Ignore the port 80 black hole at your peril

* Don’t lose control of port 80

Even though Steve was trained as a physicist, we usually spend more time in this newsletter discussing topics such as application delivery than we do talking about physics. In this newsletter we get to discuss both.

Let’s start with application delivery. As previous newsletters have pointed out, managing application performance in general, and identifying the applications that are running on a network in particular, are both very complex tasks. There are, however, some factors that we have not previously discussed that make these tasks even more difficult. One of those is the volume of traffic that runs undetected over port 80. This is sometimes referred to as the port 80 blind spot.

Now let’s switch (briefly) to physics. According to Wikipedia, a black hole is a region of space whose gravitational field is so powerful that nothing can escape it once it has fallen past a certain point. Given the growing volume of traffic that typically transits port 80 combined with the risk associated with not being able to manage that traffic we feel justified in calling this phenomena the port 80 black hole.

As a point of reference, in TCP/IP and UDP networks a port is an endpoint to a logical connection and is numbered from 0 to 65535. The ports that are numbered from 0 to 1023 are reserved for privileged services and are designated as well-known ports. For example, port 80 is the port that the server listens to expecting to receive data from Web clients.

Some applications, however, have the ability to hop between ports. A good example of this is instant messaging software such as AOL’s Instant Messenger (AIM). AOL has been assigned ports 5190 – 5193 for its Internet traffic and AIM is typically configured to use these ports. If these ports are blocked, however, AIM will use port 80. As a result, a network manager might well think that by blocking ports 5190 – 5193 they are blocking the use of AIM when in reality they are not.

Skype is a well-known, peer-to-peer based IP telephony and IP video service. Many peer-to-peer applications, including Skype, change the port that they use each time they start. In addition, Skype is particularly adept at port-hopping with the aim of traversing enterprise firewalls. Entering via UDP, TCP, or even TCP on port 80, Skype is usually very successful at passing typical firewalls.

We are not saying that network managers should block applications like AIM or Skype. That is a policy decision that needs to be made by the management of the company. What we are saying is it is difficult to see how we can be successful with application delivery if we ignore the port 80 black hole and continue to let growing volumes of traffic transit our networks without the ability to identify and control this traffic.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)