Network ports
Ports that will be opened on cluster nodes depend on services that will run on the node and traffic types associated with them. Before enabling a specific service on a cluster node, you need to assign the respective traffic type to a network this node is connected to. Assigning a traffic type to a network configures a firewall on nodes connected to this network, opens specific ports on node network interfaces, and sets the necessary iptables rules.
The table below lists all the required ports and services associated with them:
| Service | Traffic type | Port | Traffic direction | Description |
|---|---|---|---|---|
| Web control panel | Admin panel1 | TCP 8888 | Inbound | External access to the admin panel. |
| Self-service panel | TCP 8800 | Inbound | External access to the self-service panel. | |
| Management | Internal management | all ports of a subnet | Inbound/outbound | Internal cluster management and transfers of node monitoring data to the admin panel. |
| Metadata service | Storage | all ports of a subnet | Inbound/outbound | Internal communication between MDS services, as well as with chunks services and clients. |
| Chunk service | all ports of a subnet | Inbound/outbound | Internal communication with MDS services and clients. | |
| Client | all ports of a subnet | Inbound/outbound | Internal communication with MDS and chunk services. | |
| Backup Gateway | Backup (ABGW) public | TCP 40440, 44445 | Inbound | External data exchange with Acronis Cyber Protect agents and Acronis Cyber Protect Cloud. |
| Backup (ABGW) private | all ports of a subnet | Inbound/outbound | Internal management of and data exchange between multiple backup storage services. | |
| — | TCP 8443 | Outbound | Data control for Acronis Cyber Protect agents and Management server | |
| — | TCP 9877 | Outbound | Registration with Acronis Cyber Protect Management server in on-premises installations | |
| iSCSI | iSCSI | TCP 3260 | Inbound | External data exchange with the iSCSI access point. |
| S3 | S3 public | TCP 80, 443 | Inbound | External data exchange with the S3 access point. |
| OSTOR private | all ports of a subnet | Inbound/outbound | Internal data exchange between multiple S3 services. | |
| NFS | NFS | TCP/UDP 111, 892, 2049 | Inbound | External data exchange with the NFS access point. |
| OSTOR private | all ports of a subnet | Inbound/outbound | Internal data exchange between multiple NFS services. | |
| Compute | Compute API2 | External access to standard OpenStack API endpoints: | ||
| TCP 5000 | Inbound | Identity API v3 | ||
| TCP 6080 | Inbound | noVNC Websocket Proxy | ||
| TCP 8004 | Inbound | Orchestration Service API v1 | ||
| TCP 8041 | Inbound | Gnocchi API (billing metering service) | ||
| TCP 8774 | Inbound | Compute API | ||
| TCP 8776 | Inbound | Block Storage API v3 | ||
| TCP 8780 | Inbound | Placement API | ||
| TCP 9292 | Inbound | Image Service API v2 | ||
| TCP 9313 | Inbound | Key Manager API v1 | ||
| TCP 9513 | Inbound | Container Infrastructure Management API (Kubernetes service) | ||
| TCP 9696 | Inbound | Networking API v2 | ||
| TCP 9888 | Inbound | Octavia API v2 (load balancer service) | ||
| VM public | L2 layer | Inbound/outbound | External data exchange between VMs and public networks. | |
| VM private | UDP 4789 | Inbound/outbound | Network traffic between VMs in compute virtual networks. | |
| TCP 15900–16900 | Inbound/outbound | VNC console traffic. | ||
| VM backups | TCP 49300–65535 | Inbound/outbound3 | External access to NBD endpoints. | |
| — | UDP 500, 4500 | Outbound | VPN as a Service | |
| SSH | SSH | TCP 22 | Inbound | Remote access to nodes via SSH. |
| SNMP | SNMP4 | UDP 161 | Inbound | External access to storage cluster monitoring statistics via the SNMP protocol. |
| DNS | — | TCP/UDP 53 | Outbound | DNS name resolution. |
| NTP | — | UDP 123 | Outbound | Time syncronization. |
See also