

Now that we have IPv6 – do we need TCP/UDP port numbers anymore? - coroutines

I have food for thought - the title says it but I&#x27;ll try to elaborate on what I mean.<p>TCP&#x2F;UDP port numbers are used to multiplex traffic to the same IP, so multiple services can be made reachable.  I can&#x27;t find docs when searching to understand if this is the only reason they exist but that is what I believe is their only purpose.<p>Recently I&#x27;ve started learning about Tor - you can make <i>single service</i> reachable through the Tor network with a Hidden Service address like: 3g2upl4pq6kufc4m.onion<p>Like IPv6, &quot;Onion addresses&quot; aren&#x27;t starved for address space.  With Onion addresses you can only host a single service behind the address.  It&#x27;s trivial to create and bring one up to host a service.  I argue we can use IPv6 similarly.<p>Getting rid of TCP&#x2F;UDP ports - the positives?:<p>1) We could chop off 4 bytes from TCP&#x2F;UDP headers (2 x 16-bit for source&#x2F;dest port)<p>2) Routing traffic to the right bound service in the kernel&#x27;s networking stack might be made simpler.<p>3) Without ports you can&#x27;t assume from an address what type of service is hosted there - with ports we assume port 80 is a webserver.  People might start claiming addresses that end in &#x27;:BEEF]&#x27; to associate with webservers, though.  WHERE&quot;S THE BEEF?!<p>4) Port scans would become [EXHAUSTIVE] prefix&#x2F;subnet scans, and it&#x27;d be harder to be sure you&#x27;re fingerprinting the same host.<p>Some negatives:<p>1) People are used to reaching the same host at the same IP but when using a different port.  This hasn&#x27;t always been true with things like NAT and Haproxy, but if we got rid of ports you&#x27;d have to keep a note of which address hosts SSH.  Ports make this less cumbersome.<p>2) Someone could maliciously try claiming every address in an advertised&#x2F;routed&#x2F;reachable prefix to starve other users of addresses - how possible is this?  Any comment, NSA?<p>I don&#x27;t think this will happen but I&#x27;d like to know other reasons why we need port numbers :&gt;
======
tptacek
I take as your premise "in IPv6, addresses are essentially free, and every
end-system gets an unbounded number of them, so why not use them for service
mapping?"

It's a fun question, but I think it has a straightforward answer.

1\. The IPv6 header is already twice as big as the IPv4 header, so the win in
shrinking the TCP or UDP headers is extremely marginal.

2\. No, the kernel IP handling code would get _more_ complicated; since BSD
Unix, the PCB code in the kernel has assumed sessions were organized by port
numbers. Meanwhile: the underlying concept of a numeric mapping between
applications and instances of protocols on the wire wouldn't go away; you'd
just be overloading IP addresses to accomplish it.

3\. I agree that the opportunity to encode funny service names in hexadecimal
trailing address space is an upside to eliminating ports.

4\. Removing ports strictly simplifies network reconnaissance. IPv6 already
makes scanning painful, whether or not you have TCP/UDP ports. With IPv6 and
TCP ports, you have to do _both_ : identify the live hosts, and _then_
identify the listening ports on that host.

Some architectural downsides:

1\. It is often (not always) helpful to distinguish between an entity
providing a service and the services they provide. That distinction is lost
when everything is an address.

2\. Port numbers prevent us from accidentally trying to speak, say, RTP to a
line-printer protocol server. Badly coded servers will often crash given
random crap, and while that's not dispositive (the priority should be
"eliminate badly coded servers), it's a helpful feature of having ports.

3\. The network is required to be aware of which end-systems own which
addresses. They are not required to be aware of which applications are running
on which end-systems. The end-to-end argument says: put the minimum amount of
state in the network, leave as much up to the end system as possible.

~~~
coroutines
Hmm. I think I'd rather have services that disconnect/warn properly when fed
invalid/other-protocol data (in a world with or without port numbers).

I really liked your reply :-)

------
tveita
The port numbers are used to identify connection. If you make two connections
to a web server from the same machine, the packets for each stream are
separated by the source port of the client.

If you got rid of the port numbers, you wouldn't just need an IP address for
each service, you would need one for every outbound connection you make, and
this address would need to be announced and stored in routing tables, checked
for collisions, etc. Allocating ports is a lot cheaper, since only the
endpoints (and stateful NATs/firewalls) need to know about them.

------
zamalek
> I'd like to know other reasons why we need port numbers

Because SRV records aren't in widespread use (by specification and only
consequently implementation). First you would need to stop using the A (or
AAAA) record, on _all_ existing protocols. This is a good thing because,
comparatively, the A record is pretty stupid. However, it's never going to
happen for the same reason that you _probably_ can't set up an SRV record with
whoever is hosting your DNS.

Also, ports are a portion of an address that routers can ignore - making them
better at what they do. With multiple addresses per host you are going to
annihilate routing tables/caches and make the internet slower.

------
dozzie
> Getting rid of TCP/UDP ports - the positives?:

[...]

> Some negatives:

The first and the foremost: we would need two totally new protocols in place
of two already well-known, well-functioning and well-tooled ones. Benefits you
mentioned are negligible.

~~~
coroutines
A year or so ago it seemed like SCTP was actually going to be a thing someday.

If SCTP did become the protocol we transition TCP/UDP to - should port numbers
stay? (iyo)

~~~
dozzie
Port numbers will stay, because SCTP defines them.

If you want to get rid of port numbers, you will need to roll a new protocol,
and nobody will go this way merely because of four bytes per packet.

Also, there would probably be vast amount of unexpected traps and pitholes
without port numbers. We already know well how to work with port numbers. We
don't know too well how to work without them.

------
coroutines
I originally asked about this in the wrong place.

[http://www.spinics.net/lists/kernel/msg2001254.html](http://www.spinics.net/lists/kernel/msg2001254.html)

I hope this is the right place >.>

------
__kmem__
Every new service or process that wants to listen on a NIC would lead to a new
ip address created for the same machine, which in turn leads to updating of
all possible routers of the internet, which would be a useless waste.

~~~
coroutines
I do not think this would be so - you would still be under the same route
summary/network prefix advertised to you by your ISP's gateway :> Not everyone
would get an IPv6 address like this so I do see the waste otherwise ~

