Security Group for OpenStack

A security group defines the virtual firewall rules for your instance to control inbound and outbound traffic. When you launch GigaVUE‑FM, GigaVUE V Series Proxies, GigaVUE V Series Nodes, and UCT-V Controllers in your project, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.

The Security Group Rules table lists the rules and port numbers for each component.

Direction

Ether Type

Protocol

Port

CIDR

Purpose

GigaVUE‑FM

Inbound

HTTPS

TCP

443

Any IP address

Allows users to connect to the GigaVUE‑FM GUI.

Inbound

IPv4

UDP

53

Any IP address

Allows GigaVUE‑FM to communicate with standard DNS server

Inbound

Custom TCP Rule

TCP

5671

GigaVUE V Series Node IP

Allows GigaVUE V Series Nodes to send traffic health updates to GigaVUE‑FM

Allows Next Generation UCT-V to send statistics to GigaVUE-FM.

Outbound (optional)

Custom TCP Rule

TCP

8890

V Series Proxy IP

Allows GigaVUE‑FM to communicate with V Series Proxy

Outbound

Custom TCP Rule

TCP

8889

GigaVUE V Series Node IP

Allows GigaVUE‑FM to communicate with V Series node

UCT-V Controller

Inbound

Custom TCP Rule

TCP

9900

Custom

GigaVUE-FM IP

Allows GigaVUE-FM to communicate with UCT-V Controllers

 

 

 

Inbound

(This is the port used for Third Party Orchestration)

Custom TCP Rule

TCP(6)

8891

UCT-V or Subnet IP

Allows UCT-V Controller to communicate the registration requests from UCT-V and forward the same to GigaVUE-FM.

Outbound

(This is the port used for Third Party Orchestration)

Custom TCP Rule

TCP(6)

443

GigaVUE‑FM IP

Allows UCT-V Controller to communicate the registration requests to GigaVUE-FM

Outbound

Custom TCP Rule

TCP

5671

GigaVUE-FM IP

Allows UCT-V Controller to send traffic health updates to GigaVUE‑FM

UCT-V

Inbound

Custom TCP Rule

TCP

9901

Custom

UCT-V Controller IP

Allows UCT-V Controllers to communicate with UCT-Vs

Outbound

(This is the port used for Third Party Orchestration)

Custom TCP Rule

TCP(6)

8891

UCT-V or Subnet IP

Allows UCT-V to communicate with UCT-V Controller for registration and Heartbeat

Outbound

Custom TCP Rule

TCP

11443

UCT-V subnet

Allows UCT-V to securely transfer the traffic to GigaVUE V Series Node

UCT-V OVS Controller

Inbound

Custom TCP Rule

TCP

9900

Custom

GigaVUE-FM IP

Allows GigaVUE-FM to communicate with UCT-V OVS Controllers

 

 

 

UCT-V OVS Agent

Inbound

Custom TCP Rule

TCP

9901

Custom

UCT-V OVS Controller IP

Allows UCT-V OVS Controllers to communicate with UCT-V OVS Agents

GigaVUE V Series Proxy

Inbound

IPv4

TCP

8890

GigaVUE‑FM IP address

Allows GigaVUE‑FM  to communicate with GigaVUE  V Series Proxys.

Outbound

Custom TCP Rule

TCP

8889

GigaVUE V Series Node IP

Allows V Series Proxy to communicate with GigaVUE V Series Nodes

GigaVUE V Series Node

Inbound

Custom TCP Rule

TCP(6)

8889

GigaVUE V Series Proxy IP address

Allows GigaVUE V Series Proxys to communicate with GigaVUE V Series nodes

Outbound

IPv4

TCP

8890

GigaVUE‑FM IP address

Allows GigaVUE V Series Node to communicate with GigaVUE V Series Proxy

Outbound

Custom UDP Rule

UDP

VXLAN (default 4789)
L2GRE (IP 47)

Tool IP

Allows V Series node to communicate and tunnel traffic to the Tool

Outbound

Custom TCP Rule

TCP

5671

GigaVUE-FM IP

Allows GigaVUE V Series Node to send traffic health updates to GigaVUE‑FM

Bi-directional

Custom TCP Rule

TCP

11443

GigaVUE V Series Node subnet

Allows to securely transfer the traffic in between GigaVUE V Series Nodes.

Note:  The Security Group Rules table lists only the ingress rules. Make sure the egress ports are open for communication. Along with the ports listed in the Security Group Rules table, make sure the suitable ports required to communicate with Service Endpoints such as Identity, Compute, and Cloud Metadata are also open.