内部应用程序的最佳 TCP 端口号范围 [英] Best TCP port number range for internal applications
问题描述
我在一个地方工作,我们的每个内部应用程序都在单独的 Tomcat 实例上运行并使用特定的 TCP 端口.用于这些应用的最佳 IANA 端口范围是什么,以避免端口号与服务器上的任何其他进程发生冲突?
I work in a place where each of our internal applications runs on an individual Tomcat instance and uses a specific TCP port. What would be the best IANA port range to use for these apps in order to avoid port number collisions with any other process on the server?
基于 http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml,这些是我目前看到的选项:
Based on http://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xml, these are the options as I currently see them:
- 系统端口 (0-1023):我不想使用任何这些端口因为服务器可能在这个标准端口上运行服务范围
- 用户端口 (1024-49151):鉴于应用程序是内部的,我不打算要求 IANA 为我们的任何应用程序保留一个号码.但是,我想降低另一个进程使用同一端口的可能性,例如 1521 上的 Oracle Net Listener.
- 动态和/或专用端口 (49152-65535):此范围非常适合自定义端口号.我唯一担心的是是否会发生这种情况:
- System Ports (0-1023): I don't want to use any of these ports because the server may be running services on standard ports in this range
- User Ports (1024-49151): Given that the applications are internal I don't intend to request IANA to reserve a number for any of our applications. However, I'd like to reduce the likelihood of the same port being used by another process, e.g., Oracle Net Listener on 1521.
- Dynamic and/or Private Ports (49152-65535): This range is ideal for custom port numbers. My only concern is if this were to happen:
一个.我将我的一个应用程序配置为使用端口 X
湾应用程序关闭几分钟或几小时(取决于应用程序的性质),使端口有一段时间未使用,
C.操作系统将端口号 X 分配给另一个进程,例如,当该进程充当需要 TCP 连接到另一个服务器的客户端时.这是成功的,因为它落在动态范围内,并且就操作系统而言,X 当前未使用,并且
d.应用程序无法启动,因为端口 X 已在使用中
a. I configure one of my applications to use port X
b. The application is down for a few minutes or hours (depending on the nature of the app), leaving the port unused for a little while,
c. The operating system allocates port number X to another process, for instance, when that process acts as a client requiring a TCP connection to another server. This succeeds given that it falls within the dynamic range and X is currently unused as far as the operating system is concerned, and
d. The app fails to start because port X is already in use
推荐答案
我不明白你为什么会关心.除了不要使用低于 1024 的端口"特权规则之外,您应该可以使用任何端口,因为您的客户端应该可以配置为与任何 IP 地址和端口通信!
I can't see why you would care. Other than the "don't use ports below 1024" privilege rule, you should be able to use any port because your clients should be configurable to talk to any IP address and port!
如果不是,那说明他们做得还不够好.回去好好做吧:-)
If they're not, then they haven't been done very well. Go back and do them properly :-)
换句话说,在 IP 地址 X 和端口 Y 上运行服务器,然后使用该信息配置客户端.然后,如果您发现必须在与您的 Y 冲突的 X 上运行不同的服务器,只需重新配置您的服务器和客户端以使用一个新的港口.无论您的客户是代码还是在浏览器中输入网址的人,都是如此.
In other words, run the server at IP address X and port Y then configure clients with that information. Then, if you find you must run a different server on X that conflicts with your Y, just re-configure your server and clients to use a new port. This is true whether your clients are code, or people typing URLs into a browser.
我和您一样,不会尝试获取 IANA 分配的号码,因为这应该用于非常普遍的服务,以至于许多许多环境将使用它们(想想 SSH 或 FTP 或 TELNET).
I, like you, wouldn't try to get numbers assigned by IANA since that's supposed to be for services so common that many, many environments will use them (think SSH or FTP or TELNET).
您的网络是您的网络,如果您希望您的服务器使用端口 1234(或者甚至是 TELNET 或 FTP 端口),那就是您的事了.举个例子,在我们的大型机开发区,端口 23 用于 3270 终端服务器,这是一个与 telnet 截然不同的野兽.如果你想 telnet 到主机的 UNIX 端,你使用端口 1023.如果你使用 telnet 客户端而不指定端口 1023,这有时会很烦人,因为它会将你连接到一个对 telnet 协议一无所知的服务器 - 我们必须打破退出 telnet 客户端并正确执行:
Your network is your network and, if you want your servers on port 1234 (or even the TELNET or FTP ports for that matter), that's your business. Case in point, in our mainframe development area, port 23 is used for the 3270 terminal server which is a vastly different beast to telnet. If you want to telnet to the UNIX side of the mainframe, you use port 1023. That's sometimes annoying if you use telnet clients without specifying port 1023 since it hooks you up to a server that knows nothing of the telnet protocol - we have to break out of the telnet client and do it properly:
telnet big_honking_mainframe_box.com 1023
如果您确实不能使客户端可配置,请在第二个范围内选择一个,例如 48042,然后使用它,声明那些盒子上的任何其他软件(包括任何添加到未来)必须避开你.
If you really can't make the client side configurable, pick one in the second range, like 48042, and just use it, declaring that any other software on those boxes (including any added in the future) has to keep out of your way.
这篇关于内部应用程序的最佳 TCP 端口号范围的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
