Security Group
A security group defines the virtual firewall rules for your instance to control inbound and outbound traffic. When you launch GigaVUE‑FM, GigaVUE V Series Proxys, GigaVUE V Series nodes, and G-vTAP Controllers in your project, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.
The Security Group Rules table lists the rules and port numbers for each component.
Security Group for V Series 2 Node
|
Direction |
EtherType |
Protocol |
Port |
CIDR |
Purpose |
||||||
|
GigaVUE‑FM |
|||||||||||
|
Inbound |
HTTPS |
TCP |
443 |
Any IP address |
Allows users to connect to the GigaVUE‑FM GUI. |
||||||
|
Inbound |
IPv4 |
UDP |
53 |
Any IP address |
Allows GigaVUE‑FM to communicate with standard DNS server |
||||||
|
Outbound (optional) |
Custom TCP Rule |
TCP |
8890 |
V Series Proxy IP |
Allows GigaVUE‑FM to communicate with V Series Proxy |
||||||
|
Outbound |
Custom TCP Rule |
TCP |
8889 |
V Series 2 Node IP |
Allows GigaVUE‑FM to communicate with V Series node |
||||||
| G-vTAP Controller | |||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
9900 |
Custom GigaVUE-FM IP |
Allows GigaVUE-FM to communicate with G-vTAP Controllers
|
||||||
| G-vTAP Agent | |||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
9901 |
Custom G-vTAP Controller IP |
Allows G-vTAP Controllers to communicate with G-vTAP Agents |
||||||
| G-vTAP OVS Controller | |||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
9900 |
Custom GigaVUE-FM IP |
Allows GigaVUE-FM to communicate with G-vTAP OVS Controllers
|
||||||
| G-vTAP OVS Agent | |||||||||||
|
Inbound |
Custom TCP Rule |
TCP |
9901 |
Custom G-vTAP OVS Controller IP |
Allows G-vTAP OVS Controllers to communicate with G-vTAP OVS Agents |
||||||
|
V Series Proxy |
|||||||||||
|
Inbound |
IPv4 |
TCP |
8890 |
GigaVUE‑FM IP address |
Allows GigaVUE‑FM to communicate with GigaVUE V Series Proxys. |
||||||
|
Outbound |
Custom TCP Rule |
TCP |
8889 |
V Series 2 node IP |
Allows V Series Proxy to communicate with V Series node |
||||||
|
V Series 2 Node |
|||||||||||
|
Inbound |
Custom TCP Rule |
TCP(6) |
8889 |
GigaVUE V Series Proxy IP address |
Allows GigaVUE V Series Proxys to communicate with GigaVUE V Series nodes |
||||||
|
Outbound |
IPv4 |
TCP |
8890 |
GigaVUE‑FM IP address |
Allows GigaVUE V Series Node to communicate with GigaVUE V Series Proxy |
||||||
|
Outbound |
Custom UDP Rule |
UDP |
|
Tool IP |
Allows V Series node to communicate and tunnel traffic to the Tool |
||||||
Note: The Security Group Rules table lists only the ingress rules. Make sure the egress ports are open for communication. Along with the ports listed in the Security Group Rules table, make sure the suitable ports required to communicate with Service Endpoints such as Identity, Compute, and Cloud Metadata are also open.
Security Group for V Series 1 Node
|
Direction |
EtherType |
Protocol |
Port |
CIDR |
Purpose |
|
GigaVUE‑FM |
|||||
|
Inbound |
HTTPS |
TCP |
443 |
Any IP address |
Allows users to connect to the GigaVUE‑FM GUI. |
|
Inbound |
IPv4 |
UDP |
67 and 68 |
Any IP address |
Allows GigaVUE‑FM to communicate with DHCP server for assigning IP addresses and other related configuration information such as the subnet mask and default gateway |
|
Inbound |
IPv4 |
UDP |
53 |
Any IP address |
Allows GigaVUE‑FM to communicate with standard DNS server |
|
G-vTAP Controller |
|||||
|
Inbound |
IPv4 |
TCP |
9900 |
GigaVUE‑FM IP address |
Allows GigaVUE‑FM to communicate with G-vTAP Controllers |
|
G-vTAP Agent |
|||||
|
Inbound |
IPv4 |
TCP |
9901 |
G-vTAP Controller IP address |
Allows G-vTAP Controllers to communicate with G-vTAP Agents |
|
V Series Controller |
|||||
|
Inbound |
IPv4 |
TCP |
9902 |
GigaVUE‑FM IP address |
Allows GigaVUE‑FM to communicate with GigaVUE V Series Controllers. |
|
V Series 1 Node |
|||||
|
Inbound |
Custom TCP Rule |
TCP(6) |
9903 |
GigaVUE V Series Proxy IP address |
Allows GigaVUE V Series Proxys to communicate with GigaVUE V Series nodes |
|
GRE Traffic |
|||||
|
Inbound |
Custom Protocol Rule |
GRE (47) |
47 |
Any IP address |
Allows mirrored traffic from G-vTAP Agents to be sent to GigaVUE V Series nodes using the L2 GRE or VXLAN tunnel |
|
Outbound |
Custom Protocol Rule |
GRE (47) |
47 |
Any IP address |
Allows monitored traffic from GigaVUE V Series nodes to be sent to the monitoring tools using the L2 GRE or VXLAN tunnel |
|
VXLAN Traffic |
|||||
|
Inbound |
Custom UDPRule |
UDP |
4789 |
Any IP address |
Allows mirrored traffic from G-vTAP Agents to be sent to GigaVUE V Series nodes using the VXLAN tunnel |
|
Outbound |
Custom UDPRule |
UDP |
4789 |
Any IP address |
Allows monitored traffic from GigaVUE V Series nodes to be sent to the monitoring tools using the VXLAN tunnel |
