Someone non-technical recently asked me the question, “what actually is a server?”. They knew it was just a type of computer that runs somewhere that can be accessible over the internet, but they were interested in how they differ from “normal” computers.
The conversation moved on to how these computers can make several different functions available at the same time over the network, which brought us on to the topic of services and network ports.
I was considering a few analogies to best describe the concept of services and ports, and then began talking about shopping malls.
Shopping malls and servers
A single shopping mall allows visitors to interact with a large range of different shops and services - such as stores, restaurants, post offices, vending machines, car parks, and more. A single shopping mall is a bit like a computer (or server).
Each unit (that hosts a service) within the mall is usually numbered, like houses on a street. For example, a specific restaurant might be given the number 2500
within the mall. This allows for each service to be addressed uniquely for easier discovery (e.g. for delivering mail or packages). Although each service can be complex and provide a range of functionality, there can only be one service available at each service number.
If, for example, I wanted to visit the post office in the mall I might visit unit number 110
. Here I can prove my identity in order to receive mail that they may be holding for me. Bringing this back to severs, this concept is similar to that of using POP (Post Office Protocol) for retrieving email from a mail server; I connect to (typically) port 110
on the mail server, authenticate, and then I can download the messages.
If I wanted to know the time, I might choose to visit an exhibition of old fashioned watches that happens to be on display in unit 37
. Here, I can’t interact with the service in a way other than viewing the time (and appreciating the watches), and each person can only stay for a short while. Similarly, in computing, if I connected to port 37
via TCP of a server running the appropriate Time Protocol service I should simply receive back the current time.
If I happened to work in managing the mall, I might visit unit 22
- the manager’s office (equivalent to connecting to a server via SSH on port 22
) and remain there all day until I finish work.
The analogies can go much further. The essential thing is that - in computing - I can send traffic over a supported protocol to a specific port in able to interact with the type of service at that port. Some services (like the time protocol one above) might just send a response and then close the connection, whereas others (such as SSH) allow for an ongoing connection to be maintained in order to support a rich and feature-ful experience.
Although many malls have their manager’s office at unit 22
, this is just convention and is not a requirement. The SSH daemon (the service that handles the SSH connection) can run on a different port if so desired. Similarly, libraries are often available at unit 80
in many malls - however in some malls there may be multiple libraries available at a range of different unit numbers (and maybe an extra secure library in unit 443
).
Some malls may have a watch exhibition, but it has been closed by the managers (still sitting in unit 22
). Since I can’t get in, I am unable to view the current time even if the exhibition itself still exists (I may not even know there is a watch exhibition).
Other malls may not have a watch exhibition on at all. If I visited unit 37
of these types of malls it would probably be closed. If the unit happens to be open for some reason, the unit would just be empty and I would not be able to receive the service or interact with it in any way.
Lots of malls recruit security guards to protect the entrance (and exit) of each unit. These guards (the “firewall”) ensure that visitors are allowed into the unit in order to receive the service (even if the unit is open) - perhaps by verifying their proof of address (source IP) - and turn people away if they don’t fulfil the requirements. The firewall guards may also prevent people from leaving the unit.
If someone keeps trying to repeatedly enter a guarded unit without the appropriate information, they might get banned (either temporarily or permanently).
Additionally, some units may only admit staff that work in other units of the same mall - this could be done by issuing new rules for the firewall guards or perhaps there is a non-public back corridor connecting the units that only mall staff can use (the loopback interface).
If the mall is closed completely, then I can’t reach any of the ports or receive any service. For example, if the server is currently turned off or disconnected from the network.
Some differences
Of course, the mall vs. server anaology isn’t perfect. Most servers only have a small handful of ports open at a given time, and these would be heavily restricted with firewalls and other network protections.
Equally, when someone does visit a server, they usually do so with one goal in mind (e.g. to download mail OR retrieve web content). In reality, visitors may spend a few hours in a mall and visit a large number of different shops and services.
However, I find this analogy an interesting and useful way to describe some of the basic networking principles.