Security Group for OpenStack
A security group defines the virtual firewall rules for your instance to control inbound and outbound traffic. When you launch GigaVUE‑FM, GigaVUE V Series Proxies, GigaVUE V Series Nodes, and UCT-V Controllers in your project, you add rules that control the inbound traffic to instances, and a separate set of rules that control the outbound traffic.
The Security Group Rules table lists the rules and port numbers for each component.
Note: When using dual stack network, the below mentioned ports must be opened for both IPv4 and IPv6.
Direction |
Ether Type |
Protocol |
Port |
CIDR |
Purpose |
||||||
GigaVUE‑FM |
|||||||||||
Inbound |
HTTPS |
TCP |
443 |
Any IP address |
Allows users to connect to the GigaVUE‑FM GUI. |
||||||
Inbound |
IPv4 |
UDP |
53 |
Any IP address |
Allows GigaVUE‑FM to communicate with standard DNS server |
||||||
Inbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE V Series Node IP |
Allows GigaVUE V Series Nodes to send traffic health updates to GigaVUE‑FM Allows Next Generation UCT-V to send statistics to GigaVUE-FM. |
||||||
Outbound (optional) |
Custom TCP Rule |
TCP |
8890 |
V Series Proxy IP |
Allows GigaVUE‑FM to communicate with V Series Proxy |
||||||
Outbound |
Custom TCP Rule |
TCP |
8889 |
GigaVUE V Series Node IP |
Allows GigaVUE‑FM to communicate with V Series node |
||||||
UCT-V Controller | |||||||||||
Inbound |
Custom TCP Rule |
TCP |
9900 |
Custom GigaVUE-FM IP |
Allows GigaVUE-FM to communicate with UCT-V Controllers
|
||||||
Inbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
8891 |
UCT-V or Subnet IP |
Allows UCT-V Controller to communicate the registration requests from UCT-V and forward the same to GigaVUE-FM. |
||||||
Outbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
443 |
GigaVUE‑FM IP |
Allows UCT-V Controller to communicate the registration requests to GigaVUE-FM |
||||||
Outbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE-FM IP |
Allows UCT-V Controller to send traffic health updates to GigaVUE‑FM |
||||||
UCT-V | |||||||||||
Inbound |
Custom TCP Rule |
TCP |
9901 |
Custom UCT-V Controller IP |
Allows UCT-V Controllers to communicate with UCT-Vs |
||||||
Outbound (This is the port used for Third Party Orchestration) |
Custom TCP Rule |
TCP(6) |
8891 |
UCT-V or Subnet IP |
Allows UCT-V to communicate with UCT-V Controller for registration and Heartbeat |
||||||
Outbound |
Custom TCP Rule |
TCP |
11443 |
UCT-V subnet |
Allows UCT-V to securely transfer the traffic to GigaVUE V Series Node |
||||||
UCT-V OVS Controller | |||||||||||
Inbound |
Custom TCP Rule |
TCP |
9900 |
Custom GigaVUE-FM IP |
Allows GigaVUE-FM to communicate with UCT-V OVS Controllers
|
||||||
UCT-V OVS Agent | |||||||||||
Inbound |
Custom TCP Rule |
TCP |
9901 |
Custom UCT-V OVS Controller IP |
Allows UCT-V OVS Controllers to communicate with UCT-V OVS Agents |
||||||
GigaVUE V Series Proxy |
|||||||||||
Inbound |
IPv4 |
TCP |
8890 |
GigaVUE‑FM IP address |
Allows GigaVUE‑FM to communicate with GigaVUE V Series Proxys. |
||||||
Outbound |
Custom TCP Rule |
TCP |
8889 |
GigaVUE V Series Node IP |
Allows V Series Proxy to communicate with GigaVUE V Series Nodes |
||||||
GigaVUE V Series Node |
|||||||||||
Inbound |
Custom TCP Rule |
TCP(6) |
8889 |
GigaVUE V Series Proxy IP address |
Allows GigaVUE V Series Proxys to communicate with GigaVUE V Series nodes |
||||||
Outbound |
IPv4 |
TCP |
8890 |
GigaVUE‑FM IP address |
Allows GigaVUE V Series Node to communicate with GigaVUE V Series Proxy |
||||||
Outbound |
Custom UDP Rule |
UDP |
|
Tool IP |
Allows V Series node to communicate and tunnel traffic to the Tool |
||||||
Outbound |
Custom TCP Rule |
TCP |
5671 |
GigaVUE-FM IP |
Allows GigaVUE V Series Node to send traffic health updates to GigaVUE‑FM |
||||||
Bi-directional |
Custom TCP Rule |
TCP |
11443 |
GigaVUE V Series Node subnet |
Allows to securely transfer the traffic in between GigaVUE V Series Nodes. |
Note: The Security Group Rules table lists only the ingress rules. Make sure the egress ports are open for communication. Along with the ports listed in the Security Group Rules table, make sure the suitable ports required to communicate with Service Endpoints such as Identity, Compute, and Cloud Metadata are also open.