Internal grid node communications
The StorageGRID internal firewall only allows incoming connections to specific ports on the Grid Network, with the exception of ports 22, 80, 123, and 443 (see the information about external communications). Connections are also accepted on ports defined by load balancer endpoints.
NetApp recommends that you enable Internet Control Message Protocol (ICMP) traffic between grid nodes. Allowing ICMP traffic can improve failover performance when a grid node cannot be reached. |
In addition to ICMP and the ports listed in the table, StorageGRID uses the Virtual Router Redundancy Protocol (VRRP). VRRP is an internet protocol that uses IP protocol number 112. StorageGRID uses VRRP in unicast mode only. VRRP is required only if high availability groups are configured.
Guidelines for Linux-based nodes
If enterprise networking policies restrict access to any of these ports, you can remap ports at deployment time using a deployment configuration parameter. For more information about port remapping and deployment configuration parameters, see:
Guidelines for VMware-based nodes
Configure the following ports only if you need to define firewall restrictions that are external to VMware networking.
If enterprise networking policies restrict access to any of these ports, you can remap ports when you deploy nodes using the VMware vSphere Web Client, or by using a configuration file setting when automating grid node deployment. For more information about port remapping and deployment configuration parameters, see Install VMware.
Guidelines for appliance nodes
If enterprise networking policies restrict access to any of these ports, you can remap ports using the StorageGRID Appliance Installer. For more information about port remapping for appliances, see:
StorageGRID internal ports
Port |
TCP or UDP |
From |
To |
Details |
22 |
TCP |
Primary Admin Node |
All nodes |
For maintenance procedures, the primary Admin Node must be able to communicate with all other nodes using SSH on port 22. Allowing SSH traffic from other nodes is optional. |
80 |
TCP |
Appliances |
Primary Admin Node |
Used by StorageGRID appliances to communicate with the primary Admin Node to start the installation. |
123 |
UDP |
All nodes |
All nodes |
Network time protocol service. Every node synchronizes its time with every other node using NTP. |
443 |
TCP |
All nodes |
Primary Admin Node |
Used for communicating status to the primary Admin Node during installation and other maintenance procedures. |
1139 |
TCP |
Storage Nodes |
Storage Nodes |
Internal traffic between Storage Nodes. |
1501 |
TCP |
All nodes |
Storage Nodes with ADC |
Reporting, auditing, and configuration internal traffic. |
1502 |
TCP |
All nodes |
Storage Nodes |
S3- and Swift-related internal traffic. |
1504 |
TCP |
All nodes |
Admin Nodes |
NMS service reporting and configuration internal traffic. |
1505 |
TCP |
All nodes |
Admin Nodes |
AMS service internal traffic. |
1506 |
TCP |
All nodes |
All nodes |
Server status internal traffic. |
1507 |
TCP |
All nodes |
Gateway Nodes |
Load balancer internal traffic. |
1508 |
TCP |
All nodes |
Primary Admin Node |
Configuration management internal traffic. |
1509 |
TCP |
All nodes |
Archive Nodes |
Archive Node internal traffic. |
1511 |
TCP |
All nodes |
Storage Nodes |
Metadata internal traffic. |
5353 |
UDP |
All nodes |
All nodes |
Optionally used for full-grid IP changes and for primary Admin Node discovery during installation, expansion, and recovery. |
7001 |
TCP |
Storage Nodes |
Storage Nodes |
Cassandra TLS inter-node cluster communication. |
7443 |
TCP |
All Nodes |
Admin Nodes |
Internal traffic for maintenance procedures and error reporting. |
8443 |
TCP |
Primary Admin Node |
Appliance nodes |
Internal traffic related to the maintenance mode procedure. |
9042 |
TCP |
Storage Nodes |
Storage Nodes |
Cassandra client port. |
9999 |
TCP |
All nodes |
All nodes |
Internal traffic for multiple services. Includes maintenance procedures, metrics, and networking updates. |
10226 |
TCP |
Storage Nodes |
Primary Admin Node |
Used by StorageGRID appliances for forwarding AutoSupport messages from E-Series SANtricity System Manager to the primary Admin Node. |
11139 |
TCP |
Archive/Storage Nodes |
Archive/Storage Nodes |
Internal traffic between Storage Nodes and Archive Nodes. |
18000 |
TCP |
Admin/Storage Nodes |
Storage Nodes with ADC |
Account service internal traffic. |
18001 |
TCP |
Admin/Storage Nodes |
Storage Nodes with ADC |
Identity Federation internal traffic. |
18002 |
TCP |
Admin/Storage Nodes |
Storage Nodes |
Internal API traffic related to object protocols. |
18003 |
TCP |
Admin/Storage Nodes |
Storage Nodes with ADC |
Platform services internal traffic. |
18017 |
TCP |
Admin/Storage Nodes |
Storage Nodes |
Data Mover service internal traffic for Cloud Storage Pools. |
18019 |
TCP |
Storage Nodes |
Storage Nodes |
Chunk service internal traffic for erasure coding. |
18082 |
TCP |
Admin/Storage Nodes |
Storage Nodes |
S3-related internal traffic. |
18083 |
TCP |
All nodes |
Storage Nodes |
Swift-related internal traffic. |
18200 |
TCP |
Admin/Storage Nodes |
Storage Nodes |
Additional statistics about client requests. |
19000 |
TCP |
Admin/Storage Nodes |
Storage Nodes with ADC |
Keystone service internal traffic. |
Related information