48 KiB
48 KiB
Distributed Cloud Ports Reference
A number of ports must be available for various components to function correctly.
| Protocol | Port | Network | Description | System Controller | Subcloud | Initiator | Destination | Notes |
|---|---|---|---|---|---|---|---|---|
| tcp | 22 |
|
ssh | allowed | allowed | System Controller | Subclouds | For admin login |
| tcp | 22 |
|
ssh | allowed | allowed | Subclouds | System Controller | For admin login |
| tcp | 22 |
|
ssh | allowed | allowed | System Controller | Subclouds | |
| tcp | 22 |
|
ssh | allowed | allowed | Subclouds | System Controller | |
| udp | 123 |
|
ntp | allowed | allowed | Not used between System Controller and Subclouds | ||
| udp | 123 |
|
ntp | allowed | allowed | Not used between System Controller and Subclouds | ||
| udp | 161 |
|
snmp | allowed | allowed | Not used between System Controller and Subclouds | ||
| udp | 161 |
|
snmp | allowed | allowed | Not used between System Controller and Subclouds | ||
| udp | 162 |
|
snmp trap | allowed | allowed | System Controller | Subclouds | |
| udp | 162 |
|
snmp trap | allowed | allowed | Subclouds | System Controller | |
| udp | 162 |
|
snmp trap | allowed | allowed | System Controller | Subclouds | |
| udp | 162 |
|
snmp trap | allowed | allowed | Subclouds | System Controller | |
| tcp | 162 |
|
snmp trap | allowed | allowed | Not used between System Controller and Subclouds | ||
| tcp | 162 |
|
snmp trap | allowed | allowed | Not used between System Controller and Subclouds | ||
| tcp | 389 | oam | openLDAP | blocked(by gnp) | NA | Not used between System Controller and Subclouds | ||
| tcp | 389 | mgmt | openLDAP | allowed | NA | Subclouds | System Controller | LDAP service |
| tcp | 636 | oam | openLDAP | blocked(by gnp) | NA | Not used between System Controller and Subclouds | ||
| tcp | 636 | mgmt | openLDAP | allowed | NA | Subclouds | System Controller | LDAP service, https enable |
| tcp | 873 | oam | rsyncd | blocked(by gnp) | blocked(by gnp) | Not used between System Controller and Subclouds | Used for synchronizing patches among nodes | |
| tcp | 873 | mgmt | rsyncd | allowed | allowed | Not used between System Controller and Subclouds | Used for synchronizing patches among nodes | |
| tcp/udp | 2049 | oam | nfs | blocked (by gnp) | blocked (by gnp) | Not used between System Controller and Subclouds | Used for sharing data among nodes | |
| tcp/udp | 2049 | mgmt | nfs | allowed | allowed | Not used between System Controller and Subclouds | Used for sharing data among nodes | |
| udp | 2222 |
|
sm | allowed | allowed | Not used between System Controller and Subclouds | ||
| udp | 2222 |
|
sm | allowed | NA | Not used between System Controller and Subclouds | ||
| udp | 2223 |
|
sm | allowed | NA | Not used between System Controller and Subclouds | ||
| tcp6 | 3300 | mgmt | ceph-mon | allowed | allowed | Not used between SystemController and Subclouds | ||
| tcp | 4545 |
|
stx-nfv | allowed(service pu | blic endpoint) | Not used between System Controller and Subclouds | vim-restapi public endpoint | |
| tcp | 4545 |
|
stx-nfv | allowed(service in | ternal endpoint) | Not used between System Controller and Subclouds | vim-restapi public endpoint | |
| tcp | 4546 |
|
stx-nfv | allowed(service ad | min endpoint) | System Controller | Subclouds | vim-restapi admin endpoint, https enabled |
| tcp | 4546 |
|
stx-nfv | allowed(service ad | min endpoint) | Subclouds | System Controller | vim-restapi admin endpoint, https enabled |
| tcp | 5000 | oam | keystone-api | allowed(service pu | blic endpoint) | Not used between System Controller and Subclouds | ||
| tcp | 5000 | mgmt | keystone-api | allowed(service in | ternal endpoint) | Not used between System Controller and Subclouds | ||
| tcp | 5001 | mgmt | keystone-api | allowed(service ad | min endpoint) | System Controller | Subclouds | https enabled |
| tcp | 5001 | mgmt | keystone-api | allowed(service ad | min endpoint) | Subclouds | System Controller | https enabled |
| tcp | 5432 | oam | postgres | blocked (by gnp) | blocked (by gnp) | Not used between System Controller and Subclouds | postgres db serving port | |
