Protocol Ports Used by Avi Vantage for Management Communication

Overview

The Avi Controller and Avi Service Engines use the following ports for management. The firewall should allow traffic for these ports.

Traffic Source Traffic Destination Ports To Allow
Avi Controller Avi Controller TCP 22 (SSH)
TCP 443 (HTTPS)
TCP 8443 (HTTPS)
TCP 5098 (SSH) (if controller is a docker container, SSH is on port 5098)
External Entities See sections below the table.
Service Engine Not Required
Avi Service Engine Avi Controller TCP 22 (SSH)
TCP 8443 (HTTPS)
UDP 123 (NTP)
TCP 5098 (SSH) (if controller is a docker container, SSH is on port 5098)
External Network Services TCP 22 (SSH)
TCP 80 (HTTP) (optional)
TCP 443 (HTTPS)
TCP 5054 (CLI Server) (if using the optional CLI shell for remote management access)
UDP 161 (SNMP agent listens to this port)

Notes:

  • You do not have to open any firewall port from Controller to SE.
  • The source IP comes from the Avi Controller IP and not from the cluster IP, even if the cluster IP is configured.
  • The secure channel on port 22 (or 5098 in container environments) is used for communication between Avi components for configuration sync, metrics and logs transfer, heartbeats and other management processes.
  • 5098 port on the container side is not supported in the OpenStack mode.

For more details on the system portal 8443 and port 22 usage, refer to Avi Controller to SE Communication.

Ports Used by Controller for Network Services

The Controller may send traffic to the following ports as part of network operation. The firewall also should allow traffic from the Controller to these ports.

Application Protocol Port Number
SMTP TCP 25
DNS UDP 53
NTP UDP 123
SNMP traps UDP 162
LDAP TCP or UDP 389
syslog UDP 514
LDAPS TCP or UDP 636

Protocols / Ports Used by Cloud Orchestrators

OpenStack

Some or all of the following ports may be required:

For Protocol Port Number
Keystone TCP 5000
35357
Galance TCP 9292
Nova TCP 8774
Neutron TCP 9696
Heat (optional; used for autoscaling back-end members) TCP 8004

VMware vCenter

  • Controller-to-ESXi hosts: port 443

OpenShift Master

  • Port 8443

Kubernetes Master

  • Port 8080 for unauthenticated masters

Mesos or DC/OS Masters

For Port Number
Masters Port 5050
Unauthenticated Marathon Services Port 80

Ports Used by Container Cluster Nodes

OpenShift

  • Port 22

Kubernetes Minions

  • Port 22

Mesos Nodes

  • Port 22