Required Ports for Installation and Operation
The Lightbits cluster software requires access to several ports to complete its installation and operate successfully.
Required Ports for Installation
The following table lists the required ports for the Ansible installation host to communicate with the storage servers, in order to successfully install the Lightbits cluster software:
| Component | Management/Data NIC | Port (TCP) |
|---|---|---|
| Ansible operation over SSH | Management | 22 |
| Installing RPM dependencies. Note that this should be installed with yum or dnf. | Management | 443 |
The Ansible installation host at a minimum requires its SSH port to be open.
Required Internal Ports for Operation
The following table lists the default ports used by the Lightbits components. There is a need to make sure these ports are open between the servers in the cluster. It is recommended to block any traffic to these ports from outside of the cluster.
When adding a new server to the cluster, you should not only open the ports on the new server but also add the new server's IP to the allow rules in the existing servers in the cluster.
| Component | Management/Data NIC | Port (TCP) | Default location |
|---|---|---|---|
| etcd peer port | Data | 2380 | roles/etcd/defaults/main.yml |
| Duroslight port. Note: NVMe client connects to Duroslight via this port. | Data | 4420, 4421 | roles/install-lightos/defaults/main.yml |
| Discovery Service port (required for NMVe client connect) | Data | 8009 | roles/install-lightos/defaults/main.yml |
| Replicator port. Note: Other nodes connect for replication to the node via this port. | Data | 22226 22227 | roles/install-lightos/defaults/main.yml |
| Node Manager internal gRPC and Debug Port | Management | 4001 | roles/install-lightos/defaults/main.yml |
| Cluster Manager internal gRPC Port | Management | 4007 | roles/install-lightos/defaults/main.yml |
| etcd client port | Data | 2379 | roles/etcd/defaults/main.yml |
Required External Ports for NVMe Clients
The following table lists the default ports used by the Lightbits components. There is a need to make sure that these ports are open to all clients that need to access data (volumes) via NVMe/TCP.
If you are using the ipacl_explicit_allow configuration during Ansible setup, the below data ports are managed by the cluster based on the volume's ACL list.
| Component | Management/Data NIC | Port (TCP) | Default Location |
|---|---|---|---|
| Duroslight port. Note: NVMe client connects to Duroslight via this port. | Data | 4420, 4421 | roles/install-lightos/defaults/main.yml |
| Discovery Service port (required for NMVe client connect) | Data | 8009 | roles/install-lightos/defaults/main.yml |
Required External Ports for Admin Operation
The following table lists the default ports used by the Lightbits components. There is a need to make sure that these ports are open to admin servers outside of the cluster that require admin access (APIs, lbcli, monitoring, etc.).
| Component | Management/Data NIC | Port (TCP) | Default Location |
|---|---|---|---|
| SSH | Management | 22 | |
| Management CLI | Management | 443 | None |
| Exporter Port | Management | 8090 | roles/install-lightos/defaults/main.yml |
If using a Single IP Dual Numa configuration (see auto$), open the above ports and two additional ports: 4421 and 22227. Duroslight will use 4420 and the additional 4421 port. Replicator will use 22226 and the additional 22227 port.
Testing Ports
See Open TCP Ports and Verify for more information on how to open and verify ports.
Port accessibility can be tested with the open-source Nmap program.
- Install Nmap with the following command:
$ yum install -y nmap
Note: If testing port accessibility from a non-rpm/yum based operating system, the installation will differ, but the commands below should still work, as nmap installs and relies on nc (netcat).
- You must have the netcat program running in listen mode on the server you are testing with the following command:
$ nc -l -p <port>. - From another server, check the port’s accessibility with either of the following commands:
$ nc -v -z <ip> <start port>-<end port>
or
$ nc -v -u <ip> <start port>-<end port>
For additional information, see the Recommended ACL Ports and Protocols Appendix at the end of this guide.