Re: Port Collisions


J. Spencer Love (JSLove@MIT-MULTICS.ARPA)
Thu, 15 May 86 22:18 EDT


I think symbolic port names are a great idea. There are several
approaches which could be taken. Possibly implementations of some of
these already exist, but I don't know about them.

A service multiplexing protocol: this applies to TCP but not to UDP
because it relies on connections. First, reserve one low numbered TCP
port for this protocol. When a user establish a connection to this
server, the user sends the contact name, and optional contact arguments,
in ASCII, terminated by a network newline (CRLF). The contact name is
always required, and should either be registered, or long and self
explanatory. CHAOS protocol allows arguments to follow the contact
name, and I think we should allow this also, but they depend on the
contact name and the only specification here is that they be delimited
from the contact name by a space. The protocol server which listens on
this TCP port should parse the contact line, look it up in the available
service list, and pass off that connection as if it had just been
established to the service on a reserved port. If the service is
unavailable, the connection should be aborted.

Note that "multiplexing" in this case is not used in the sense that is
it used in IEN 90, the MUX protocol.

TCBs on such systems should contain a comment field which is filled in
with the service name. Then listing the TCBs can show the comment, and
it won't matter that all the multiplexed services are to the multiplexed
port. (Multics already does this; it makes the TCB list much easier to
read.)

There should be no significant performance impact in using this
mechanism for TELNET, SUPDUP, SMTP, FINGER, or FTP control connections.
While services used for metering, like TIME, ECHO, DISCARD, etc., can be
expected to require dedicated port numbers, there should be no need to
dedicate port numbers for private services thereafter. Even DOMAIN TCP
connections could use multiplexing.

There should be a reserved contact name which lists the available
contact names. The WKS domain RR would be useful only in showing that
multiplexed service is available. Perhaps this list operation should
include port numbers for contacting the services, when available. A
standard format should be used, so that the list is machine-readable as
well as human-readable.

A fly in the ointment is that some services reserve port numbers in ways
that can't be multiplexed. For example, the FTP data port is port 20.
A replacement for the FTP "PORT" command would be needed to eliminate
this assumption. This could be addressed by modifying the FTP
specification and all similar protocols if it is ever needed. But since
we are doing this primarily for new protocols, they can be devised with
some mechanism for negotiating additional connections, as needed, which
does not require reserving ports.

There are other advantages within operating systems. Services other
than TCP which support streams could hand off, for example, SMTP
connections in a similar manner. If an X.25 network like TYMNET is
connected two sites, the operating system might permit an X.25 level 3
connection to be passed off to the SMTP server. The contact name
arguments in that case might include a host name and associated password
since you couldn't verify the host in the same way that you might using
the Internet.

An alternative or additional protocol could use a UDP service to map
contact names to ports. You would send the contact name to the port as
a datagram, and receive back a datagram which would indicate that 1) the
service is available on port P, 2) the service is available on the
multiplexed port M, or 3) that the service is unavailable. Choice #2
only applies to connection based services, but #1 and #3 could apply to
either TCP or UDP, and perhaps other lower level services as well. If
the query packet also contained a transport ID (e.g., 6 for TCP) or name
(e.g., "TCP") then the service could be more generally applicable.

This permits the equivalent of multiplexed service on UDP, a minimum
cost of an extra datagram per host per service per bootload to find out
what the port number is assigned to a service. It wouldn't matter that
one Symbolics 3600 was running NFILE on port 57, and another on port
666, as long as they both call the service "NFILE".

The UDP service could not be expected to be able to construct packets
large enough to contain the names of all the available services. While
in many cases they would fit, it would be unreasonable to expect that
this always be the case. Rather than add complexity to this protocol it
would be better to require contacting the TCP port to get the service
list.

The number czar (tsar?) would still be needed to hand out contact names
like "TELNET" and "FINGER", and prefixes like "SYMBOLICS-". Once Benson
has the "SYMBOLICS-" prefix he can hand out SYMBOLICS-PRIVATE-1,
SYMBOLICS-NFILE, and so on without having to bother the czar or fear of
conflict with the rest of the world.

The server port number returned by UDP can have any value. The number
needn't be less than 256 or 1024 to provide security. The 255 well
known ports are just that: well known. If a host implements security
based on port number, then it is only necessary to ensure that the port
number given out by the UDP multiplexing port is secured, even if it is
port FFFF (hex). The UNIX port scheme depends on the user-side port
being less than 1024 to ensure that the connection is valid, not the
server side port number.

It is unnecessary to encode contact names in every packet, especially
for TCP. A port number is sufficient to keep track of packets, and only
the two parties to a conversation need know how the numbers map to
services. This may not be strictly true for gateways that restrict
services. Schemes that I have heard of restrict the SYN-bearing TCP
packets. I'm afraid that they would have to prohibit the multiplex
port. However, the UDP port translation could be used to avoid using
the multiplex port for all contact names which don't require arguments.

It would be nice to see an alternative to UDP that was in most ways
identical to it, but which had a contact name in the packet instead of
one of the port numbers. For simple transactions this would avoid the
complexity of exchanging packets to get the port number before anything
could be accomplished. The format of the packet would be as follows:
The length would be in the pseudo header. The source port would be
replaced by a transaction ID (15 bit number) and a query/response flag
(one bit). The destination port would be replaced by an ASCII character
string, terminated by one or two nulls to take an even number of
characters. Two bytes would be reserved for an optional checksum. The
rest would be data octets. If the contact name is long, the number of
available data octets would be fewer than for UDP, but if the response
flag were set, perhaps the contact name could be omitted from the
response packet, permitting longer responses. Otherwise, the
query/response flag would indicate which of the ID and the contact name
is the local "port".

If there already exist RFCs describing protocols which implement any of
these schemes, please point them out. Otherwise, someone with immediate
need for these services could write an RFC or two.

All that is necessary for the Internet to generally convert to this mode
of operation is that a version of Berkeley Unix get into the field which
supports multiplexed service and which has user programs which attempt
multiplexed operation if it is available. I think the advantages of
this mode of operation will become so apparent that the rest of the
network will be converted within a year or two.

The time will come when both TCP and TP4 are considered hopelessly
outmoded antiques. By making TCP services more flexible in this way,
perhaps that can be postponed.



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:36:06 GMT