NCE-Campus V300R020C00 Communication Matrix
NCE-Campus V300R020C00 Communication Matrix
NCE-Campus V300R020C00 Communication Matrix
Communication Matrix
Issue 01
Date 2020/12/08
All other trademarks and trade names mentioned in this document are the property of their respective holders.
Notice
The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the
products, services and features described in this document may not be within the purchase scope or the usage scope. Unless otherwise
specified in the contract, all statements, information, and recommendations in this document are provided "AS IS" without warranties,
guarantees or representations of any kind, either express or implied.
The information in this document is subject to change without notice. Every effort has been made in the preparation of this document to
ensure accuracy of the contents, but all statements, information, and recommendations in this document do not constitute a warranty of a
kind, express or implied.
Website: http://www.huawei.com
Email: support@huawei.com
ut prior written consent of Huawei
ective holders.
Intended Audience
This document is intended for:
● Network planners
● System engineers
● Field engineers
● Network shift engineers
● Network operators
● Network administrators
Organization
Source Device Name of the source device.
IP address of the source device. This IP address must conform to the product-specific IP
Source IP Address
naming rules.
Number of the source port or source port number range. For well-known protocols, use
Source Port port as the source port. If the value of Source Port is Any, the port number ranges from
65535.
Destination Device Name of the destination device.
IP address of the destination device. This IP address must conform to the product-speci
Destination IP Address
address naming rules.
Number of the destination port or destination port number range. The destination port p
Destination Port
listening service. If the value of Destination Port is N/A, the representative is not applic
Protocol Protocol (such as TCP, UDP, or SCTP) used at the transport layer.
Port Description Details about the services provided by the destination port.
Listening Port Configurable Whether the destination port can be changed through the GUI or CLI.
Authentication mode of the destination port, for example, authentication using the usern
Authentication Mode
password.
Encryption Mode Encryption mode of the destination port.
Plane to which the destination port belongs, such as the OM plane, control and signalin
Plane
user plane, or shared by all three planes.
Issue Date
01 2020/10/22
02 12/8/2020
Whether the destination port can be changed through the GUI or CLI.
Authentication mode of the destination port, for example, authentication using the username and
password.
Encryption mode of the destination port.
Plane to which the destination port belongs, such as the OM plane, control and signaling plane,
user plane, or shared by all three planes.
Description
TCP/UDP port IDs range from 0 to 65535 and are divided into th
1. Port 0 to port 1023 are used to identify some standard services
2. 1024-32767: Port numbers in this segment are assigned to reg
3. The range of allocable dynamic port IDs varies according to t
SUSE12 Linux: The default value range is 32768-60999, and the
EulerOS: The default value range is 32768-60999, and the custo
These ports may be dynamically allocated to any applications (s
NIC Planning
Network Plane Default Port
:n
Internal
:3
communication plane
:dbs
:1
Service distribution :dip
plane
:0
:sv
Southbound plane
:fv
:on
Northbound plane
:nv
ity policies, ensure that traffic is filtered based on IP addresses and Transmission Control Protocol (TCP)/User Datagram Protocol (UDP
o filter data packets and transmit data packets to their destined application programs.
work, client, or northbound network must be enabled on the required firewalls. In other scenarios, you can determine whether to enable
ation and heartbeat ports between the primary and secondary sites. The port types are described as follows:
ons:
r communication between NCE and NEs. In this sheet, NCE server IP address maps to the southbound IP address of each planned nod
IP addresses of the Manager are nodes deployed on the Manager, such as the NMS nodes, and those of the Controller are nodes deploy
onnections:
for communication between NCE and clients. In this sheet, NCE server IP address maps to the client IP address of each planned node
or communication between NCE and the OSS. In this sheet, NCE server IP address maps to the northbound IP address of each planne
ovides ports for communication between NCE and third-party servers, such as the SYSLOG server, email server, SMS server, SNMP s
et, NCE server IP address maps to the northbound IP address of each planned node.
or the operating system and disk array of the NCE server. This port type collects ports that are not used by NCE services or cannot be c
ewall of the NCE server based on the usage scenario.
vides ports used only for installation and deployment. These ports are not used during NCE running.
sed for third-party software. For details, see the description of third-party ports.
listening ports of the NCE nodes (locally bound to 127.0.0.1). These ports do not need to be enabled on the firewall of the NCE server.
