logo
Courses Blog About Login

Ports Aren't Numbers, They're Doors: A Mental Model for SREs

An interview question about ports is not a trivia quiz. It's a test of your mental map of a distributed system. A junior engineer memorizes numbers. A senior engineer understands what conversations happen behind each door. Let's build the right mental model.

District 1: Public Infrastructure

These are the fundamental utilities of your digital city. If these are blocked, nothing else matters.

  • 22 → SSHThe secure maintenance tunnels. The primary way engineers get privileged access to fix things directly.
  • 80 → HTTPThe old, unsecured public entrance. Mostly a redirect to the secure lobby now.
  • 443 → HTTPSThe main, secure public lobby. All user traffic, all API calls, enter here. The most important door to keep open.
  • 53 → DNSThe city's address book. How names ("google.com") are translated into physical locations (IP addresses).
  • 25/587 → SMTPThe city's post office. How all emails and alerts are sent out.
  • 123 → NTPThe city's clock tower. Ensures every system in the city agrees on the exact time, which is critical for logging and coordination.

District 2: The Observability Department

This is the city's nervous system and census bureau. These doors allow you to understand the health and state of the city.

  • 9090 → PrometheusThe census bureau's main office. Where all vital statistics (metrics) about the city are collected and queried.
  • 9100 → Node ExporterThe census worker on every block (server), reporting local statistics back to the main office.
  • 3000 → GrafanaThe mayor's situation room. Visualizes the data from the census bureau into understandable dashboards.
  • 9093 → AlertmanagerThe emergency broadcast system. Takes alerts from Prometheus and routes them to the right responders.
  • 9200/9300 → ElasticsearchThe city's public library and archive. A searchable database for all logs and documents. 9200 is for the public API, 9300 for internal cluster communication.
  • 5601 → KibanaThe librarian's desk. The user interface for searching the Elasticsearch archives.
  • 8080 → Jenkins UIThe construction site foreman's office. The main UI for the CI/CD system.

District 3: The Government & Control Plane

This is city hall. These are the highly privileged doors where the laws of the system are written and enforced. Securing these is paramount.

  • 6443 → Kubernetes API ServerThe Mayor's Office. This is the central control plane for the entire Kubernetes cluster. All `kubectl` commands go here.
  • 10250 → Kubelet APIThe local precinct captain on every block (node). Takes orders from the API server and manages containers locally.
  • 10257/10259 → Controller Mgr / SchedulerThe city planning department. Decides which new buildings (pods) get built and where.
  • 2375/2376 → Docker APIThe local building inspector's office. The API for controlling the container runtime directly on a node. 2376 is the secure version.
  • 30000-32767 → K8s NodePortPublicly accessible PO Boxes. A range of ports Kubernetes can assign to services to expose them to the outside world.
"A port number isn't a random integer; it's the address of a specific conversation. During an outage, you're not debugging a server; you're finding out which critical conversations have stopped. Master the conversations, not the numbers."

Written by Benito J D

More interview wisdom at www.benify.in

Launch your GraphyLaunch your Graphy
100K+ creators trust Graphy to teach online
𝕏
Benify 2026 Privacy policy Terms of use Contact us Refund policy