内部应用程序的最佳TCP端口号范围 [英] Best TCP port number range for internal applications
问题描述
我在每个内部应用程序都在单个Tomcat实例上运行并使用特定TCP端口的地方工作. 为避免与服务器上的任何其他进程发生端口号冲突,将这些应用程序用于IANA的最佳端口范围是什么?
I work in a place where each of our internal applications runs on an individual Tomcat instance and uses a specific TCP port. What would be the best IANA port range to use for these apps in order to avoid port number collisions with any other process on the server?
基于 http://www.iana.org /assignments/service-names-port-numbers/service-names-port-numbers.xml ,这些是我目前看到的选项:
Based on http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml, these are the options as I currently see them:
- 系统端口(0-1023):我不想使用这些端口中的任何一个 因为服务器可能在此的标准端口上运行服务 范围
- 用户端口(1024-49151):鉴于这些应用程序是内部应用程序,因此我无意要求IANA为我们的任何应用程序保留一个号码.但是,我想减少另一个进程(例如1521年的Oracle Net Listener)使用同一端口的可能性.
- 动态和/或专用端口(49152-65535):此范围是自定义端口号的理想选择.我唯一担心的是这是否会发生:
- System Ports (0-1023): I don't want to use any of these ports because the server may be running services on standard ports in this range
- User Ports (1024-49151): Given that the applications are internal I don't intend to request IANA to reserve a number for any of our applications. However, I'd like to reduce the likelihood of the same port being used by another process, e.g., Oracle Net Listener on 1521.
- Dynamic and/or Private Ports (49152-65535): This range is ideal for custom port numbers. My only concern is if this were to happen:
a.我将我的一个应用程序配置为使用端口X
b.应用程序关闭了几分钟或几小时(取决于应用程序的性质),端口暂时没有使用,
C.操作系统将端口号X分配给另一个进程,例如,当该进程充当需要与另一个服务器建立TCP连接的客户端时.假设它在动态范围内,并且就操作系统而言,X当前未被使用,则此操作成功完成,并且
d.该应用程序无法启动,因为端口X已被使用
a. I configure one of my applications to use port X
b. The application is down for a few minutes or hours (depending on the nature of the app), leaving the port unused for a little while,
c. The operating system allocates port number X to another process, for instance, when that process acts as a client requiring a TCP connection to another server. This succeeds given that it falls within the dynamic range and X is currently unused as far as the operating system is concerned, and
d. The app fails to start because port X is already in use
推荐答案
我看不出你为什么要在意.除了请勿使用1024以下的端口"特权规则外,您应该可以使用任何端口,因为您的客户端应该可以配置为与任何IP地址和端口通信!
I can't see why you would care. Other than the "don't use ports below 1024" privilege rule, you should be able to use any port because your clients should be configurable to talk to any IP address and port!
如果不是,则说明您做得不好.返回并正确执行它们:-)
If they're not, then they haven't been done very well. Go back and do them properly :-)
换句话说,在IP地址X和端口Y上运行服务器,然后使用该信息配置客户端.然后,如果发现必须在X上运行与Y冲突的另一台服务器,只需重新配置服务器和客户端以使用新端口.无论您的客户是代码用户还是在浏览器中输入URL的人,都是如此.
In other words, run the server at IP address X and port Y then configure clients with that information. Then, if you find you must run a different server on X that conflicts with your Y, just re-configure your server and clients to use a new port. This is true whether your clients are code, or people typing URLs into a browser.
我不会尝试获取IANA分配的号码,因为这应该是非常普遍的服务,以至于许多许多环境将使用它们(例如SSH或FTP或TELNET) .
I, like you, wouldn't try to get numbers assigned by IANA since that's supposed to be for services so common that many, many environments will use them (think SSH or FTP or TELNET).
您的网络就是您的网络,如果您希望服务器位于端口1234(或者甚至是TELNET或FTP端口)上,那就是您的事.例如,在我们的大型机开发区域中,端口23用于3270终端服务器,这与telnet完全不同.如果要远程登录到大型机的UNIX端,则使用端口1023.如果不指定端口1023使用telnet客户端,这有时会很烦人,因为它会将您连接到不了解telnet协议的服务器-我们必须中断退出telnet客户端并正确执行操作:
Your network is your network and, if you want your servers on port 1234 (or even the TELNET or FTP ports for that matter), that's your business. Case in point, in our mainframe development area, port 23 is used for the 3270 terminal server which is a vastly different beast to telnet. If you want to telnet to the UNIX side of the mainframe, you use port 1023. That's sometimes annoying if you use telnet clients without specifying port 1023 since it hooks you up to a server that knows nothing of the telnet protocol - we have to break out of the telnet client and do it properly:
telnet big_honking_mainframe_box.com 1023
如果您真的不能使客户端可配置,请选择第二个范围中的一个,例如48042,然后使用它,声明这些框上的任何其他软件(包括已添加的任何其他软件)未来)必须远离您.
If you really can't make the client side configurable, pick one in the second range, like 48042, and just use it, declaring that any other software on those boxes (including any added in the future) has to keep out of your way.
这篇关于内部应用程序的最佳TCP端口号范围的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
