mongodb/mongo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
e7ebec401e
mongo/docs/priority_port.md
Steve McClure 32e8f260de SERVER-124136 Format markdown via prettier: wrap lines and use width of 100 (#52231) 
GitOrigin-RevId: 3305c1e2ee3a6a2c3a5b2b7883b0f491a59ed646
2026-04-21 19:20:11 +00:00

3.6 KiB
Raw Blame History

Priority port support

mongod and mongos support a dedicated priority port intended for internal, high-priority operations such as automation monitoring, MongoTune, and critical intra-cluster replication traffic.

With a priority port configured:

  • The database listens on a second TCP port in addition to the main port.
  • Connections accepted on the priority port are exempt from connection limits, connection establishment rate limiting, and ingress request rate limiting.
  • gRPC is not supported.

The feature is disabled by default.

Configuring mongod and mongos

You can configure the priority port via command line or config file:

Command line:

mongod --port <mainPort> --priorityPort <priorityPort> ...
mongos --port <mainPort> --priorityPort <priorityPort> ...

YAML config file:

net:
  port: <mainPort>
  bindIp: localhost,<hostnames-or-ip-addresses>
  priorityPort: <priorityPort>

When the transport layer starts:

  • A separate listener thread is created for the priority port in the ASIO transport layer.
  • Sessions created from the priority port are tagged so downstream code can distinguish them from main-port sessions (similar to the load balancer port implementation).

Behavior of priority port connections

Priority-port connections differ from normal connections in several ways.

Connection limits

When a new connection is accepted:

  • Connections from the priority port are treated as limit-exempt in the session manager, reusing the existing exemption machinery used for CIDR-based exemptions.
  • These connections can continue to be created even when the normal connection limit is reached.

Metrics:

  • serverStatus.connections.priority counts current connections on the priority port only.
  • These connections are also included in connections.limitExempt (along with CIDR-based exemptions).

Rate limiters

Two ingress-side rate limiters recognize priority-port exemptions:

Logging and profiling

For observability and debugging, the server records whether an operation came through the priority port:

  • CurOp / currentOp output includes a flag indicating the connection is from the priority port.
  • Slow query log and profiler entries include whether the operation was executed via a priority-port connection.
  • Client summary reports also distinguish clients on the main vs priority port.

Connecting clients to the priority port

Replica set connections

To connect to a replica set via the priority port, a user must:

  • Use a connection string that points directly at a specific host and priority port.
  • Set directConnection=true to disable SDAM and prevent the driver from using hello-based host discovery, which currently does not advertise the priority port.

Example:

mongodb://hostA:27018/?directConnection=true

Sharded cluster connections via mongos

For mongos:

  • You may connect directly to the mongos priority port.
  • directConnection=true is not required for mongos connections, since SDAM is not used in the same way.

Important limitation:

  • Priority does not automatically propagate:
    • If a client connects to a mongos via the priority port and mongos forwards a command to shards, those shard-side connections still use the main ports and do not inherit priority-port behavior in the current implementation.