Internal grid node communications

The StorageGRID internal firewall only allows incoming connections to specific ports on the Grid Network, with the exception of ports 22, 80, 123, and 443 (see the information about external communications). Connections are also accepted on ports defined by load balancer endpoints.

Note: NetApp recommends that you enable Internet Control Message Protocol (ICMP) traffic between grid nodes. Allowing ICMP traffic can improve failover performance when a grid node cannot be reached.

In addition to ICMP and the ports listed in the table, StorageGRID uses the Virtual Router Redundancy Protocol (VRRP). VRRP is an internet protocol that uses IP protocol number 112. StorageGRID uses VRRP in unicast mode only. VRRP is required only if high availability (HA) groups are configured.

Guidelines for Linux-based nodes

If enterprise networking policies restrict access to any of these ports, you can remap ports at deployment time using a deployment configuration parameter. For more information about port remapping and deployment configuration parameters, see the installation instructions for your Linux platform.

Guidelines for VMware-based nodes

Configure the following ports only if you need to define firewall restrictions that are external to VMware networking.

If enterprise networking policies restrict access to any of these ports, you can remap ports when you deploy nodes using the VMware vSphere Web Client, or by using a configuration file setting when automating grid node deployment. For more information about port remapping and deployment configuration parameters, see the installation instructions for VMware.

Guidelines for appliance Storage Nodes

If enterprise networking policies restrict access to any of these ports, you can remap ports using the StorageGRID Appliance Installer. For more information about port remapping for appliances, see the installation instructions for your storage appliance.

StorageGRID internal ports

Port TCP or UDP From To Details
22 TCP Primary Admin Node All nodes For maintenance procedures, the primary Admin Node must be able to communicate with all other nodes using SSH on port 22. Allowing SSH traffic from other nodes is optional.
80 TCP Appliances Primary Admin Node Used by StorageGRID appliances to communicate with the primary Admin Node to start the installation.
123 UDP All nodes All nodes Network time protocol service. Every node synchronizes its time with every other node using NTP.
443 TCP All nodes Primary Admin Node Used for communicating status to the primary Admin Node during installation and other maintenance procedures.
1139 TCP Storage Nodes Storage Nodes Internal traffic between Storage Nodes.
1501 TCP All nodes Storage Nodes with ADC Reporting, auditing, and configuration internal traffic.
1502 TCP All nodes Storage Nodes S3- and Swift-related internal traffic.
1504 TCP All nodes Admin Nodes NMS service reporting and configuration internal traffic.
1505 TCP All nodes Admin Nodes AMS service internal traffic.
1506 TCP All nodes All nodes Server status internal traffic.
1507 TCP All nodes Gateway Nodes Load balancer internal traffic.
1508 TCP All nodes Primary Admin Node Configuration management internal traffic.
1509 TCP All nodes Archive Nodes Archive Node internal traffic.
1511 TCP All nodes Storage Nodes Metadata internal traffic.
5353 UDP All nodes All nodes Optionally used for full-grid IP changes and for primary Admin Node discovery during installation, expansion, and recovery.
7001 TCP Storage Nodes Storage Nodes Cassandra TLS inter-node cluster communication.
7443 TCP All Nodes Admin Nodes Internal traffic for maintenance procedures and error reporting.
9042 TCP Storage Nodes Storage Nodes Cassandra client port.
9999 TCP All nodes All nodes Internal traffic for multiple services. Includes maintenance procedures, metrics, and networking updates.
10226 TCP Storage Nodes Primary Admin Node Used by StorageGRID appliances for forwarding AutoSupport messages from E-Series SANtricity System Manager to the primary Admin Node.
11139 TCP Archive/Storage Nodes Archive/Storage Nodes Internal traffic between Storage Nodes and Archive Nodes.
18000 TCP Admin/Storage Nodes Storage Nodes with ADC Account service internal traffic.
18001 TCP Admin/Storage Nodes Storage Nodes with ADC Identity Federation internal traffic.
18002 TCP Admin/Storage Nodes Storage Nodes Internal API traffic related to object protocols.
18003 TCP Admin/Storage Nodes Storage Nodes with ADC Platform services internal traffic.
18017 TCP Admin/Storage Nodes Storage Nodes Data Mover service internal traffic for Cloud Storage Pools.
18019 TCP Storage Nodes Storage Nodes Chunk service internal traffic for erasure coding.
18082 TCP Admin/Storage Nodes Storage Nodes S3-related internal traffic.
18083 TCP All nodes Storage Nodes Swift-related internal traffic.
18200 TCP Admin/Storage Nodes Storage Nodes Additional statistics about client requests.
19000 TCP Admin/Storage Nodes Storage Nodes with ADC Keystone service internal traffic.