Disadvantages
If for some reason or other the port knocking daemon dies, you are left with a system you cannot connect with. This is also known as a single point of failure. However, to help mitigate this problem, modern port knocking implementations include a process monitoring daemon that will restart the port knocking daemon if it dies.
Another problem is that an attacker can lock out any known IP addresses (e.g. the administrator's) by sending packets with spoofed IP address to random ports. For server-to-server communication this could be especially harmful because IPs are well known and sometimes can't be changed easily. This could be prevented by using cryptographic hashes mentioned above.
Also, an important consideration is that due to the way TCP/IP routes packets, there is a very real probability that individual packet components of the individual "knocks" arrive out of sequence, or that some are dropped entirely. This means that legitimate requests have the potential to be "incorrect" in the eyes of the server, and that this must be dealt with by the client (a resend etc.).
Read more about this topic: Port Knocking