docs(network): Document compute-node port allocation ranges

[chenhengqi]

Clarify the 10000-19999 / 20000-29999 / 30000-65535 split between network-agent ip_local_port_range, CubeProxy sandbox access, and CubeVS SNAT, in both zh and en network docs.

Note that these port ranges are not configurable for now but should work for most use cases. We can revise this later.

[chenhengqi]

cc @fslongjin

[github-actions]

Claude finished @chenhengqi's task in 2m 13s —— View job

---

PR Review: docs(network): Document compute-node port allocation ranges

• Gather context: read changed files and check DCO
• Analyze documentation content for accuracy and consistency
• Post review feedback

---

DCO Check

PASS — The commit e6a5d9d includes Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>.

---

Review Summary

This PR adds a new section 6.4 to both the English and Chinese network architecture docs, documenting the three-way port range partition on compute nodes. The addition is clean, well-placed, and the two language versions are consistent.

Detailed Feedback

Consistency between EN and ZH: The two versions are well-aligned. The port ranges, purposes, and allocators match exactly across both files.

Section numbering: Section 6.4 fits naturally after 6.3 (Management) within the Port Mapping section. Good placement.

Minor observations (non-blocking):

1. Range notation — The table uses 10000--19999 (double en-dash) to express ranges. This is clear in rendered markdown, but you could also consider the more conventional 10000–19999 (single en-dash) or 10000-19999 (hyphen) for consistency with how ranges are typically written. This is purely a style preference and not a blocker.

2. Ports below 10000 — The doc covers 10000–65535 but doesn't explicitly state what happens with ports 1–9999. Readers familiar with Linux networking will know these are privileged (1–1023) and conventionally reserved, but a brief note could help less experienced readers. Low priority.

3. Port mapping overlap — Section 6 describes port mapping (inbound DNAT), while 6.4 covers port allocation (ephemeral source ports + CubeProxy access ports + SNAT source ports). These are related but distinct concepts. The placement in section 6 works because port mapping entries consume host ports from the 20000–29999 range, but consider whether a brief cross-reference would help readers connect the two. For example: the 20000–29999 range in 6.4 is where AddPortMapping() (from 6.3) allocates host-side ports.

Overall: This is a clear, well-structured documentation addition. No bugs, security issues, or performance concerns (docs-only change). The information is valuable for operators and developers working with the networking stack.

---

[github-actions]

Nit: Consider adding a brief cross-reference to §6.3 here. The AddPortMapping() API from §6.3 allocates host ports from the 20000–29999 range documented in this row. A small note like "see §6.3 Management for the API" would help readers connect the allocation range to the API that consumes it.

[github-actions]

与英文版建议一致：可考虑在此处添加对 §6.3 管理的交叉引用，说明 AddPortMapping() 所分配的宿主端口即来自 20000–29999 这一范围。