Open Port Issue Exists after implementing Entra Id containers

Increase the Ephemeral Port Range:

This helps if your application is creating many outbound connections. For example, add or adjust in /etc/sysctl.conf:

net.ipv4.ip_local_port_range = 1024 65000

Then reload with sysctl -p

Reduce TCP FIN Timeout: Lowering the timeout can free up ports sooner:

net.ipv4.tcp_fin_timeout = 30

For outgoing connections, you might enable reuse of sockets in TIME_WAIT state:

net.ipv4.tcp_tw_reuse = 1

(Ensure that this setting is appropriate for your network topology and workload; in some environments, it can cause unexpected behavior.)


Implement Connection Pooling and Keep-Alives
Review Timeout and Retry Settings
Increase File Descriptor Limits

Monitor and Automate as a Temporary Workaround
Monitor Connection States: Use tools like netstat, ss, or even custom scripts to monitor the TCP connection states (e.g., TIME_WAIT, ESTABLISHED). Understanding whether the ports are lingering in TIME_WAIT or if connections remain unexpectedly open will help narrow down the issue.

Automate Container Restarts: While not a permanent fix, if connection leaks are unavoidable until a patch or configuration change is applied, consider automating the container restart process when the open port count exceeds a threshold. This can reduce manual intervention.