g ports between NCE nodes. These ports, excluding the heartbeat and replication ports between the primary and secondary sites, must no
e marked "Ports between the primary and secondary sites." in the Special Scenario column.If a firewall is deployed between the prima
e the ports for communication between the two sites to ensure normal communication.
or example, between the primary and secondary sites of an HA system, or between the NCE server and NEs, allow the ICMP packets to
orts that are not used on NCE to ensure NCE security. Dynamic ports may be listened to during the running of certain OS services. Ther
tem.
determine the IP address specified by NCE server IP address based on the EasySuite network planning table:
can be classified into VM/hardware management network, northbound/client network, southbound network, inter-node communication
ent networks, see "Service Port Diagram".
ning table, the IP address name usually contains the network type keyword to indicate the usage of the IP address, for example, client lo
ddress, hardware monitoring module communication IP address, southbound IP address, southbound floating IP address, and inter-n
ifferent protection schemes, for example, cluster, active/standby, single instance.In active/standby mode, a floating IP address is configu
nal clients. Users only need to allow the floating IP address traffic of the service node to pass the firewall.
contain keywords. The relationships between these IP address names and network types are as follows: BGP (southbound), OMS floati
ress (inter-node), and JHS floating IP address (inter-node).
port is used for network communication in a specific direction during the network planning using EasySuite. If the default planning is n
of the NIC.
s specified by NCE server IP address by referring to the description in the preceding two cells.
Note
Nginx floating IP address
ACA_Nginx floating IP address
DBservice floating IP address
ER floating IP address
LVS load balancing DIP
FusionInsight Manager floating IP
address
Virtual IP address for LVS southbound
load balancing
based on IP addresses and Transmission Control Protocol (TCP)/User Datagram Protocol (UDP) port IDs.
ackets to their destined application programs.
wing segments:
SFTP and STelnet.
pplication programs by Internet Assigned Number Authority (IANA).
pe:
ized value range is 32768-65535.
alue range is 34000-61000.
otificat and gnome-ses).
st be enabled on the required firewalls. In other scenarios, you can determine whether to enable the ports based on the actual deploymen
imary and secondary sites. The port types are described as follows:
s. In this sheet, NCE server IP address maps to the southbound IP address of each planned node. If the Manager and the Controller are
deployed on the Manager, such as the NMS nodes, and those of the Controller are nodes deployed on the Controller, such as the Contro
lients. In this sheet, NCE server IP address maps to the client IP address of each planned node.
e OSS. In this sheet, NCE server IP address maps to the northbound IP address of each planned node.
n NCE and third-party servers, such as the SYSLOG server, email server, SMS server, SNMP server, DNS server, NTP server, and third
northbound IP address of each planned node.
f the NCE server. This port type collects ports that are not used by NCE services or cannot be categorized into other port types.You are
age scenario.
deployment. These ports are not used during NCE running.
see the description of third-party ports.
y bound to 127.0.0.1). These ports do not need to be enabled on the firewall of the NCE server.
, excluding the heartbeat and replication ports between the primary and secondary sites, must not be enabled on the firewall of the NCE
d secondary sites." in the Special Scenario column.If a firewall is deployed between the primary and secondary sites of an HA system,
he two sites to ensure normal communication.
condary sites of an HA system, or between the NCE server and NEs, allow the ICMP packets to pass through the firewall.
NCE security. Dynamic ports may be listened to during the running of certain OS services. Therefore, you are not advised to enable syst
Description
When the southbound plane, northbound plane, and service distribution plane
are combined, :dip and :nv can be combined.
When the virtual IP address for LVS southbound load balancing is combined
with the virtual IP address for LVS northbound load balancing, :nv is used.
When the virtual IP address for LVS file server load balancing is combined
with the virtual IP address for LVS southbound load balancing, :sv is used.
When the virtual IP address for LVS file server load balancing, virtual IP
address for LVS southbound load balancing, and virtual IP address for LVS
northbound load balancing are combined, :nv is used.
ows:
t IDs.
e.
