Network ports

Ports that will be opened on cluster nodes depend on services that will run on the node and traffic types associated with them. Before enabling a specific service on a cluster node, you need to assign the respective traffic type to a network this node is connected to. Assigning a traffic type to a network configures a firewall on nodes connected to this network, opens specific ports on node network interfaces, and sets the necessary iptables rules.

The table below lists all the required ports and services associated with them:

Service Traffic type Port Traffic direction Description
Web control panel Admin panel1 TCP 8888 Inbound External access to the admin panel.
Self-service panel TCP 8800 Inbound External access to the self-service panel.
Management Internal management all ports of a subnet Inbound/outbound Internal cluster management and transfers of node monitoring data to the admin panel.
Metadata service Storage all ports of a subnet Inbound/outbound Internal communication between MDS services, as well as with chunks services and clients.
Chunk service all ports of a subnet Inbound/outbound Internal communication with MDS services and clients.
Client all ports of a subnet Inbound/outbound Internal communication with MDS and chunk services.
Backup Gateway Backup (ABGW) public TCP 40440, 44445 Inbound External data exchange with Acronis Cyber Protect agents and Acronis Cyber Protect Cloud.
Backup (ABGW) private all ports of a subnet Inbound/outbound Internal management of and data exchange between multiple backup storage services.
TCP 8443 Outbound Data control for Acronis Cyber Protect agents and Management server
TCP 9877 Outbound Registration with Acronis Cyber Protect Management server in on-premises installations
iSCSI iSCSI TCP 3260 Inbound External data exchange with the iSCSI access point.
S3 S3 public TCP 80, 443 Inbound External data exchange with the S3 access point.
OSTOR private all ports of a subnet Inbound/outbound Internal data exchange between multiple S3 services.
NFS NFS TCP/UDP 111, 892, 2049 Inbound External data exchange with the NFS access point.
OSTOR private all ports of a subnet Inbound/outbound Internal data exchange between multiple NFS services.
Compute Compute API2     External access to standard OpenStack API endpoints:
TCP 5000 Inbound Identity API v3
TCP 6080 Inbound noVNC Websocket Proxy
TCP 8004 Inbound Orchestration Service API v1
TCP 8041 Inbound Gnocchi API (billing metering service)
TCP 8774 Inbound Compute API
TCP 8776 Inbound Block Storage API v3
TCP 8780 Inbound Placement API
TCP 9292 Inbound Image Service API v2
TCP 9313 Inbound Key Manager API v1
TCP 9513 Inbound Container Infrastructure Management API (Kubernetes service)
TCP 9696 Inbound Networking API v2
TCP 9888 Inbound Octavia API v2 (load balancer service)
VM public L2 layer Inbound/outbound External data exchange between VMs and public networks.
VM private UDP 4789 Inbound/outbound Network traffic between VMs in compute virtual networks.
TCP 15900–16900 Inbound/outbound VNC console traffic.
VM backups TCP 49300–65535 Inbound/outbound3 External access to NBD endpoints.
UDP 500, 4500 Outbound VPN as a Service
SSH SSH TCP 22 Inbound Remote access to nodes via SSH.
SNMP SNMP4 UDP 161 Inbound External access to storage cluster monitoring statistics via the SNMP protocol.
DNS TCP/UDP 53 Outbound DNS name resolution.
NTP UDP 123 Outbound Time syncronization.