Network ports
Ports that will be opened on cluster nodes depend on services that will run on the node and traffic types associated with them. Before enabling a specific service on a cluster node, you need to assign the respective traffic type to a network this node is connected to. Assigning a traffic type to a network configures a firewall on nodes connected to this network, opens specific ports on node network interfaces, and sets the necessary iptables rules.
The table below lists all the required ports and services associated with them:
| Service | Traffic type | Port | Description |
|---|---|---|---|
| Web control panel | Admin panel1 | TCP 8888 | External access to the admin panel. |
| Self-service panel | TCP 8800 | External access to the self-service panel. | |
| Management | Internal management | any available port | Internal cluster management and transfers of node monitoring data to the admin panel. |
| Metadata service | Storage | any available port | Internal communication between MDS services, as well as with chunks services and clients. |
| Chunk service | any available port | Internal communication with MDS services and clients. | |
| Client | any available port | Internal communication with MDS and chunk services. | |
| Backup Gateway | ABGW public | TCP 44445 | External data exchange with Acronis Backup agents and Acronis Cyber Backup Cloud. |
| ABGW private | any available port | Internal management of and data exchange between multiple Backup Gateway services. | |
| iSCSI | iSCSI | TCP 3260 | External data exchange with the iSCSI access point. |
| S3 | S3 public | TCP 80, 443 | External data exchange with the S3 access point. |
| OSTOR private | any available port | Internal data exchange between multiple S3 services. | |
| NFS | NFS | TCP/UDP 111, 892, 2049 | External data exchange with the NFS access point. |
| OSTOR private | any available port | Internal data exchange between multiple NFS services. | |
| Compute | Compute API2 | External access to standard OpenStack API endpoints: | |
| TCP 5000 | Identity API v3 | ||
| TCP 6080 | noVNC Websocket Proxy | ||
| TCP 8004 | Orchestration Service API v1 | ||
| TCP 8041 | Gnocchi API (billing metering service) | ||
| TCP 8774 | Compute API | ||
| TCP 8776 | Block Storage API v3 | ||
| TCP 8780 | Placement API | ||
| TCP 9292 | Image Service API v2 | ||
| TCP 9313 | Key Manager API v1 | ||
| TCP 9513 | Container Infrastructure Management API (Kubernetes service) | ||
| TCP 9696 | Networking API v2 | ||
| TCP 9888 | Octavia API v2 (load balancer service) | ||
| VM private | UDP 4789 | Network traffic between VMs in compute virtual networks. | |
| TCP 5900-5999 | VNC console traffic. | ||
| VM backups | TCP 49300-65535 | External access to NBD endpoints. | |
| SSH | SSH | TCP 22 | Remote access to nodes via SSH. |
| SNMP | SNMP3 | UDP 161 | External access to storage cluster monitoring statistics via the SNMP protocol. |
See also