connection in a short time which causes the error.

Question:

As the recommended way, it shall keep the session as short as possible but open/close too many session in a short time cause issue above.

Any suggestion? Other than lower TIME_WAIT value.

Thanks

James

[Barry Hagan]

Are you using Windows Authentication?  If so, you may want to use connection sharing for your back end process:

                var store = new DocumentStore{ConnectionStringName = "RavenDB"}.Initialize();

                store.JsonRequestFactory.ConfigureRequest += (sender, e) =>

                                                                 {

                                                                     var httpWebRequest = ((HttpWebRequest) e.Request);

                                                                     httpWebRequest.UnsafeAuthenticatedConnectionSharing = true;

                                                                 };

[devm...@hotmail.com]

@Barry

do you suggest to always use the above when we are using Windows Authentication ? or does it have side effect ?

[Barry Hagan]

The unsafe part of UnsafeAuthenticatedConnectionSharing is that you could escalate privilege since two different users could be sharing the same connection and therefore the same security context.  That is only relevant if you are actually connecting to Raven with different users via delegation/impersonation.  If you are using a service account or fixed credentials to connect to Raven, setting this to true is recommended and is not actually unsafe because there will only be one user in the shared connection pool.

One example of  when this would be a bad idea is if you have a web application that uses Windows Auth, and the web app is configured to use asp.net impersonation.  Then you probably don't want the users to be sharing connections from the web app to Raven since the security context of the web app request would be different for each user.  In that case look at using ConnectionGroupName to make pools per user.

[devm...@hotmail.com]

Man, thanks a lot, i hope i understood exactly what you mean, 

my configuration is to run  Raven inside IIS and use connect as option in website basic setting, windows authentication is on but i don't use impersonation, so is this ok ?

[Mauro Servienti]

It is ok, in your scenario like in mine, IIS is going to RavenDB always with the same user, in this case is fine to share connections.

If you do not want to pay the overhead of credentials refresh, every 15 minutes IIRC, you can move to ApiKey.

 

.m

--
You received this message because you are subscribed to the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[devm...@hotmail.com]

awesome reply mate, thanks :)

[Chris Marisic]

We use this in all interactions with raven that use windows auth, we're going to be moving to apikeys soon.

[Andrey Kozhyn]

e.Request is null in Raven 3 client API. I guess there is other property should be available now?

пятница, 16 августа 2013 г., 22:53:53 UTC+3 пользователь Barry Hagan написал:

[Oren Eini (Ayende Rahien)]

The e has a HttpClient property that you can manipulate.

Hibernating Rhinos Ltd  

Oren Eini l CEO l Mobile: + 972-52-548-6969

Office: +972-4-622-7811 l Fax: +972-153-4-622-7811

 

--
You received this message because you are subscribed to the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Andrey Kozhyn]

In order to do request sharing new HttpClient should be created. So code like this:

                store.JsonRequestFactory.ConfigureRequest += (sender, args) =>

                {

                    var webRequestHandler = new WebRequestHandler();

                    webRequestHandler.UnsafeAuthenticatedConnectionSharing = true;

                    webRequestHandler.PreAuthenticate = true;

                    args.Client = new HttpClient(webRequestHandler);

                };

But that doesn't help since replacing a reference in args doesn't affect actual HttpJsonRequest.httpClient property?

--
You received this message because you are subscribed to a topic in the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/ravendb/DUYFvqWR5Hc/unsubscribe.
To unsubscribe from this group and all its topics, send an email to ravendb+u...@googlegroups.com.

[Oren Eini (Ayende Rahien)]

If you want to replace that, you can set the HttpMessageHandler in the DocumentStore.