DNS server, NTP server, and third-party
NE IP
NEs Any port - - -
address
Controller
Controller server server IP 161 No - -
address
Controller
14001~159
Controller server server IP - - -
00
address
Controller
Controller server server IP Any port - - -
address
NE IP
NEs Any port Yes SouthBound business IP 162
address
NE IP Floating IP address for file
NEs Any port Yes 18020
address server load balancing
Client IP
Client Any port No - -
address
Client IP
Client Any port No - -
address
NE IP
NEs Any port No - -
address
NE IP
NEs Any port No - -
address
NE IP
NEs Any port No - -
address
Controller
Controller server server IP Any port No - -
address
NE IP
NEs Any port No - -
address
Controller
Controller server server IP 1819 No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP 50100 No - -
address
Controller
Controller server server IP 1820 No - -
address
Destination Destination IP Destination Listening Port
Protocol Port Description
Device Address Port Configurable (Y/N)
Floating IP
address for
Controller Device alarm reporting monitor
southbound 162 UDP No
server port.
load
balancing
Controller The port used by the
Controller
server IP 18020 TCP Fls_OpenAS_Tomcat7 process to No
server
address provide file download services.
Southbound
Controller
service IP 31922 TCP SFTP server listening port. No
server
address
CampusOA CampusOA
Digital certificate (two-way) SSH None AC-Campus
MService MService
CampusOA CampusOA
Digital certificate (two-way) SSH None AC-Campus
MService MService
CampusOA CampusOA
Digital certificate (two-way) SSH None AC-Campus
MService MService
SNMPV1/
EndpointPr EndpointPr
SNMPv1/SNMPv2c: V2c: none;
None ofileServic ofileServic AC-Campus
Community name, SNMPv3 SNMPV3:
e e
encryption
EnpowerService
NEBackup
is provided only
MgrService DCServer;
for NCE-FAN.
SNMPV1/ ;NESoftMg NEUpgrad
NEBackupMgrSer
SNMPv1/SNMPv2c: V2c: none; rService;En e;Enpower
vice and DC
Community name, SNMPv3 SNMPV3: powerServi Dm;nesmar
NESoftMgrServic
encryption ce;NESmar tupgradeser
e are not provided
tUpgradeSe vice
for campus
rvice
products.
SNMPV1/
NESmartU
SNMPv1/SNMPv2c: V2c: none; nesmartupg
None pgradeServ DC
Community name, SNMPv3 SNMPV3: radeservice
ice
encryption
SNMPV1/
V1:None;S
SouthBoun
NMPv3:Enc
SNMPv1/SNMPv2c: dNodeServ LVSServic
ryption;SN None AC-Campus
Community name, SNMPv3 ice;LVSSer e
MPv3
vice
DH:Encrypti
on
NCEV1R18C FIProxySer Fls_OpenA
Digital certificate (two-way) HTTPS None AC-Campus
10 and later vice S_Tomcat7
FIProxySer FIProxySer
Digital certificate (two-way) HTTPS None AC-Campus
vice vice
FIProxySer FIProxySer
Digital certificate (two-way) HTTPS None AC-Campus
vice vice
RadiusServ RadiusServ
Preshared key None None AC-Campus
erService erService
RadiusServ RadiusServ
Preshared key None None AC-Campus
erService erService
ACANginx
Digital certificate (one-way) HTTPS None Service;LV aca_nginx AC-Campus
SService
The microservices
NEBackupMgrSer
vice,
NESoftMgrServic
e, NELicService,
NEBackup
and the
MgrService
corresponding
;NESoftMg DCServer;
processes
rService;N NEUpgrad
DCServer,
ELicServic e;nelicServ
NEUpgrade, and
e;NESmart er;nesmartu
User Name/Password; Public nelicServer are
SSH UpgradeSe pgradeservi DC
key provided for
rvice;NEBa ce;Backup
carriers. In the
ckupExecut Executor;U
enterprise
orService; pgradeExec
scenario, only
NEUpgrad utor
NESmartUpgrade
eExecutorS
Service and the
ervice;
corresponding
process
nesmartupgradese
rvice are
involved.
