Protocol Ports Used by Avi Vantage for Management Communication
Overview
The Avi Controller and Avi Service Engines use the following ports for management. The firewall should allow traffic for these ports.
| Traffic Source | Traffic Destination | Ports To Allow |
|---|---|---|
| Avi Controller | Avi Controller | TCP 22 (SSH) TCP 443 (HTTPS) TCP 8443 (HTTPS) TCP 5098 (SSH) (if controller is a docker container, SSH is on port 5098) |
| External Entities | See sections below the table. | |
| Service Engine | Not Required | |
| Avi Service Engine | Avi Controller | TCP 22 (SSH) TCP 8443 (HTTPS) UDP 123 (NTP) TCP 5098 (SSH) (if controller is a docker container, SSH is on port 5098) |
| External Network Services | TCP 22 (SSH) TCP 80 (HTTP) (optional) TCP 443 (HTTPS) TCP 5054 (CLI Server) (if using the optional CLI shell for remote management access) UDP 161 (SNMP agent listens to this port) |
Notes:
- You do not have to open any firewall port from Controller to SE.
- The source IP comes from the Avi Controller IP and not from the cluster IP, even if the cluster IP is configured.
- The secure channel on port 22 (or 5098 in container environments) is used for communication between Avi components for configuration sync, metrics and logs transfer, heartbeats and other management processes.
- 5098 port on the container side is not supported in the OpenStack mode.
For more details on the system portal 8443 and port 22 usage, refer to Avi Controller to SE Communication.
Ports Used by Controller for Network Services
The Controller may send traffic to the following ports as part of network operation. The firewall also should allow traffic from the Controller to these ports.
| Application | Protocol | Port Number |
|---|---|---|
| SMTP | TCP | 25 |
| DNS | UDP | 53 |
| NTP | UDP | 123 |
| SNMP traps | UDP | 162 |
| LDAP | TCP or UDP | 389 |
| syslog | UDP | 514 |
| LDAPS | TCP or UDP | 636 |
Protocols / Ports Used by Cloud Orchestrators
OpenStack
Some or all of the following ports may be required:
| For | Protocol | Port Number |
|---|---|---|
| Keystone | TCP | 5000 35357 |
| Galance | TCP | 9292 |
| Nova | TCP | 8774 |
| Neutron | TCP | 9696 |
| Heat (optional; used for autoscaling back-end members) | TCP | 8004 |
VMware vCenter
- Controller-to-ESXi hosts: port 443
OpenShift Master
- Port 8443
Kubernetes Master
- Port 8080 for unauthenticated masters
Mesos or DC/OS Masters
| For | Port Number |
|---|---|
| Masters | Port 5050 |
| Unauthenticated Marathon Services | Port 80 |
Ports Used by Container Cluster Nodes
OpenShift
- Port 22
Kubernetes Minions
- Port 22
Mesos Nodes
- Port 22