Security Group for OpenStack (V Series 2)
A security group defines the virtual firewall rules for your instance to control inbound and outbound traffic. When you launch GigaVUE‑FM, GigaVUE V Series Proxies, GigaVUE V Series nodes, and G-vTAP Controllers in your project, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.
The Security Group Rules table lists the rules and port numbers for each component.
Direction |
Ether Type |
Protocol |
Port |
CIDR |
Purpose |
||||||
GigaVUE‑FM |
|||||||||||
Inbound |
HTTPS |
TCP |
443 |
Any IP address |
Allows users to connect to the GigaVUE‑FM GUI. |
||||||
Inbound |
IPv4 |
UDP |
53 |
Any IP address |
Allows GigaVUE‑FM to communicate with standard DNS server |
||||||
Inbound |
Custom TCP Rule |
TCP |
5671 |
V Series 2 Node IP |
Allows GigaVUE V Series 2 Nodes to send traffic health updates to GigaVUE‑FM Allows Next Generation G-vTAP Agents to send statistics to GigaVUE-FM. |
||||||
Outbound (optional) |
Custom TCP Rule |
TCP |
8890 |
V Series Proxy IP |
Allows GigaVUE‑FM to communicate with V Series Proxy |
||||||
Outbound |
Custom TCP Rule |
TCP |
8889 |
V Series 2 Node IP |
Allows GigaVUE‑FM to communicate with V Series node |
||||||
G-vTAP Controller | |||||||||||
Inbound |
Custom TCP Rule |
TCP |
9900 |
Custom GigaVUE-FM IP |
Allows GigaVUE-FM to communicate with G-vTAP Controllers
|
||||||
Inbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
8891 |
G-vTAP Agent or Subnet IP |
Allows G-vTAP Controller to communicate the registration requests from G-vTAP Agent. |
||||||
Outbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
443 |
GigaVUE‑FM IP |
Allows G-vTAP Controller to communicate the registration requests to GigaVUE-FM |
||||||
Outbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE-FM IP |
Allows G-vTAP Controller to send traffic health updates to GigaVUE-FM. |
||||||
G-vTAP Agent | |||||||||||
Inbound |
Custom TCP Rule |
TCP |
9901 |
Custom G-vTAP Controller IP |
Allows G-vTAP Controllers to communicate with G-vTAP Agents |
||||||
Outbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
8891 |
G-vTAP Agent or Subnet IP |
Allows G-vTAP Agent to communicate with G-vTAP Controller for registration and Heartbeat |
||||||
G-vTAP OVS Controller | |||||||||||
Inbound |
Custom TCP Rule |
TCP |
9900 |
Custom GigaVUE-FM IP |
Allows GigaVUE-FM to communicate with G-vTAP OVS Controllers
|
||||||
G-vTAP OVS Agent | |||||||||||
Inbound |
Custom TCP Rule |
TCP |
9901 |
Custom G-vTAP OVS Controller IP |
Allows G-vTAP OVS Controllers to communicate with G-vTAP OVS Agents |
||||||
GigaVUE V Series Proxy |
|||||||||||
Inbound |
IPv4 |
TCP |
8890 |
GigaVUE‑FM IP address |
Allows GigaVUE‑FM to communicate with GigaVUE V Series Proxys. |
||||||
Outbound |
Custom TCP Rule |
TCP |
8889 |
V Series 2 node IP |
Allows V Series Proxy to communicate with V Series node |
||||||
GigaVUE V Series 2 Node |
|||||||||||
Inbound |
Custom TCP Rule |
TCP(6) |
8889 |
GigaVUE V Series Proxy IP address |
Allows GigaVUE V Series Proxys to communicate with GigaVUE V Series nodes |
||||||
Outbound |
IPv4 |
TCP |
8890 |
GigaVUE‑FM IP address |
Allows GigaVUE V Series Node to communicate with GigaVUE V Series Proxy |
||||||
Outbound |
Custom UDP Rule |
UDP |
|
Tool IP |
Allows V Series node to communicate and tunnel traffic to the Tool |
||||||
Outbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE-FM IP |
Allows GigaVUE V Series Node to send traffic health updates to GigaVUE‑FM |
Note: The Security Group Rules table lists only the ingress rules. Make sure the egress ports are open for communication. Along with the ports listed in the Security Group Rules table, make sure the suitable ports required to communicate with Service Endpoints such as Identity, Compute, and Cloud Metadata are also open.