RadiusServ RadiusServ
Preshared key None None AC-Campus
erService erService
SouthBoun SouthBoun
User Name/Password SSH None. dNodeServ dNodeServ AC-Campus
ice ice
SSHServer SSHServer
Digital certificate (two-way) SSH None AC-Campus
Service Service
PortalServe PortalServe
Preshared key None None AC-Campus
rService rService
PortalServe PortalServe
Digital certificate (two-way) HTTPS None AC-Campus
rService rService
PortalServe
PortalServe
Digital certificate (two-way) HTTPS None rService;L AC-Campus
rService
VSService
CampusAc CampusAc
Digital certificate (two-way) SSL/TLS None countServi countServi AC-Campus
ce ce
CampusAc CampusAc
Digital certificate (two-way) HTTPS None cesscfgSer cesscfgSer AC-Campus
vice vice
ACANginx
User Name/Password None None Service;LV aca_nginx AC-Campus
SService
RadiusServ RadiusServ
Preshared key None None AC-Campus
erService erService
PortalServe PortalServe
Preshared key None None AC-Campus
rService rService
RadiusServ RadiusServ
Preshared key None None AC-Campus
erService erService
SNMPV1/
V1:None;S
NMPv3:Enc SouthBoun SouthBoun
SNMPv1/SNMPv2c:
ryption;SN None dNodeServ dNodeServ eSight
Community name, SNMPv3
MPv3 ice ice
DH:Encrypti
on
PortalServe PortalServe
Preshared key None None AC-Campus
rService rService
PortalServe PortalServe
Preshared key None None AC-Campus
rService rService
Configuration File and Parameter Remarks Certificate Catalog Bound IP Address Type
/opt/oss/envs/Product-
DataCollectorService/
None Public IP address
{datetime}/controller/
configuration/ssl
/opt/oss/envs/Product-
DataCollectorService/
None Public IP address
{datetime}/controller/
configuration/ssl
/opt/oss/envs/Product-
DataCollectorService/
None None Public IP address
{datetime}/controller/
configuration/ssl
/opt/oss/envs/Product-
FIProxyService/
None None {datetime}/tomcat/ Public IP address
Fls_OpenAS_Tomcat7/
conf/device/old_cert/
/opt/oss/envs/Product-
FIProxyService/
{datetime}/tomcat/
Fls_OpenAS_Tomcat7/
conf/
None None truststore.keystore; Public IP address
/opt/oss/envs/Product-
FIProxyService/{dateti
me}/tomcat/Fls_OpenA
S_Tomcat7/conf/
keystore.keystore;
/opt/oss/envs/Product-
None None ACANginxService/ Public IP address
{datetime}/cert/
None None Public IP address
/opt/oss/envs/Product-
PortalServerService/
None Public IP address
{datetime}/controller/
configuration
/opt/oss/envs/Product-
PortalServerService/
None Public IP address
{datetime}/controller/
configuration
/opt/oss/envs/Product-
/opt/oss/envs/Product-
CampusAccountServic
CampusAccountService/{datetime}/
None e/{datetime}/ Public IP address
controller/configuration/iae/server/
controller/
sm.properties port
configuration/iae/server
/opt/oss/envs/Product-
/opt/oss/envs/Product-
CampusAccesscfgServi
CampusAccesscfgService/
ce/{datetime}/
{datetime}/controller/configuration/ None Public IP address
controller/
http2-config-new.xml
configuration/ssl/
listener.server.port
new_cert
The
The
rest/netconf/disableCa
rest/netconf/enableC
llhome interface Foreign
allhome interface Yes Yes
needs to be invoked to show
needs to be invoked
end listening.
to start listening.
Start the
End the
CampusOAMService
CampusOAMService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
CampusOAMService
CampusOAMService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
After a third-party
certificate is added.
End the
Start the
CampusOAMService
CampusOAMService Foreign
process. The port is Yes Yes
process. The port is show
disabled
enabled
automatically.
automatically and
remains open.
Start the
End the
DataCollectorService
DataCollectorService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
DataCollectorService
DataCollectorService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
After a third-party
certificate is added,
End the
start the
DataCollectorService
DataCollectorService Foreign
process. The port is Yes Yes
process. The port is show
disabled
enabled
automatically.
automatically and
remains open.
After the
EndpointProfileServi
ce process is started, This port is
the SNMP periodic automatically disabled
Foreign
scanning task is when the periodic Not Concerning Yes
show
triggered. This port SNMP scanning task
is automatically is complete.
enabled and always
exists.
In a single scenario,
In a single scenario,
start the
stop the
SouthBoundNodeSer
SouthBoundNodeServ
vice process, which
ice process, the port is
opens automatically
disabled
and will always Foreign
automatically; in a No No
exist; in a cluster show
cluster scenario, stop
scenario, start the
the
LVSService process,
LVSServiceprocess,
which opens
the port is disabled
automatically and
automatically.
will always exist.
Start the
End the
Fls_OpenAS_Tomca
Fls_OpenAS_Tomcat
t7 process. The port Foreign
7 process. The port is No No
is enabled show
disabled
automatically and
automatically.
remains open.
After a third-party
certificate is added,
End the
start the
FIProxyService
FIProxyService Foreign
process. The port is Yes Yes
process. The port is show
disabled
enabled
automatically.
automatically and
remains open.
