增加AWS ECS任务定义保留端口限制
[英]Increasing the AWS ECS Task Definition reserved ports limit
问题描述
I'm trying to set up a docker container with aws' ecs service. 
我正在尝试使用AWS的ECS服务设置一个Docker容器。 I would like to reserve ports 30000 - 60000 on the host machine and map those ports to 30000 - 60000 on the container. 我想在主机上保留端口30000-60000,并将这些端口映射到容器上的30000-60000。 Aws documentation, however, states that only 100 ports may be reserved on the host: 但是,AWS文档指出,主机上只能保留100个端口:
http://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html http://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html
Can anyone explain why there's a limit/suggest workarounds? 谁能解释为什么有一个限制/建议的解决方法?
1 个解决方案
解决方案1
2 已采纳 2016-08-09 00:17:45
I'm pretty sure the 100 port limit will be due to the way Docker maps ports . 我可以肯定100端口的限制是由于Docker映射端口的方式 。
Docker launches a Go process per mapped port which will use from 4-6MB of private memory. Docker为每个映射端口启动一个Go进程,该进程将使用4-6MB的私有内存。 So at 100 ports, the Docker processes will be consuming around 500MB of memory. 因此,在100个端口上,Docker进程将消耗大约500MB的内存。
If you were to try and map all 30000 - 60000 port to a container you would need ~ 150GB of memory. 如果尝试将所有30000-60000端口映射到一个容器,则需要约150GB的内存。 300GB if you want both UDP and TCP. 如果您同时需要UDP和TCP,则为300GB。
If you have to use that many ports then you need to start looking at using --net=host , bridging or mapping interfaces directly into a container. 如果必须使用那么多端口,则需要开始使用--net=host , 直接将接口桥接或映射到容器中。 This is unlikely to be supported by ECS (On EC2, I had to take the "real" MAC address from a VPC interface and put it on the containers interface ). ECS不太可能支持这一点(在EC2上,我必须从VPC接口获取“真实” MAC地址并将其放在容器接口上 )。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.