Protocol Ports Used by Avi Vantage for Management Communication

The Avi Controller and Avi Service Engines use the following ports for management. The firewall should allow traffic for these ports.

Traffic Source Traffic Destination Ports To Allow
Avi Controller Avi Controller TCP 22 (SSH)
TCP 443 (HTTPS)
TCP 8443 (HTTPS)
TCP 5098 (SSH) (if controller is a docker container, SSH is on port 5098)
External Entities See sections below the table.
Avi Service Engine Avi Controller TCP 22 (SSH)
TCP 8443 (HTTPS)
UDP 123 (NTP)
TCP 5098 (SSH) (if controller is a docker container, SSH is on port 5098)
External Network Services TCP 22 (SSH)
TCP 80 (HTTP) (optional)
TCP 443 (HTTPS)
TCP 5054 (CLI Server) (if using the optional CLI shell for remote management access)
UDP 161 (SNMP agent listens to this port)

Ports Used by Controller for Network Services

The Controller may send traffic to the following ports as part of network operation. The firewall also should allow traffic from the Controller to these ports.

  • TCP 25 (SMTP)
  • TCP 49 (TACACS+)
  • UDP 53 (DNS)
  • UDP 123 (NTP)
  • UDP 162 (SNMP traps)
  • TCP or UDP 389 (LDAP)
  • UDP 514 (syslog)
  • TCP or UDP 636 (LDAPS)

Protocols / Ports Used by Cloud Orchestrators

OpenStack

Some or all of the following ports may be required:

  • Keystone: TCP 5000, 35357
  • Glance: TCP 9292
  • Nova: TCP 8774
  • Neutron: TCP 9696
  • Heat (optional; used for autoscaling back-end members): TCP 8004

VMware vCenter

  • Controller-to-ESXi hosts: port 443

OpenShift Master

  • Port 8443

Kubernetes Master

  • Port 8080 for unauthenticated masters

Mesos or DC/OS Masters

  • Port 5050 for masters
  • Port 80 for unauthenticated Marathon services

Ports Used by Container Cluster Nodes

OpenShift

  • Port 22

Kubernetes Minions

  • Port 22

Mesos Nodes

  • Port 22

Updated: 2017-12-18 09:37:51 +0000