Network Requirements
This document details the required network ports and firewall rules to ensure reliable communication both within the CubeCOS cluster and between CubeCOS and external services.
All of the port tables provided below are essential. Incomplete or incorrect network configuration may result in cluster instability or service disruptions.
Required ports for CubeCOS node services​
The following ports must be open to ensure proper communication between CubeCOS components and external systems.
Source | Destination | Protocol | Port | Description |
---|---|---|---|---|
CubeCOS MGNT VIP and Node IPs | SMTP(S) Server | SMTP/SMTPS | 25/587 | Email service for alerts and triggers |
CubeCOS MGNT VIP and Node IPs | DNS Server | TCP/UDP | 53 | Communication to DNS server |
CubeCOS MGNT VIP and Node IPs | Service Updates | TCP | 80/ 443 | Web based service update |
CubeCOS MGNT VIP and Node IPs | NTP Service | UDP | 123 | Time sync to internal or external NTP server |
CubeCOS MGNT VIP and Node IPs | Rsyslog | TCP/UDP | 514 | Syslog serverr for logging and monitoring |
CubeCOS MGNT VIP and Node IPs | Nvidia License Server | TCP | 7070 | Nvidia license server when using vGPUs with GRID licenses |
CubeCOS MGNT VIP and Node IPs | Active Directory/ LDAP | LDAP/LDAPS | 389/636 | Active Directory/ LDAP server for user single sign on authentication |
Required ports for remote management​
To remotely manage CubeCOS across different subnets or through firewalls, ensure the following ports are open to allow essential management operations and service communication.
Do not expose the CubeCOS Management VIP or individual host IP addresses to public WAN networks. All management traffic should remain within trusted, internal networks or accessed via secure VPN tunnels.
Source | Destination | Protocol | Port | Description |
---|---|---|---|---|
Operator Client (Computer) | CubeCOS MGNT VIP and Node IPs | TCP | 22 | Platform management with SSH |
Operator Client (Computer) | CubeCOS MGNT VIP and Node IPs | TCP | 443 | CubeCOS web management interface |
Operator Client (Computer) | CubeCOS MGNT VIP and Node IPs | TCP | 5000 | OpenStack service API access |
Operator Client (Computer) | CubeCOS MGNT VIP and Node IPs | TCP | 5443 | SAML authentication service |
Operator Client (Computer) | CubeCOS MGNT VIP and Node IPs | TCP | 6080 | Instance virtual console access |
Operator Client (Computer) | CubeCOS MGNT VIP and Node IPs | TCP | 7443 | Storage management services |
Operator Client (Computer) | CubeCOS MGNT VIP and Node IPs | TCP | 9999 | Infrastructure management interface |
Operator Client (Computer) | CubeCOS MGNT VIP and Node IPs | TCP | 10443 | Kubernetes and account services |
Required ports for instances (virtual machines)​
This is a non-exhaustive list of network ports required for your instances to function correctly. This section of firewall requirement applies to network configuration of the instance subnet, VLAN, or network. Instance networking and ports are controlled by Security Groups within CubeCOS.
Source | Destination | Protocol | Port | Description |
---|---|---|---|---|
Instance Network | DHCP Server | TCP | 67 | DHCP for IP acquisition |
DNS Server | TCP/UDP | 53 | DNS service |
Requried ports for Kubernets and AppFramework Services​
Source | Destination | Protocol | Port | Description |
---|---|---|---|---|
Kubernetes Worker VM | CubeCOS MGNT VIP and Node IPs | TCP | 2379 | Etcd plane nodes communication |
Kubernetes Worker VM | CubeCOS MGNT VIP and Node IPs | TCP | 5000 | OpenStack service API |
Kubernetes Worker VM | CubeCOS MGNT VIP and Node IPs | TCP | 6443 | Control plane nodes communication |
Kubernetes Worker VM | CubeCOS MGNT VIP and Node IPs | TCP | 8774 | Compute service tarffic |
Kubernetes Worker VM | CubeCOS MGNT VIP and Node IPs | TCP | 8776 | Storage service traffic |
Kubernetes Worker VM | CubeCOS MGNT VIP and Node IPs | TCP | 10443 | Container orchestration service traffic |
Kubernetes Worker VM | CubeCOS MGNT VIP and Node IPs | TCP | 8777 (Clustering)/ 8778 (Placement) | Cluster coordination and service ports |
Kubernetes Worker VM | CubeCOS MGNT VIP and Node IPs | TCP | 8888(Swift/S3)/ 8786(Manila) | File and object storage services |
Kubernetes Worker VM | CubeCOS MGNT VIP and Node IPs | TCP | 9876 | Load balance API service |
Kubernetes Worker VM | CubeCOS MGNT VIP and Node IPs | TCP | 8003/ 8005 | Storage manager service |
Kubernetes Worker VM | CubeCOS MGNT VIP and Node IPs | TCP | 5010/ 9287 | Vulnerable services |
Kubernetes Nodes | Metadata server | TCP | 80 | Metadata server communication |
Kubernetes Nodes | Any | TCP | 443 | Container component update services |
Any | Any | TCP/ UDP | 53 | DNS services |
Any | Any | UDP | 67 | DHCP services |
CubeCOS MGNT Network | Etcd Plane Nodes | TCP | 2379 | Etcd plane node communication for management |
CubeCOS MGNT Network | Control Plane Nodes | TCP | 6443 | Control plane node communication for management |