Ports used by PowerVC
This topic lists ports used by PowerVC for inbound and outbound traffic. This topic also lists the local ports PowerVC uses on the management server.
The host must be reserved for PowerVC and the operating system on which it runs. No additional software must be installed on the management server.
No firewall configuration is
done by default during PowerVC
installation. The -c firewall install option can be used to do some rough automatic
firewall configuration, disabling firewalld and enabling iptables with PowerVC-specific rules on the PowerVC management system. However, this is
not generally recommended. Appropriate firewall configuration can be complex and specific to your
environment, so the recommended approach is to configure your firewall manually based on the
information given in the following table. Also, note that even with -c firewall,
additional firewall configuration might be necessary on network firewalls or registered compute
hosts, which PowerVC does not touch, or
if PowerVC is upgraded to a newer
version that introduces additional port requirements. For production environments, consult your
system and firewall administrators.
- If you are having connectivity issues, the firewall is likely causing the problem. Only apply firewall rules to external facing devices, like br-ex. Do not apply them against the internal devices such as br-tun, br-int, tap devices or others. To determine whether the firewall is the problem, disable the firewall for a short time and if connectivity is restored, that indicates that the rules are incorrect.
- Restarting firewalld services resets the iptable settings configured by PowerVC. This happens when you have already
run
./install -c firewalloption.
Ports used on the management server
| Traffic direction | Port | Usage | Protocol |
|---|---|---|---|
| Inbound | 80 (1) | Apache HTTPD Web Server | TCP (HTTP) |
| Inbound | 443 | Apache HTTPD Web Server | TCP (HTTPS) |
| Inbound | 5000 | keystone | TCP (HTTPS) |
| Inbound | 5470 | bumblebee | TCP (HTTPS) |
| Inbound | 5671 | rabbitmq | TCP (AMQPS) |
| Inbound | 8041 | gnocchi | TCP (HTTPS) |
| Inbound | 8080 | swift | TCP (HTTPS) |
| Inbound | 8428 | validator | TCP (HTTPS) |
| Inbound | 8774 | nova | TCP (HTTPS) |
| Inbound | 8778 | panko | TCP (HTTPS) |
| Inbound | 8998 | clerk | TCP (HTTPS) |
| Inbound | 9000 | cinder | TCP (HTTPS) |
| Inbound | 9292 | glance | TCP (HTTPS) |
| Inbound | 9696 | neutron | TCP (HTTPS) |
| Inbound | 35357 | keystone | TCP (HTTPS) |
| Outbound | Allow ICMP | ping | ICMP |
| Outbound | 22 | Brocade and Cisco Fibre Channel switches, and the IBM® Storwize® family PowerVM® NovaLink hosts |
TCP (SSH) |
| Outbound | 389 | LDAP client | TCP and UDP (LDAP) |
| Outbound | 443 | EMC VNX HMC Brocade HTTPS |
TCP (SSH) |
| Infoblox | TCP (HTTPS) | ||
| Outbound | 636 | LDAP client | LDAPS |
| Outbound | 5989 | EMC PowerMax | TCP (HTTPS) |
| Outbound | 5901 | NovaLink console | TCP (RFB) |
| Outbound | 7778 | XIV® | TCP (SSL) |
| Outbound | 8452 | IBM DS8000® | TCP (HTTPS) |
| Outbound | 12443 | HMC | HTTPS |
|
|||
Ports used by PowerVC on the management server
The ports listed in the following table are used by PowerVC on the management server. These are used internally and are neither inbound nor outbound.
| Port | Usage |
|---|---|
| 4369 | epmd |
| 6200 | swift-object-service |
| 6201 | swift-container-service |
| 6202 | swift-account-service |
| 6080 | nova-novncproxy |
| 7869 | lim |
| 7870 | vemkd |
| 7871 | pem |
| 7872 | egosc |
| 9191 | glance-registry |
| 11211 | memcached |
| 25672 | rabbitmq-dist |
| 50110 | DB |
Ports used on NovaLink managed hosts
For PowerVC to successfully register a NovaLink host, the NovaLink host's firewall must allow inbound traffic for port 22. All other ports in the following table are also required for proper operation.
| Traffic direction | Port | Usage | Protocol |
|---|---|---|---|
| Inbound | Allow ICMP | ping | ICMP |
| Inbound | 22 | Secure shell | TCP (SSH) |
| Inbound | 5901 | NovaLink console | TCP (RFB) |
| Outbound | 5000 | keystone | TCP (HTTPS) |
| Outbound | 5671 | rabbitmq | TCP (AMQPS) |
| Outbound | 8080 | swift | TCP (HTTPS) |
| Outbound | 8774 | nova | TCP (HTTPS) |
| Outbound | 9000 | cinder | TCP (HTTPS) |
| Outbound | 9292 | glance | TCP (HTTPS) |
| Outbound | 9696 | neutron | TCP (HTTPS) |
| 2: New in version 2.0.0. | |||