Security Group for OpenStack (V Series 2)

A security group defines the virtual firewall rules for your instance to control inbound and outbound traffic. When you launch GigaVUE‑FM, GigaVUE V Series Proxies, GigaVUE V Series nodes, and G-vTAP Controllers in your project, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.

The Security Group Rules table lists the rules and port numbers for each component.

Direction

Ether Type

Protocol

Port

CIDR

Purpose

GigaVUE‑FM

Inbound

HTTPS

TCP

443

Any IP address

Allows users to connect to the GigaVUE‑FM GUI.

Inbound

IPv4

UDP

53

Any IP address

Allows GigaVUE‑FM to communicate with standard DNS server

Inbound

Custom TCP Rule

TCP

5671

V Series 2 Node IP

Allows GigaVUE V Series 2 Nodes to send traffic health updates to GigaVUE‑FM

Allows Next Generation G-vTAP Agents to send statistics to GigaVUE-FM.

Outbound (optional)

Custom TCP Rule

TCP

8890

V Series Proxy IP

Allows GigaVUE‑FM to communicate with V Series Proxy

Outbound

Custom TCP Rule

TCP

8889

V Series 2 Node IP

Allows GigaVUE‑FM to communicate with V Series node

G-vTAP Controller

Inbound

Custom TCP Rule

TCP

9900

Custom

GigaVUE-FM IP

Allows GigaVUE-FM to communicate with G-vTAP Controllers

 

 

 

Inbound

(This is the port used for Third Party Orchestration)

Custom TCP Rule

TCP(6)

8891

G-vTAP Agent or Subnet IP

Allows G-vTAP Controller to communicate the registration requests from G-vTAP Agent.

Outbound

(This is the port used for Third Party Orchestration)

Custom TCP Rule

TCP(6)

443

GigaVUE‑FM IP

Allows G-vTAP Controller to communicate the registration requests to GigaVUE-FM

Outbound

Custom TCP Rule

TCP

5671

GigaVUE-FM IP

Allows G-vTAP Controller to send traffic health updates to GigaVUE-FM.

G-vTAP Agent

Inbound

Custom TCP Rule

TCP

9901

Custom

G-vTAP Controller IP

Allows G-vTAP Controllers to communicate with G-vTAP Agents

Outbound

(This is the port used for Third Party Orchestration)

Custom TCP Rule

TCP(6)

8891

G-vTAP Agent or Subnet IP

Allows G-vTAP Agent to communicate with G-vTAP Controller for registration and Heartbeat

G-vTAP OVS Controller

Inbound

Custom TCP Rule

TCP

9900

Custom

GigaVUE-FM IP

Allows GigaVUE-FM to communicate with G-vTAP OVS Controllers

 

 

 

G-vTAP OVS Agent

Inbound

Custom TCP Rule

TCP

9901

Custom

G-vTAP OVS Controller IP

Allows G-vTAP OVS Controllers to communicate with G-vTAP OVS Agents

GigaVUE V Series Proxy

Inbound

IPv4

TCP

8890

GigaVUE‑FM IP address

Allows GigaVUE‑FM  to communicate with GigaVUE  V Series Proxys.

Outbound

Custom TCP Rule

TCP

8889

V Series 2 node IP

Allows V Series Proxy to communicate with V Series node

GigaVUE V Series 2 Node

Inbound

Custom TCP Rule

TCP(6)

8889

GigaVUE V Series Proxy IP address

Allows GigaVUE V Series Proxys to communicate with GigaVUE V Series nodes

Outbound

IPv4

TCP

8890

GigaVUE‑FM IP address

Allows GigaVUE V Series Node to communicate with GigaVUE V Series Proxy

Outbound

Custom UDP Rule

UDP

VXLAN (default 4789)
L2GRE (IP 47)

Tool IP

Allows V Series node to communicate and tunnel traffic to the Tool

Outbound

Custom TCP Rule

TCP

5671

GigaVUE-FM IP

Allows GigaVUE V Series Node to send traffic health updates to GigaVUE‑FM

Note:  The Security Group Rules table lists only the ingress rules. Make sure the egress ports are open for communication. Along with the ports listed in the Security Group Rules table, make sure the suitable ports required to communicate with Service Endpoints such as Identity, Compute, and Cloud Metadata are also open.