Networking and firewall rules

Chris Nelson -

Networking

By default, 10.123.0.0/16 is used by our controller to communicate with other Swift nodes in the cluster via VPN. Please make sure that no other servers are running on that network. If your network infrastructure is running on 10.123.0.0/16 already, please contact support for assistance on changing the default VPN network to something else. 

SwiftStack Controller - Swift Cluster Firewall Rules

Please open the following ports in your firewall to allow SwiftStack Controller to communicate with the Swift cluster correctly:

  • 443/TCP - HTTPS, SSMAN, OS Updates
  • 1194/UDP - OpenVPN (tun0), SSMAN
  • 6050/TCP - SwiftStack ZMQ
  • 9914/TCP - SwiftStack ZMQ
  • 9915/TCP - SwiftStack ZMQ
  • 123/UDP - NTP

Intra-cluster Firewall Setup

  • 112/TCP - keepalive
  • 123/UDP - NTP
  • 873/TCP - Rsync
  • 6000:6005/TCP - Swift
  • 11211/TCP - Memcached

Remote Access Setup

In events that SwiftStack Support representatives need remote access to your Swift nodes for troubleshooting purposes, please create firewall rules from the following IP addresses:

  • 38.140.31.130
  • 50.1.126.96
  • 166.78.4.217

In most cases you, or your security team, will need to configure firewall rules on a perimeter firewall and/or on the server(s) you will provide SwiftStack access to. If you do not use port 22 for SSH, please let SwiftStack Support know what port to use. 

Have more questions? Submit a request

Comments

Powered by Zendesk