mongodb/mongo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
master
mongo/docs/priority_port.md
Steve McClure 32e8f260de SERVER-124136 Format markdown via prettier: wrap lines and use width of 100 (#52231) 
GitOrigin-RevId: 3305c1e2ee3a6a2c3a5b2b7883b0f491a59ed646
2026-04-21 19:20:11 +00:00

117 lines
3.6 KiB
Markdown
Raw Permalink Blame History

# Priority port support
`mongod` and `mongos` support a dedicated **priority port** intended for **internal, high-priority
operations** such as automation monitoring, MongoTune, and critical intra-cluster replication
traffic.
With a priority port configured:
- The database listens on a second TCP port in addition to the main port.
- Connections accepted on the priority port are exempt from connection limits, connection
establishment rate limiting, and ingress request rate limiting.
- gRPC is not supported.
The feature is **disabled by default**.
---
# Configuring `mongod` and `mongos`
You can configure the priority port via command line or config file:
**Command line:**
```sh
mongod --port <mainPort> --priorityPort <priorityPort> ...
mongos --port <mainPort> --priorityPort <priorityPort> ...
```
**YAML config file:**
```yaml
net:
port: <mainPort>
bindIp: localhost,<hostnames-or-ip-addresses>
priorityPort: <priorityPort>
```
When the transport layer starts:
- A **separate listener thread** is created for the priority port in the ASIO transport layer.
- Sessions created from the priority port are tagged so downstream code can distinguish them from
main-port sessions (similar to the load balancer port implementation).
---
# Behavior of priority port connections
Priority-port connections differ from normal connections in several ways.
## Connection limits
When a new connection is accepted:
- Connections from the priority port are treated as **limit-exempt** in the session manager, reusing
the existing exemption machinery used for CIDR-based exemptions.
- These connections can continue to be created even when the normal connection limit is reached.
Metrics:
- `serverStatus.connections.priority` counts current connections on the priority port only.
- These connections are also included in `connections.limitExempt` (along with CIDR-based
exemptions).
## Rate limiters
Two ingress-side rate limiters recognize priority-port exemptions:
- [**SessionEstablishmentRateLimiter**](../src/mongo/db/admission/README.md#session-establishment-rate-limiter)
(connection establishment)
- [**IngressRequestRateLimiter**](../src/mongo/db/admission/README.md#ingress-request-rate-limiting)
(request rate limiting)
## Logging and profiling
For observability and debugging, the server records whether an operation came through the priority
port:
- `CurOp` / currentOp output includes a flag indicating the connection is from the priority port.
- Slow query log and profiler entries include whether the operation was executed via a priority-port
connection.
- Client summary reports also distinguish clients on the main vs priority port.
---
# Connecting clients to the priority port
## Replica set connections
To connect to a replica set via the priority port, a user must:
- Use a connection string that points directly at a specific host and priority port.
- Set `directConnection=true` to disable SDAM and prevent the driver from using hello-based host
discovery, which currently does not advertise the priority port.
Example:
```text
mongodb://hostA:27018/?directConnection=true
```
## Sharded cluster connections via `mongos`
For `mongos`:
- You may connect directly to the `mongos` priority port.
- `directConnection=true` is **not required** for `mongos` connections, since SDAM is not used in
the same way.
Important limitation:
- **Priority does not automatically propagate**:
- If a client connects to a `mongos` via the priority port and `mongos` forwards a command to
shards, those shard-side connections still use the main ports and do **not** inherit
priority-port behavior in the current implementation.
---
Reference in New Issue View Git Blame Copy Permalink