| tcp | 5432 | mgmt | postgres | allowed(serving po | rt) | Not used between System Controller and Subclouds | postgres db serving port | |
| tcp | 5491 | oam | patching-api | blocked (by gnp) | blocked (by gnp) | Not used between System Controller and Subclouds | ||
| tcp | 5491 | mgmt | patching-api | allowed(service in | ternal endpoint) | Not used between System Controller and Subclouds | patching-api internal endpoint | |
| tcp | 5492 | mgmt | patching-api | allowed(service ad | min endpoint) | System Controller | Subclouds | patching-api admin endpoint,https enabled |
| tcp | 5492 | mgmt | patching-api | allowed(service ad | min endpoint) | Subclouds | System Controller | patching-api admin endpoint,https enabled |
| tcp | 15491 | oam | patching-api | allowed(service pu | blic endpoint) | Not used between System Controller and Subclouds | patching-api public endpoint | |
| tcp | 6385 | oam | sysinv-api | allowed(service pu | blic endpoint) | Not used between System Controller and Subclouds | ||
| tcp | 6385 | mgmt | sysinv-api | allowed(service pu | blic endpoint) | Not used between System Controller and Subclouds | ||
| tcp | 6386 | mgmt | sysinv-api | allowed(service pu | blic endpoint) | System Controller | Subclouds | https enabled |
| tcp | 6386 | mgmt | sysinv-api | allowed(service pu | blic endpoint) | Subclouds | System Controller | https enabled |
| tcp6 | 6789 | mgmt | ceph-mon | allowed | allowed | Not used between SystemController and Subclouds | ||
| tcp6 | 6800 | mgmt | ceph-mgr | allowed | allowed | Not used between SystemController and Subclouds | ||
| tcp6 | 6801 | mgmt | ceph-mgr | allowed | allowed | Not used between SystemController and Subclouds | ||
| tcp6 | 6802 | mgmt | ceph-mds | allowed | allowed | Not used between SystemController and Subclouds | ||
| tcp6 | 6803 | mgmt | ceph-mds | allowed | allowed | Not used between SystemController and Subclouds | ||
| tcp | 6804 | mgmt | ceph-mds | allowed | allowed | Not used between SystemController and Subclouds | ||
| tcp | 6805 | mgmt | ceph-mds | allowed | allowed | Not used between SystemController and Subclouds | ||
| tcp | 7777 | oam | stx-ha (sm) | allowed(service pu | blic endpoint) | Not used between System Controller and Subclouds | sm-api public endpoint | |
| tcp | 7777 | mgmt | stx-ha (sm) | allowed(service in | ternal endpoint) | Not used between System Controller and Subclouds | sm-api public endpoint | |
| tcp | 7778 | mgmt | stx-ha (sm) | allowed(service ad | min endpoint) | Not used between System Controller and Subclouds | sm-api admin endpoint, https enabled | |
| tcp6 | 7999 | mgmt | ceph-mgr | allowed | allowed | Not used between System Controller and Subclouds | ||
| tcp | 8080 | oam | horizon http | allowed | blocked(by gnp) | Not used between System Controller and Subclouds | Not required if using https | |
| tcp | 8080 | mgmt | horizon http | allowed | allowed | System Controller | Subclouds | Not required if using https |
| tcp | 8080 | mgmt | horizon http | allowed | allowed | Subclouds | System Controller | Not required if using https |
| tcp | 8119 | oam | stx-distcloud | allowed(service public endpoint) | NA | Not used between System Controller and Subclouds | dcmanager-api | |
| tcp | 8119 | mgmt | stx-distcloud | allowed(service public endpoint) | NA | Not used between System Controller and Subclouds | dcmanager-api | |
| tcp | 8120 | mgmt | stx-distcloud | allowed(service public endpoint) | NA | Not used between System Controller and Subclouds | dcmanager-api, https enabled | |
| tcp | 8219 | mgmt | dcdbsync-api | allowed(service in | ternal endpoint) | Not used between System Controller and Subclouds | ||
| tcp | 8220 | mgmt | dcdbsync-api | allowed(service ad | min endpoint) | System Controller | Subclouds | https enabled |
| tcp | 8220 | mgmt | dcdbsync-api | allowed(service ad | min endpoint) | Subclouds | System Controller | https enabled |
| tcp | 8443 | oam | horizon https | allowed | blocked(by gnp) | Not used between System Controller and Subclouds | ||
| tcp | 8443 | mgmt | horizon https | allowed | allowed | System Controller | Subclouds | |
| tcp | 8443 | mgmt | horizon https | allowed | allowed | Subclouds | System Controller | |
