Security Group
A security group defines the virtual firewall rules for your instance to control inbound and outbound traffic. When you launch GigaVUE‑FM, GigaVUE V Series Controllers, GigaVUE V Series nodes, and G-vTAP Containers in your project, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.
It is recommended to create a separate security group for each component using the rules and port numbers listed in Table 1: Security Group Rules.
Direction |
Protocol |
Port |
CIDR |
Purpose |
|
GigaVUE‑FM |
|||||
Inbound |
HTTPS |
TCP |
443 |
Any IP address |
Allows G-vTAP Container Managers, GigaVUE V Series Controllers, and GigaVUE‑FM administrators to communicate with GigaVUE‑FM. |
Inbound |
IPv4 |
UDP |
68 |
Any IP address |
Allows GigaVUE‑FM to communicate with DHCP server for assigning IP addresses and other related configuration information such as the subnet mask and default gateway. |
Inbound |
IPv4 |
UDP |
53 |
Any IP address |
Allows GigaVUE‑FM to communicate with DNS server for resolving the host name of the cloud controller for Kubernetes. |
GigaVUE V Series Controller |
|||||
Inbound |
IPv4 |
TCP |
9902 |
GigaVUE‑FM IP address |
Allows GigaVUE‑FM to communicate with GigaVUE V Series Controllers. |
GigaVUE V Series node |
|||||
Inbound |
Custom TCP Rule |
TCP(6) |
9903 |
GigaVUE V Series Controller IP address |
Allows GigaVUE V Series Controllers to communicate with GigaVUE V Series nodes. |
GRE Traffic |
|||||
Inbound |
Custom Protocol Rule |
GRE (47) |
All |
Any IP address |
Allows monitored traffic from GigaVUE V Series nodes to be sent to the monitoring tools using the L2 GRE tunnel. |
VXLAN Traffic |
|||||
Inbound |
Custom UDP Rule |
VXLAN |
4789 |
Any IP address |
Allows mirrored traffic from G-vTAP Containers to be sent to GigaVUE V Series nodes using the VXLAN tunnel. Allows monitored traffic from GigaVUE V Series nodes to be sent to the monitoring tools using the VXLAN tunnel. |
Note:
- Table 1: Security Group Ruleslists only the ingress rules. Make sure the egress ports are open for communication.
- Along with the ports listed in Table 1: Security Group Rules, make sure the suitable ports required to communicate with Service Endpoints such as Identity, Compute, and Cloud Metadata are also open.
For information about creating security groups refer to the website of the corresponding cloud platform.