Ports used by PowerVC
This topic lists ports used by PowerVC for inbound and outbound traffic. This topic also lists the local ports PowerVC uses on the management server.
The host must be reserved for PowerVC and the operating system on which it runs. No additional software must be installed on the management server.
No firewall configuration is
done by default during PowerVC
installation. The -c firewall
install option can be used to do some rough automatic
firewall configuration, disabling firewalld and enabling iptables with PowerVC-specific rules on the PowerVC management system. However, this is
not generally recommended. Appropriate firewall configuration can be complex and specific to your
environment, so the recommended approach is to configure your firewall manually based on the
information given in the following table. Also, note that even with -c firewall
,
additional firewall configuration might be necessary on network firewalls or registered compute
hosts, which PowerVC does not touch, or
if PowerVC is upgraded to a newer
version that introduces additional port requirements. For production environments, consult your
system and firewall administrators.
Ports used on the management server
Traffic direction | Port | Usage | Protocol |
---|---|---|---|
Inbound | 80 (1) | Apache HTTPD Web Server | TCP (HTTP) |
Inbound | 443 | Apache HTTPD Web Server | TCP (HTTPS) |
Inbound | 1191 | Spectrum Scale - Software-defined storage | TCP (SSH) |
31000-32047 | TCP (SSH) | ||
Inbound | 5000 | keystone | TCP (HTTPS) |
Inbound | 5470 | bumblebee | TCP (HTTPS) |
Inbound | 5671 | rabbitmq | TCP (AMQPS) |
Inbound | 8041 | gnocchi | TCP (HTTPS) |
Inbound | 8080 | swift | TCP (HTTPS) |
Inbound | 8428 | validator | TCP (HTTPS) |
Inbound | 8774 | nova | TCP (HTTPS) |
Inbound | 8778 | panko | TCP (HTTPS) |
Inbound | 8998 | clerk | TCP (HTTPS) |
Inbound | 9000 | cinder | TCP (HTTPS) |
Inbound | 9292 | glance | TCP (HTTPS) |
Inbound | 9696 | neutron | TCP (HTTPS) |
Inbound | 35357 | keystone | TCP (HTTPS) |
Outbound | Allow ICMP | ping | ICMP |
Outbound | 22 | Brocade and Cisco Fibre Channel switches, and the IBM® Storwize® family PowerVM® NovaLink hosts |
TCP (SSH) |
Outbound | User specified - typically 25 or 587 | Email notifications | SMTP |
Outbound | 389 | LDAP client | TCP and UDP (LDAP) |
Outbound | 443 | EMC VNX HMC Brocade HTTPS |
TCP (SSH) |
Infoblox | TCP (HTTPS) | ||
Outbound | 636 | LDAP client | LDAPS |
Outbound | 1191 | Spectrum Scale - Software-defined storage | TCP (SSH) |
31000-32047 | |||
Outbound | 5989 | EMC VMAX | TCP (HTTPS) |
Outbound | 5901 | NovaLink console | TCP (RFB) |
Outbound | 7778 | XIV® | TCP (SSL) |
Outbound | 8452 | IBM DS8000® | TCP (HTTPS) |
Outbound | 12443 | HMC | HTTPS |
|
Ports used by PowerVC on the management server
The ports listed in the following table are used by PowerVC on the management server. These are used internally and are neither inbound nor outbound.
Port | Usage |
---|---|
4369 | epmd |
6200 | swift-object-service |
6201 | swift-container-service |
6202 | swift-account-service |
6080 | nova-novncproxy |
7869 | lim |
7870 | vemkd |
7871 | pem |
7872 | egosc |
9191 | glance-registry |
11211 | memcached |
25672 | rabbitmq-dist |
50110 | DB |
Ports used on NovaLink managed hosts
For PowerVC to successfully register a NovaLink host, the NovaLink host's firewall must allow inbound traffic for port 22. All other ports in the following table are also required for proper operation.
Traffic direction | Port | Usage | Protocol |
---|---|---|---|
Inbound | Allow ICMP | ping | ICMP |
Inbound | 22 | Secure shell | TCP (SSH) |
Inbound | 4789 | Software-defined networking (SDN) overlays | UDP |
Inbound | 5901 | NovaLink console | TCP (RFB) |
Inbound | 1191(2) | Spectrum Scale registration on KVM systems | TCP |
Inbound | 31000(2) | Spectrum Scale registration on KVM systems | TCP |
Inbound | 32047(2) | Spectrum Scale registration on KVM systems | TCP |
Inbound | 4789(2) | SDN overlays on KVM systems | TCP |
Inbound | 49152 - 49216(2) | Live migration for virtual machines on KVM systems. One port must be opened for each migration run simultaneously. For example, if you will only migrate one virtual machine at a time, only 49152 must be opened. If you will run up to five migrations at a time, 49152 - 49156 must be opened. | TCP |
Outbound | 5000 | keystone | TCP (HTTPS) |
Outbound | 5671 | rabbitmq | TCP (AMQPS) |
Inbound | 5901(2) | Remote console on KVM systems | TCP |
Outbound | 8080 | swift | TCP (HTTPS) |
Outbound / Inbound | 8472 | SDN overlays | UDP and TCP |
Outbound | 8774 | nova | TCP (HTTPS) |
Outbound | 9000 | cinder | TCP (HTTPS) |
Outbound | 9292 | glance | TCP (HTTPS) |
Outbound | 9696 | neutron | TCP (HTTPS) |
2: New in version 1.4.4. |
Ports used on SDN network nodes
Traffic direction | Port | Usage | Protocol |
---|---|---|---|
Inbound | Allow ICMP | ping | ICMP |
Inbound | 22 | Secure shell | TCP (SSH) |
Inbound | 4789 | Software-defined networking (SDN) overlays | UDP |
Outbound | 5000 | keystone | TCP (HTTPS) |
Outbound | 5671 | rabbitmq | TCP (AMQPS) |
Outbound / Inbound | 8472 | SDN overlays | UDP and TCP |
Outbound | 9696 | neutron | TCP (HTTPS) |