3

I am reading "Computer Networks: A Top-Down Approach," edition 8. On page 153, it says:

Recall also that when a client or server program implements a protocol defined by an RFC, it should use the well-known port number associated with the protocol; conversely, when developing a proprietary application, the developer must be careful to avoid using such well-known port numbers.

But my understanding is that a port number cannot be in use more than once. If I have two processes using the same protocol, they would both use the same designated port, right?

Improve this question

5 Answers 5

Reset to default
10

A connection¹ will be identified for five items:

  • source IP
  • source port
  • transport-layer protocol
  • destination IP
  • destination port

Suppose my local IP is 192.0.2.1, and I am speaking HTTP with server 203.0.113.3

Since I want to speak HTTP, I will connect to 203.0.113.3 on TCP port 80 (the HTTP port)². However, I can have multiple clients (such as two browsers) using the same protocol to communicate with the same server, since they will be automatically using different source ports.

What you can't, however, is to have two servers listening on the same ip³ and the same port.⁴ I can use Apache or nginx as a web server, but I cannot have both nginx and Apache listening on port 80 at the same time, since only one of them should be processing the received connections.

Actually, you could decide to let several processes bind to the same port⁵, but the process handling it would be rather arbitrary, not what you would typically want. So the policy in the socket stack is to prevent that (there are also historic reasons for this, rooted in ensuring that there are not in-flight packets from a previous process, but that could be avoided by the OS on behalf of the server. unless it has just rebooted).

¹ I will restrict this to UDP and TCP connections

² Unless explicitly stated otherwise, e.g., the URL http://203.0.113.3:8088 would instruct to connect on port 8088

³ Yes, you could indeed use the same port on different interfaces

⁴ I'm not considering here multi-process servers where there are several copies of the server sharing the same listening socket

https://lwn.net/Articles/542629/

Improve this answer
4

Recall also that when a client or server program implements a protocol defined by an RFC, it should use the well-known port number associated with the protocol

In modern practice, I would amend this statement to: well-known ports are used by servers of such standardized protocols to receive connections from clients.

Clients typically use ephemeral ports, not well-known ports, for the local ends of outgoing connections, meaning that the number of outgoing connections you can have is nearly unlimited: the only restriction is that multiple connections to the same remote IP and port must have different local port numbers, but there are many thousands of those available.

And clients that need to be able to accept incoming connections from servers or from peers typically listen on a random high port and then communicate that port number to others using some other mechanism (for instance, a connection made to the server on a well-known port, or STUN). This is both because of the conflict issue that you raise, and because of the prevalence of NAT in modern times.

There are exceptions to both of those rules, but exceptions to the first rule tend to be very old (DNS queries originating from port 53 and NTP queries originating from port 123 come to mind), and exceptions to the second rule, while more common, are decreasing with time. So that's why I say "modern practice".

Improve this answer
6
  • "…meaning the only limit to the number of HTTP clients, for instance, you can run on one machine is how many port numbers you have available" This is not correct. Connections are identified by a 5-tuple (protocol, source IP, source port, destination IP, destination port); a single local port can be used for multiple outgoing connections so long as they're to different destination IPs or ports. The actual client limits come from various kernel limits on things like file descriptors (ulimit), net.ipv4.ip_local_port_range, and practical RAM/CPU limits of handling that many connections. Commented Aug 22 at 6:21
  • …so (for fun) the theoretical upper bound of IPv4 TCP connections—making a connection from every local port to every possible public IP+port—is 16 quintillion (10¹⁸). IPv6 TCP gives you a quindecillion (10⁴⁸) and change. Then multiply those numbers by the number of IP addresses assigned to your machine. Commented Aug 22 at 7:02
  • @josh3736 you're right, poor wording on my part. Commented Aug 22 at 13:25
  • I would also be careful of using "client" and "server" when discussing transport protocols. TCP connects peers. Clients and servers are application-layer concepts. Servers perform a service, and sometimes they are the ones initiating the connection (push) using ephemeral ports, while the client is running an application listening on a port for a server connection. Commented Aug 22 at 18:17
  • @RonMaupin yes, and I made that distinction specifically and deliberately. Commented Aug 22 at 19:35
2

But to my understanding a port number cannot be in use more than once. If I had two processes using the same protocol they would use the same designated port right?

Most protocols have a designated default port.

For instance, if you intend to do HTTP, you will use TCP port 80 by default. If you intend to do HTTPS, you will use port 443 by default. And so on.

But most protocols can use alternate ports.

For instance, you can include the port in HTTP or HTTPS URIs (http://www.example.org:1234/this or https://www.example.org:5678/that). This would tell the underlying protocol to use ports 1234 or 5678 instead of the defaults, respectively.

So you could have multiple HTTP servers listening on different ports. This is quite common in some environments (e.g. node processes behind a reverse proxy).

Likewise, a listening port can only have one attached process for a given IP address and IP protocol (an IP protocol is UDP or TCP, through there are others):

  • You could have one application using UDP port 1234 and another using TCP port 1234.
  • You could have one application listening on port 80 for IP 192.168.0.100 and another one listening on the same port 80 for IP 192.168.0.200.

What the book is probably trying to say, though, is that if you design your own protocol (the Poly-Incremental Neural-Knowledge protocol, known as PINK), you probably shouldn't use a port that is used by other existing protocols. For instance, don't use TCP ports 80, 443, 21, 22, 25, etc, because if you do, when some user wants to install your server on their box, and they already run an HTTP, HTTPS, FTP, SSH or STMP server on the same box, they will have a conflict: the server started last will refuse to run (unless the user switches the default port of one of the two, or uses different IP addresses for each).

Improve this answer
1
  • 1
    It should also be noted, security devices may take issue with a well-known port being used for a non-standard protocol. (As I've pointed out to RIPE, running SSH over port 443 can be a problem.) Commented Aug 20 at 6:17
2

If I had two processes using the same protocol they would use the same designated port right?

They might want to, but you can't do that. The server/listener side needs to be on a known transport-layer port and that cannot be shared usually.[*1] The client/initiator side very commonly uses an ephemeral port, so there's no problem there.

In the corner case where you have concurrent server processes that want to use the same port number for listening, you could bind multiple IP addresses to the network interface and bind the processes specifically to an IP:port combination (instead of bind to all IP addresses using the unspecified address 0.0.0.0).

Alternatively, you could use secondary/exotic port numbers and configure the clients to use those for destination.

[*1] Some operating systems do support port sharing, but that's rather random, so you'd only use it with multiple processes for the very same service, a kind of load balancing. Another option is to configure a reverse proxy specific to the application-layer protocol - off topic here.

Improve this answer
1

For a given protocol, think of a port number as the number of a table entry that points to the process using that port for that protocol. There can only be one process associated with the protocol port.

For example, if you run a web server that listens on TCP port 80 (well-known HTTP port), you cannot then have a different web server also use the same TCP port 80.

Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.