Friday, April 27, 2012

Frequently Asked Questions About Ports In The Internet Protocol.




I wrote this in the 90's to help a few team mates understand how the Internet worked.  It is very basic.

Everything you ever wanted to know about ports but were afraid to ask.

TCP is a network protocol, built on top of IP, that guarantees reliable delivery of data across the network. 

In order for two processes to communicate using TCP/IP they must perform the following steps:

The server creates a tcp socket.
The server binds a local address and port number to that socket.
The server then listens for a connection on the socket

The client creates a tcp socket.
The client then connects to a server on a port.  (The client port is chosen at random.)

The server accepts the connection and the socket on the client and server are now called 'fully specified sockets'

---

Fully specified sockets are those that form a set of five values:

Server       Port   Protocol  Client       Port
192.168.0.1  32123    tcp     192.168.5.6  65030

These values form a unique combination that exactly match this and only this connect on the entire Internet.

Known ports are considered to be those ports where a server can accept multiple connections from many clients.  Telnet has a know port of 23.  Any server which accepts multiple connections on a single port is considered to have a known port, because this is the port that is known by all its clients.

Two telnet sessions from a client to the server would look like this:

Server       Port   Protocol  Client       Port
192.168.0.1  23       tcp     192.168.5.6  41049
192.168.0.1  23       tcp     192.168.5.6  41071

Note that even though the telnet server has accepted two connections on port 23 that each client was randomly given a different port number and this slight difference is all that is needed to uniquely differentiate the two connections from each other.

This is not to be confused with the /etc/services file which reflect those ports which are assigned by the Internet Assigned Numbers Authority.   Many of these ports are know ports, but that because they accept multiple connections on a single port, not because they are in the services file.

Cloverleaf doesn't use a known port to accept connections.  Each process that wants to connect to a tcp/ip port on cloverleaf will get it's own port.  Adding to the complexity is the fact that Cloverleaf has a production, test and training environment.  The number of interfaces that we have will only grow with time.  In order to manage this complexity we need the flexibility to assign port numbers on the cloverleaf servers in a logical manner that is maintainable and ensures that we can quickly and easily troubleshoot any networking problems.

Ports are only bound to particular socket on the server.  So it is perfectly acceptable for a port to be used for one purpose on an application server and for an entirely different purpose on another server, such as the interface server.  In fact, restricting the use of a port on a machine, for a service that the machine will never provide is counter productive.  In just a few years we would run out of blocks of numbers that we are allowed to use.  Such a network wide restriction on ports would not be enforceable and would not be maintainable.

We are perfectly willing to fully publish our entire port number specification as a network reachable document on the novell server.

No comments:

Post a Comment