To balance and optimize networking in Virtuozzo Hybrid Infrastructure, you can assign different types of traffic to separate networks. Assigning a traffic type to a network means that a firewall is configured on nodes connected to this network, specific ports are opened on node network interfaces, and the necessary
iptables rules are set. For example, nodes connected to a network with only the S3 public traffic type will accept incoming connections only on ports 80 and 443.
The next three subsections describe all of the traffic types that can be assigned to networks.
Exclusivity means that such a traffic type can be added only to one network.
- Internal management
- Internal cluster management and transfers of node monitoring data to the admin panel. Without this traffic type, the administrator cannot control and monitor the cluster. The cluster, however, continues working. Uses any available port.
- Internal transfers of data chunks, high availability service heartbeats, as well as data self-healing. This is the most critical traffic type that defines storage performance and enables cluster high availability. Uses any available port.
- OSTOR private
- Internal data exchange between multiple S3/NFS services. Uses any available port.
- Backup (ABGW) private
- Internal management of and data exchange between multiple backup storage services. Uses any available port.
- VM private
- Network traffic between VMs in private virtual networks and VNC console traffic. Virtual networks are implemented as VXLAN, overlay networking fully isolated on L2. Opens UDP port 4789 and TCP ports from 15900 to 16900.
- Compute API
External access to standard OpenStack API endpoints. Opens the following ports:
- TCP 5000—Identity API v3
- TCP 6080—noVNC Websocket Proxy
- TCP 8004—Orchestration Service API v1
- TCP 8041—Gnocchi API (billing metering service)
- TCP 8774—Compute API
- TCP 8776—Block Storage API v3
- TCP 8780—Placement API
- TCP 9292—Image Service API v2
- TCP 9313—Key Manager API v1
- TCP 9513—Container Infrastructure Management API (Kubernetes service)
- TCP 9696—Networking API v2
- TCP 9888—Octavia API v2 (load balancer service)
- VM backups
- External access to NBD endpoints. Third-party backup management systems can pull VM backups by using this traffic type. To be able to access backup agents installed in virtual machines, assign this traffic type along with VM public. Opens TCP ports from 49300 to 65535.
Regular traffic types traffic types can be added to multiple networks.
- S3 public
- External data exchange with the S3 access point. Uses TCP ports 80 and 443.
- External data exchange with the iSCSI access point. Uses TCP port 3260.
- External data exchange with the NFS access point. Uses TCP/UDP ports 111, 892, and 2049.
- Backup (ABGW) public
- External data exchange with Acronis Cyber Protect agents and Acronis Cyber Protect Cloud. Uses TCP port 44445.
- Admin panel
- External access to the admin panel. Uses TCP port 8888.
- VM public
- External data exchange between VMs and public networks (for example, the Internet). When a node network interface is assigned to a network with this traffic type, an Open vSwitch bridge is created on that network interface.
- Remote access to nodes via SSH. Uses TCP port 22.
- External access to storage cluster monitoring statistics via the SNMP protocol. Opens UDP port 161.
- Self-service panel
- External access to the self-service panel. Opens TCP port 8800.
Custom traffic types are created by system administrators to open required TCP ports.