diff --git a/server_port_prot_defaults.md b/server_port_prot_defaults.md
new file mode 100644
index 0000000000000000000000000000000000000000..e6f1eff17c9741ba287aab8034b36514e989060d
--- /dev/null
+++ b/server_port_prot_defaults.md
@@ -0,0 +1,37 @@
+## Platform services connections
+----------------------------------
+
+A current client will still use a v3 eip-service, for these we should use these defaults:
+
+### v3 eip-service.json for clients < 21.3
+
+* geoip bound to port 443 TCP, on frontend node
+* openvpn is bound to port 80 TCP
+* shapeshifter is bound to 443 TCP
+
+### v4 eip-service.json
+
+ see https://0xacab.org/leap/dev-documentation/-/blob/self_healing/client_specs/connection_setup_fallback_strategy.md#generic-client-behavior
+ 
+ Default ports/transports with 1 ingress IP
+ 1194 UDP OpenVPN
+ 53   UDP OpenVPN
+ 80   TCP Pluggable Transports: Question: OpenVPN or PluggableTransports show encrypted traffic to DPI
+ 443  TCP OpenVPN
+ 
+Second ingress IP
+  443 TCP PluggableTransports 
+
+
+## Different scenarios
+
+1 gateway IP
+in- and egress are the same. This is very likely too easy for a simple outside observer to link traffic to an end-user. Danger mode. Complicates setup a lot with demuxers like sslh and its routing
+
+2 IP-mode
+1 ingress and 1 egress IP to mix in- and outgoing traffic of users. It also prevents users to find out about each other (net_gateway in openvpn)
+
+3 IPs and 3 nodes
+Advantages:
+- run services like menshen on TCP port 443
+- run openvpn on port 443