Security Group

A security group defines the virtual firewall rules for your instance to control inbound and outbound traffic. When you launch GigaVUE‑FM, GigaVUE V Series Controllers, GigaVUE V Series nodes, and G-vTAP Containers in your project, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.

It is recommended to create a separate security group for each component using the rules and port numbers listed in Table 1: Security Group Rules.

Table 1: Security Group Rules

Direction

 

Protocol

Port

CIDR

Purpose

GigaVUE‑FM

Inbound

HTTPS

TCP

443

Any IP address

Allows G-vTAP Container Managers, GigaVUE V Series Controllers, and GigaVUE‑FM administrators to communicate with GigaVUE‑FM.

Inbound

IPv4

UDP

68

Any IP address

Allows GigaVUE‑FM to communicate with DHCP server for assigning IP addresses and other related configuration information such as the subnet mask and default gateway.

Inbound

IPv4

UDP

53

Any IP address

Allows GigaVUE‑FM to communicate with DNS server for resolving the host name of the cloud controller for Kubernetes.

GigaVUE V Series Controller

Inbound

IPv4

TCP

9902

GigaVUE‑FM IP address

Allows GigaVUE‑FM  to communicate with GigaVUE V Series Controllers.

GigaVUE V Series node

Inbound

Custom TCP Rule

TCP(6)

9903

GigaVUE V Series Controller IP address

Allows GigaVUE V Series Controllers to communicate with GigaVUE V Series nodes.

GRE Traffic

Inbound

Custom Protocol Rule

GRE (47)

All

Any IP address

Allows monitored traffic from GigaVUE V Series nodes to be sent to the monitoring tools using the L2 GRE tunnel.

VXLAN Traffic

Inbound

Custom UDP Rule

VXLAN

4789

Any IP address

Allows mirrored traffic from G-vTAP Containers to be sent to GigaVUE V Series nodes using the VXLAN tunnel.

Allows monitored traffic from GigaVUE V Series nodes to be sent to the monitoring tools using the VXLAN tunnel.

Note:  

  • Table 1: Security Group Ruleslists only the ingress rules. Make sure the egress ports are open for communication.
  • Along with the ports listed in Table 1: Security Group Rules, make sure the suitable ports required to communicate with Service Endpoints such as Identity, Compute, and Cloud Metadata are also open.

For information about creating security groups refer to the website of the corresponding cloud platform.