Protocol Ports Used by Avi Vantage for Management Communication
The Avi Controller and Avi Service Engines use the following ports for management. The firewall should allow traffic for these ports.
| Traffic Source | Traffic Destination | Ports To Allow |
|---|---|---|
| Avi Controller | Avi Controller | TCP 22 (SSH) TCP 443 (HTTPS) TCP 8443 (HTTPS) TCP 5098 (SSH) (if controller is a docker container, SSH is on port 5098) |
| External Entities | See sections below the table. | |
| Service Engine | Not Required | |
| Avi Service Engine | Avi Controller | TCP 22 (SSH) TCP 8443 (HTTPS) UDP 123 (NTP) TCP 5098 (SSH) (if controller is a docker container, SSH is on port 5098) |
| External Network Services | TCP 22 (SSH) TCP 80 (HTTP) (optional) TCP 443 (HTTPS) TCP 5054 (CLI Server) (if using the optional CLI shell for remote management access) UDP 161 (SNMP agent listens to this port) |
Note: The source IP comes from the Avi Controller IP and not from the cluster IP, even if the cluster IP is configured.
Ports Used by Controller for Network Services
The Controller may send traffic to the following ports as part of network operation. The firewall also should allow traffic from the Controller to these ports.
- TCP 25 (SMTP)
- TCP 49 (TACACS+)
- UDP 53 (DNS)
- UDP 123 (NTP)
- UDP 162 (SNMP traps)
- TCP or UDP 389 (LDAP)
- UDP 514 (syslog)
- TCP or UDP 636 (LDAPS)
Protocols / Ports Used by Cloud Orchestrators
OpenStack
Some or all of the following ports may be required:
- Keystone: TCP 5000, 35357
- Glance: TCP 9292
- Nova: TCP 8774
- Neutron: TCP 9696
- Heat (optional; used for autoscaling back-end members): TCP 8004
VMware vCenter
- Controller-to-ESXi hosts: port 443
OpenShift Master
- Port 8443
Kubernetes Master
- Port 8080 for unauthenticated masters
Mesos or DC/OS Masters
- Port 5050 for masters
- Port 80 for unauthenticated Marathon services
Ports Used by Container Cluster Nodes
OpenShift
- Port 22
Kubernetes Minions
- Port 22
Mesos Nodes
- Port 22