Skip to main content
Version: 3.0

Network Requirements

This document details the required network ports and firewall rules to ensure reliable communication both within the CubeCOS cluster and between CubeCOS and external services.

info

All of the port tables provided below are essential. Incomplete or incorrect network configuration may result in cluster instability or service disruptions.

Required ports for CubeCOS node services​

The following ports must be open to ensure proper communication between CubeCOS components and external systems.

SourceDestinationProtocolPortDescription
CubeCOS MGNT VIP and Node IPsSMTP(S) ServerSMTP/SMTPS25/587Email service for alerts and triggers
CubeCOS MGNT VIP and Node IPsDNS ServerTCP/UDP53Communication to DNS server
CubeCOS MGNT VIP and Node IPsService UpdatesTCP80/ 443Web based service update
CubeCOS MGNT VIP and Node IPsNTP ServiceUDP123Time sync to internal or external NTP server
CubeCOS MGNT VIP and Node IPsRsyslogTCP/UDP514Syslog serverr for logging and monitoring
CubeCOS MGNT VIP and Node IPsNvidia License ServerTCP7070Nvidia license server when using vGPUs with GRID licenses
CubeCOS MGNT VIP and Node IPsActive Directory/ LDAPLDAP/LDAPS389/636Active Directory/ LDAP server for user single sign on authentication

Required ports for remote management​

To remotely manage CubeCOS across different subnets or through firewalls, ensure the following ports are open to allow essential management operations and service communication.

warning

Do not expose the CubeCOS Management VIP or individual host IP addresses to public WAN networks. All management traffic should remain within trusted, internal networks or accessed via secure VPN tunnels.

SourceDestinationProtocolPortDescription
Operator Client (Computer)CubeCOS MGNT VIP and Node IPsTCP22Platform management with SSH
Operator Client (Computer)CubeCOS MGNT VIP and Node IPsTCP443CubeCOS web management interface
Operator Client (Computer)CubeCOS MGNT VIP and Node IPsTCP5000OpenStack service API access
Operator Client (Computer)CubeCOS MGNT VIP and Node IPsTCP5443SAML authentication service
Operator Client (Computer)CubeCOS MGNT VIP and Node IPsTCP6080Instance virtual console access
Operator Client (Computer)CubeCOS MGNT VIP and Node IPsTCP7443Storage management services
Operator Client (Computer)CubeCOS MGNT VIP and Node IPsTCP9999Infrastructure management interface
Operator Client (Computer)CubeCOS MGNT VIP and Node IPsTCP10443Kubernetes and account services

Required ports for instances (virtual machines)​

This is a non-exhaustive list of network ports required for your instances to function correctly. This section of firewall requirement applies to network configuration of the instance subnet, VLAN, or network. Instance networking and ports are controlled by Security Groups within CubeCOS.

SourceDestinationProtocolPortDescription
Instance NetworkDHCP ServerTCP67DHCP for IP acquisition
DNS ServerTCP/UDP53DNS service

Requried ports for Kubernets and AppFramework Services​

SourceDestinationProtocolPortDescription
Kubernetes Worker VMCubeCOS MGNT VIP and Node IPsTCP2379Etcd plane nodes communication
Kubernetes Worker VMCubeCOS MGNT VIP and Node IPsTCP5000OpenStack service API
Kubernetes Worker VMCubeCOS MGNT VIP and Node IPsTCP6443Control plane nodes communication
Kubernetes Worker VMCubeCOS MGNT VIP and Node IPsTCP8774Compute service tarffic
Kubernetes Worker VMCubeCOS MGNT VIP and Node IPsTCP8776Storage service traffic
Kubernetes Worker VMCubeCOS MGNT VIP and Node IPsTCP10443Container orchestration service traffic
Kubernetes Worker VMCubeCOS MGNT VIP and Node IPsTCP8777 (Clustering)/ 8778 (Placement)Cluster coordination and service ports
Kubernetes Worker VMCubeCOS MGNT VIP and Node IPsTCP8888(Swift/S3)/ 8786(Manila)File and object storage services
Kubernetes Worker VMCubeCOS MGNT VIP and Node IPsTCP9876Load balance API service
Kubernetes Worker VMCubeCOS MGNT VIP and Node IPsTCP8003/ 8005Storage manager service
Kubernetes Worker VMCubeCOS MGNT VIP and Node IPsTCP5010/ 9287Vulnerable services
Kubernetes NodesMetadata serverTCP80Metadata server communication
Kubernetes NodesAnyTCP443Container component update services
AnyAnyTCP/ UDP53DNS services
AnyAnyUDP67DHCP services
CubeCOS MGNT NetworkEtcd Plane NodesTCP2379Etcd plane node communication for management
CubeCOS MGNT NetworkControl Plane NodesTCP6443Control plane node communication for management