[Db2] Db2 server TCP/IP port numbers

Answer

1. TCP/IP service port (SVCENAME)
   Database application uses this port when it connects to the database server.
   If on Db2 Version 11.5.5 and older, the default port number is 50000.
   If on Db2 Version 11.5.6 and newer, the default port number is 25000 so that not to use ephemeral port range.
   The port number can be changed with the database manager configuration parameter SVCENAME.
   The default service port can be changed with the response file keyword PORT_NUMBER

   For example:

   DB2_INST.PORT_NUMBER = <new port>

   For more information on changing the default service port, refer to Response file keywords.
   The following steps can be used to verify:
   • Verify service name

     db2 get dbm cfg | findstr "SVCENAME" (Windows)
     db2 get dbm cfg | grep "SVCENAME (UNIX/Linux)
     
     TCP/IP Service name (SVCENAME) = db2c_DB2

     -> SVCENAME is set to db2c_DB2
   • Verify port from the operating system services file

     findstr "db2c_DB2" %systemroot%\system32\drivers\etc\services (Windows)
     grep "db2c_DB2" /etc/services (UNIX/Linux)

     (if on Db2 11.5.5 or older)

     db2c_DB2 50000/tcp

     -> db2c_DB2 is set to 50000 in the services file.
     (if on Db2 11.5.6 or newer)

     db2c_DB2 25000/tcp

     -> db2c_DB2 is set to 25000 in the services file.
   • Verify the port's state with the netstat command

     netstat -ao | findstr "db2c_DB2" (Windows)
     TCP DB2HOST1:db2c_DB2 DB2HOST1:0 LISTENING 1380

     netstat -o | grep "db2c_DB2" (UNIX/Linux)
     tcp4 0 0 *.db2c_DB2 *.* LISTEN
2. SSL service port (SSL_SVCENAME)
   The database application uses this port when it connects to the database server over SSL/TLS.
   There is no default.
   You can define this port with the database manager configuration parameter SSL_SVCENAME.
   If you use TCP/IP as well, the port specified by SSL_SVCENAME must not be the same as SVCENAME.
   If you set this port the same as SVCENAME, you cannot use both of them.
3. Fast Communications Manager (FCM) port
   FCM is used for inter-partition communication when you're using the Database Partitioning Feature (DPF).
   The default for an Enterprise Server Edition (ESE) instance is the following six ports (four ports in V10.1 or earlier)
   It is necessary to set as following per instance.
   The default FCM port can be changed with the response file keyword FCM_PORT_NUMBER.

   For example:
   DB2_INST.FCM_PORT_NUMBER = <new port>

   For more information on changing the default FCM port, refer to Response file keywords.

   For Db2 Version 11.5.5 or older, the ports used are 60000 and higher. For example, ports 60006 - 60011 would be used if you create a second instance.

      DB2_<instance> 60000/tcp
      DB2_<instance>_1 60001/tcp
      DB2_<instance>_2 60002/tcp
      DB2_<instance>_3 60003/tcp
      DB2_<instance>_4 60004/tcp
      DB2_<instance>_END 60005/tcp

   For Db2 Version 11.5.6 or newer, the ports used are 20000 and higher. For example, ports 20006 - 20011 would be used if you create a second instance. This change has been done so that Db2 does not use ephemeral port range.

      DB2_<instance> 20000/tcp
      DB2_<instance>_1 20001/tcp
      DB2_<instance>_2 20002/tcp
      DB2_<instance>_3 20003/tcp
      DB2_<instance>_4 20004/tcp
      DB2_<instance>_END 20005/tcp

   When you're using DPF, you need to set these ports the same number as the maximum number of logical partitions per server. This port can also set and changed by the user as needed. 
4. High Availability Disaster Recovery (HADR) port (V8.2 and later)
   Primary EDU and standby EDU in a HADR setup uses this port for communication.
   When you're using HADR, a port is required for each database with HADR activated.
   This port is defined by the HADR_LOCAL_SVC parameter in the database configuration.
   The current setting can be checked by the following command:

   db2 get db cfg for <database name> | grep HADR_LOCAL_SVC
5. Port for RSCT (Creating cluster configuration with TSAMP)
   When a cluster configuration with TSA is created, all firewalls need to allow the following port numbers to listen for ICMP pings and IP traffic between cluster nodes:
   The port number of cthats and cthags can be changed by using cthactrl command.
   
   12347/udp for the RSCT cthats subsystem.
   12348/udp for the RSCT cthags subsystem.
   657/udp for the RSCT rmc subsystem.
   657/tcp for the RSCT rmc subsystem.
    
6. Port for Pacemaker (Creating cluster configuration with Pacemaker, V11.5.5.0 and later)
   When a cluster configuration with Pacemaker is created, all firewalls need to allow the following port numbers to listen for ICMP pings and IP traffic between cluster nodes:

   crmd            3121/tcp
   corosync-qnetd  54032/tcp
   corosync        5404 - 5405/udp
7. Ports for Spectrum Scale (GPFS)
   When a cluster configuration with pureScale is created, all firewalls need to allow the following port numbers to listen for ICMP pings and IP traffic between cluster nodes:

   mmfsd (mmfsd64)  1191/tcp
   mmsdrserv        1191/tcp
8. Port for IBM Secure Shell Server For Windows
   IBM Secure Shell Server For Windows is installed to provide ssh server functionality on Windows.
   Port 22 is used by default, and can be changed by setting in the sshd_config file:

   findstr "Port " "%ALLUSERSPROFILE%\Application Data\IBM\ibmssh\etc\ssh\sshd_config"
   #Port 22
9. Port for Db2 Administration Server (DAS) service
   Used by DAS to communicate with Control Center.
   This fixed port value 523 cannot be changed.
10. Port for IBM Tivoli Monitoring for Databases: Db2 Agent (ITMA) (Only V9.5 and V9.7)
    Used by ITMA to communicate with Data Studio Admin Console.
    Uses port 1920 by default.
11. Port for Db2 Java Daemon (Only used by JDBC Type3 connectivity, V8 only)
    The Java daemon for JDBC Type3 connectivity listens port 6789 by default.
    The default can be changed by DB2JD_PORT_NUMBER registry variable, and also can be changed by the argument of the db2jstrt command.