| tcp | 9001 | oam | Docker registry | allowed(serving po | rt) | System Controller | Subclouds | https enabled |
| tcp | 9001 | oam | Docker registry | allowed(serving po | rt) | Subclouds | System Controller | https enabled |
| tcp | 9001 | mgmt | Docker registry | allowed(serving po | rt) | System Controller | Subclouds | https enabled |
| tcp | 9001 | mgmt | Docker registry | allowed(serving po | rt) | Subclouds | System Controller | https enabled |
| tcp | 9002 | oam | Registry token server | allowed(serving po | rt) | System Controller | Subclouds | https enabled |
| tcp | 9002 | oam | Registry token server | allowed(serving po | rt) | Subclouds | System Controller | https enabled |
| tcp | 9002 | mgmt | Registry token server | allowed(serving po | rt) | System Controller | Subclouds | https enabled |
| tcp | 9002 | mgmt | Registry token server | allowed(serving po | rt) | Subclouds | System Controller | https enabled |
| tcp | 9311 | oam | barbican-api | allowed(service pu | blic endpoint) | Not used between System Controller and Subclouds | ||
| tcp | 9311 | mgmt | barbican-api | allowed(service in | ternal endpoint) | Not used between System Controller and Subclouds | ||
| tcp | 9312 | mgmt | barbican-api | allowed(service ad | min endpoint) | System Controller | Subclouds | https enabled |
| tcp | 9312 | mgmt | barbican-api | allowed(service ad | min endpoint) | Subclouds | System Controller | https enabled |
| tcp | 11211 | mgmt | memcached | allowed(keystone c | ache backend) | Not used between System Controller and Subclouds | keystone cache backend | |
| tcp | 18002 | oam | stx-fault | allowed(service pu | blic endpoint) | Not used between System Controller and Subclouds | ||
| tcp | 18002 | mgmt | stx-fault | allowed(service in | ternal endpoint) | Not used between System Controller and Subclouds | ||
| tcp | 18003 | mgmt | stx-fault | allowed(service ad | min endpoint) | System Controller | Subclouds | https enabled |
| tcp | 18003 | mgmt | stx-fault | allowed(service ad | min endpoint) | Subclouds | System Controller | https enabled |
| icmp | NA | oam | icmp | allowed | allowed | Not used between System Controller and Subclouds The only exception is when using ICMP during subcloud installs. |
||
| icmp | NA | mgmt | icmp | allowed | allowed | Not used between System Controller and Subclouds The only exception is when using ICMP during subcloud installs. |
||
| tcp | 25491 | oam | dcorch-patch -api-proxy | allowed (service public endpoint) | NA | Not used between System Controller and Subclouds | dcorch-patch-api-proxy public endpoint | |
| tcp | 25491 | mgmt | dcorch-patch -api-proxy | allowed(service internal endpoint) | NA | Not used between System Controller and Subclouds | dcorch-patch-api-proxy internal endpoint | |
| tcp | 25492 | mgmt | dcorch-patch -api-proxy | allowed(service admin endpoint) | NA | Not used between System Controller and Subclouds | dcorch-patch-api-proxy admin endpoint | |
| tcp | 30001-30004 | mgmt | VIM | allowed | allowed | Not used between System Controller and Subclouds | ||
| tcp | 30555 | oam | OIDC Client | blocked(by gnp) | Not used between System Controller and Subclouds | Only when OIDC app is applied | ||
| tcp | 30555 | mgmt | OIDC Client | allowed(serving po | rt) | Not used between System Controller and Subclouds | Only when OIDC app is applied | |
| tcp | 30556 | oam | DEX OIDC Provider | blocked(by gnp) | Not used between System Controller and Subclouds | Only when OIDC app is applied | ||
| tcp | 30556 | mgmt | DEX OIDC Provider | allowed(serving po | rt) | Not used between System Controller and Subclouds | Only when OIDC app is applied | |
| tcp | 32000 | oam | Kubernetes dashboard | allowed(NodePort) | allowed | Not used between System Controller and Subclouds | Only when Kubernetes Dashboard is installed | |
| tcp | 32000 | mgmt | Kubernetes dashboard | allowed(NodePort) | allowed | Not used between System Controller and Subclouds | Only when Kubernetes Dashboard is installed | |
| tcp | 32323 | oam | vim-webserver | blocked(by gnp) | blocked(by gnp) | Not used between System Controller and Subclouds |