Benefits of running domino with multiple TCP/IP ports
Daniel Nashed – 10 May 2025 12:37:49
Introduction
Support for multiple TCP/IP ports has been part of HCL Domino since the early days. Back then, it was first essential to support multiple simultaneous modem connections. It also proved valuable for clustered servers using dedicated network cards.
While today’s networks offer 1 Gbit/s or even 10 Gbit/s speeds—making multiple ports less necessary from a raw bandwidth perspective—there are still compelling reasons to use multiple Notes ports in modern environments.
Historical Context and Evolution
In the days of 10 Mbit/s Ethernet, splitting user and server traffic across different ports and network cards made a lot of sense. This was sometimes even done with dedicated network cables between servers as a private LAN connection.
It helped optimize limited bandwidth and reduce contention. While raw network speeds have improved dramatically, the architectural benefits of multiple ports remain relevant in specific scenarios.
Performance Benefits
The main advantage of using multiple Notes ports is to separate user-to-server traffic from server-to-server traffic. This separation improves performance and scalability, especially under high load.
Each port has its own listener and thread pool, which allows more granular control and scalability for NRPC (Notes Remote Procedure Call) traffic.
You can assign specific ports to different types of connections—for example, routing all cluster replication traffic through a dedicated Notes port with a separate IP address and network card.
This strategy remains highly effective in optimizing performance in Domino environments with high cluster and server activity in general.
Introducing a separate Notes port on the same network card with a separate IP address is already beneficial because the separate TCP/IP listener/queue and the dedicated thread pool to perform operations, help most.
But depending on our hardware or network setup you might already have separate network cards.
Cloud and Cost Considerations
In many cloud environments—particularly with service providers—data ingress and egress are billed separately. However, internal traffic (e.g., within a private 10.x.x.x network) is often free.
By setting up a dedicated Notes port for internal communication, you can route intra-server traffic over the private network. This approach helps reduce monthly costs while preserving performance.
Security and Performance Optimization
External-facing ports should always use encryption, and depending on your setup, enabling compression may also be beneficial.
However, for internal server-to-server connections — such as those between Citrix-hosted Notes clients and back-end servers — disabling compression and even encryption can significantly reduce CPU load and improve performance.
Of course, this optimization assumes you're operating in a trusted network environment.
Your security team must approve any unencrypted traffic. In some cases, traffic is already protected by VPN tunnels, in which case additional encryption at the Notes level may be redundant.
Having support for multiple Notes ports enables these optimizations without compromising external security policies.
Practical Example: DNUG LAB at Hetzner
In our DNUG LAB hosted at Hetzner, we implemented a dedicated internal network port for server-to-server communication using a private 10.x.x.x address.
This internal port is unencrypted and uncompressed, as it is isolated from the external network via firewall and network segmentation.
Even in a small lab environment, this setup has helped reduce costs and improve performance. All servers are configured with a second Notes port, and all connection documents point to the internal network.
Additional security for Different Ports
You can define port-specific access controls, including group-based restrictions. While network segmentation is usually sufficient, the ability to explicitly restrict who can access each port adds another layer of security.
This is particularly useful in cloud deployments or large clustered environments, where server-to-server traffic can significantly exceed typical user traffic due to just-in-time streaming replication and inter-server communication.
Important Note: Directory Assistance Configuration
Be cautious with Directory Assistance (DA) configurations. If you specify a remote server for DA, it may use remote databases by default. This introduces additional load and creates potential failover issues.
To force DA to use a local replica, enter a single asterisk (*) in the server name field. This instructs Domino to always use the local copy, avoiding unnecessary inter-server traffic—even if both servers are in the same data center.
Conclusion
Domino has supported multiple network ports since its inception, and they still offer distinct advantages in specific scenarios.
For most standard servers, a single port is sufficient. But for large clusters, hosted environments, or cost-sensitive cloud deployments, using separate Notes ports can greatly enhance performance, optimize traffic routing, and reduce operational costs.
A follow-up post will walk through the steps to configure a separate Notes port. This article focused on the "why" — next, I will dive into the "how."
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}