draft-ietf-tsvwg-port-use-10.txt   draft-ietf-tsvwg-port-use-11.txt 
TSVWG J. Touch TSVWG J. Touch
Internet Draft USC/ISI Internet Draft USC/ISI
Intended status: Best Current Practice March 25, 2015 Intended status: Best Current Practice April 24, 2015
Expires: September 2015 Expires: October 2015
Recommendations on Using Assigned Transport Port Numbers Recommendations on Using Assigned Transport Port Numbers
draft-ietf-tsvwg-port-use-10.txt draft-ietf-tsvwg-port-use-11.txt
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet- other groups may also distribute working documents as Internet-
Drafts. Drafts.
skipping to change at page 1, line 31 skipping to change at page 1, line 31
months and may be updated, replaced, or obsoleted by other documents months and may be updated, replaced, or obsoleted by other documents
at any time. It is inappropriate to use Internet-Drafts as at any time. It is inappropriate to use Internet-Drafts as
reference material or to cite them other than as "work in progress." reference material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
This Internet-Draft will expire on September 25, 2015. This Internet-Draft will expire on October 24, 2015.
Copyright Notice Copyright Notice
Copyright (c) 2015 IETF Trust and the persons identified as the Copyright (c) 2015 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 7, line 5 skipping to change at page 7, line 5
may not be visible to these intermediate devices, such as when the may not be visible to these intermediate devices, such as when the
transport protocol is encrypted (as in network- or link-layer transport protocol is encrypted (as in network- or link-layer
tunnels), or when a packet is fragmented (in which case only the tunnels), or when a packet is fragmented (in which case only the
first fragment has the port number information). Such port number first fragment has the port number information). Such port number
invisibility may interfere with these in-network port number-based invisibility may interfere with these in-network port number-based
capabilities. capabilities.
Port numbers can also be used for other purposes. Assigned port Port numbers can also be used for other purposes. Assigned port
numbers can simplify end system configuration, so that individual numbers can simplify end system configuration, so that individual
installations do not need to coordinate their use of arbitrary port installations do not need to coordinate their use of arbitrary port
numbers. Such assignments can also simplify firewall management, so numbers. Such assignments may also have the effect of simplifying
that a single, fixed firewall configuration can either permit or firewall management, so that a single, fixed firewall configuration
deny a service. can either permit or deny a service that uses the assigned ports.
It is useful to differentiate a port number from a service name. The It is useful to differentiate a port number from a service name. The
former is a numeric value that is used directly in transport former is a numeric value that is used directly in transport
protocol headers as a demultiplexing and service identifier. The protocol headers as a demultiplexing and service identifier. The
latter is primarily a user convenience, where the default map latter is primarily a user convenience, where the default map
between the two is considered static and resolved using a cached between the two is considered static and resolved using a cached
index. This document focuses on the former because it is the index. This document focuses on the former because it is the
fundamental network resource. Dynamic maps between the two, i.e., fundamental network resource. Dynamic maps between the two, i.e.,
using DNS SRV records, are discussed further in Section 7.1. using DNS SRV records, are discussed further in Section 7.1.
skipping to change at page 8, line 39 skipping to change at page 8, line 39
Assigned port numbers are intended to differentiate services, not Assigned port numbers are intended to differentiate services, not
variations of performance, replicas, pairwise endpoint associations, variations of performance, replicas, pairwise endpoint associations,
or payload types. Assigned port numbers are also a small space or payload types. Assigned port numbers are also a small space
compared to other Internet number spaces; it is never appropriate to compared to other Internet number spaces; it is never appropriate to
consume assigned port numbers to conserve larger spaces such as IP consume assigned port numbers to conserve larger spaces such as IP
addresses, especially where copies of a service represent different addresses, especially where copies of a service represent different
endpoints. endpoints.
6.2. Firewall and NAT Considerations 6.2. Firewall and NAT Considerations
Assigned port numbers are useful for configuring firewalls and other Ultimately, port numbers numbers indicate services only to the
port-based systems for access control. Ultimately, these numbers endpoints, and any intermediate device that assigns meaning to a
indicate services only to the endpoints, and any intermediate device value can be incorrect. End systems might agree to run web services
that assigns meaning to a value can be incorrect. End systems might (HTTP) over port number 53 (typically used for DNS) rather than port
agree to run web services (HTTP) over port number 53 (typically used number 80, at which point a firewall that blocks port number 80 but
for DNS) rather than port number 80, at which point a firewall that permits port number 53 would not have the desired effect.
blocks port number 80 but permits port number 53 would not have the Nonetheless, assigned port numbers are often used to help configure
desired effect. However, assigned port numbers often are important firewalls and other port-based systems for access control.
in helping configure firewalls.
Using Dynamic port numbers, or explicitly-indicated port numbers Using Dynamic port numbers, or explicitly-indicated port numbers
indicated in-band over another service (such as with FTP) often indicated in-band over another service (such as with FTP) often
complicates firewall and NAT interactions [RFC959]. FTP over complicates firewall and NAT interactions [RFC959]. FTP over
firewalls often requires direct support for deep-packet inspection firewalls often requires direct support for deep-packet inspection
(to snoop for the Dynamic port number for the NAT to correctly map) (to snoop for the Dynamic port number for the NAT to correctly map)
or passive-mode FTP (in which both connections are opened from the or passive-mode FTP (in which both connections are opened from the
client side). client side).
7. Considerations for Requesting Port Number Assignments 7. Considerations for Requesting Port Number Assignments
skipping to change at page 11, line 50 skipping to change at page 11, line 50
Such techniques include: Such techniques include:
o Use of a discovery service, either a shared service (mDNS), or o Use of a discovery service, either a shared service (mDNS), or
a discovery service for a given system [RFC6762] [RFC6763]. a discovery service for a given system [RFC6762] [RFC6763].
o Multiplex packet types using in-band information, either on a o Multiplex packet types using in-band information, either on a
per-message or per-connection basis. Such demultiplexing can per-message or per-connection basis. Such demultiplexing can
even hand-off different messages and connections among even hand-off different messages and connections among
different processes, such as is done with FTP [RFC959]. different processes, such as is done with FTP [RFC959].
There are some cases where it is still important to have assigned There are some cases where NAT and firewall traversal are
port numbers, largely to traverse either NATs or firewalls. Although significantly improved by having an assigned port number. Although
NAT traversal protocols supporting automatic configuration have been NAT traversal protocols supporting automatic configuration have been
proposed and developed (e.g., STUN [RFC5389], TURN [RFC5766], and proposed and developed (e.g., STUN [RFC5389], TURN [RFC5766], and
ICE [RFC5245]), application and service designers cannot yet rely on ICE [RFC5245]), not all application and service designers can rely
their presence. on their presence as of yet.
In the past, some services were assigned multiple port numbers or In the past, some services were assigned multiple port numbers or
sometimes fairly large port ranges (e.g., X11). This occurred for a sometimes fairly large port ranges (e.g., X11). This occurred for a
variety of reasons: port number conservation was not as widely variety of reasons: port number conservation was not as widely
appreciated, assignments were not as ardently reviewed, etc. This no appreciated, assignments were not as ardently reviewed, etc. This no
longer reflects current practice and such assignments are not longer reflects current practice and such assignments are not
considered to constitute a precedent for future assignments. considered to constitute a precedent for future assignments.
7.3. Picking an Assigned Port Number 7.3. Picking an Assigned Port Number
 End of changes. 7 change blocks. 
20 lines changed or deleted 19 lines changed or added

This html diff was produced by rfcdiff 1.42. The latest version is available from http://tools.ietf.org/tools/rfcdiff/