Start the
End the
RadiusServerService
RadiusServerService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
RadiusServerService
RadiusServerService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
RadiusServerService End the
process. The port is RadiusServerService Foreign
No No
enabled process. The port is show
automatically and disabled automatically
remains open.
Start the
Stop the
SouthBoundNodeSer
SouthBoundNodeServ
vice process, which Foreign
ice process, the port is No No
opens automatically show
disabled
and will always
automatically.
exist.
Modify the
configuration
parameters of
iMaster_NCE- End the
Campus on PortalServerService
Foreign
CloudSOP-UniEP, process. The port is No No
show
set disabled
ENABLE_RADIUS automatically.
_PORT to 'true', and
restart
PortalServerService.
Start the
End the
SSHServerService
SSHServerServicepro
process. The port is Foreign
cess. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
After a third-party
certificate is added,
End the
start the
SSHServerServicepro
SSHServerService Foreign
cess. The port is Yes Yes
process. The port is show
disabled
enabled
automatically.
automatically and
remains open.
Start the
End the
PortalServerService
PortalServerService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
PortalServerService
PortalServerService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
PortalServerService
PortalServerService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
CampusAccountServ
CampusAccountServi
ice process. The port Foreign
ce process. The port is No No
is enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
CampusAccesscfgSe
CampusAccesscfgSer
rvice process. The Foreign
vice process. The port No No
port is enabled show
is disabled
automatically and
automatically.
remains open.
Start the
End the
PortalServerService
PortalServerService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
RadiusServerService
RadiusServerService
process. The port is Foreign
process. The port is Not Concerning Not Concerning
enabled show
disabled
automatically and
automatically.
remains open.
SNMP service
When SNMP service
triggers, opens
ends, the client's Foreign
random ports, and Not Concerning Not Concerning
random port is show
connects 161 ports of
automatically closed.
devices.
Start the
End the
PortalServerService
PortalServerService
process. The port is Foreign
process. The port is Not Concerning Not Concerning
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
PortalServerService
PortalServerService
process. The port is Foreign
process. The port is Not Concerning Not Concerning
enabled show
disabled
automatically and
automatically.
remains open.
Remark 1 (authentication standards for ports that do not
Feature Name Subsystem
support authentication)
1. NCE-Common默认提供10020端口,但是NCE-
FAN产品提出诉求,要将10020修改为4334.
2. NCE-Common已提供定制修改的接口,当前仅供
NCE-FAN产品使用。该定制修改是NCE内部的事情
Netconf 苏州子系统
,不对外部客户体现
3. NCE-FAN需要将4334端口信息自行录入ROC系统
,并说明清楚4334与10020的关系,在NCE-FAN最
终对外提供的通信矩阵中删除10020端口信息
Remark 2 (encryption standards for ports that do
not support encryption)
无
Source IP Source Address Mapping Destination IP Address Destination Port
Source Device
Address Port Scenario (Before Mapping) (Before Mapping)
Client IP
Client Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Destination Destination Destination Listening Port
Protocol Port Description
Device IP Address Port Configurable (Y/N)
LVSServic
User Name/Password HTTPS None e;NginxSer Keepalive AC-Campus
vice
NCEV1R18C LVSServic
User Name/Password HTTPS None Keepalive AC-Campus
10 and later e
HIROERSe HIROERSe
User Name/Password HTTPS None AC-Campus
rvice rvice
MCHIROE CloudSOP-
User Name/Password SSL/TLS No mchiroer
RService UniEP
NCEV1R18C LVSServic
User Name/Password HTTPS None Keepalive AC-Campus
10 and later e
SSHServer SSHServer
User Name/Password HTTPS None AC-Campus
Service Service
LVSServic
User Name/Password None None Keepalive AC-Campus
e
CampusCf CampusCf
Digital certificate (two-way) SSL/TLS None gCommon gCommon AC-Campus
Service Service
Configuration File and Parameter Remarks Certificate Catalog Bound IP Address Type
/opt/oss/envs/Product-
None None NginxService/ Public IP address
{datetime}/init/cert/
/opt/oss/envs/Product-
Public IP address; Private
None NginxService/
IP address
{datetime}/init/cert/
/opt/oss/envs/Product-
Public IP address; Private
None NginxService/
IP address
{datetime}/init/cert/
/opt/oss/envs/Product-
CampusCfgCommonSe
None rvice/{time-shot}/ Public IP address
controller/
configuration/saupdate
Port Can Be Port Is Disabled by
Enabling Method Disabling Method Type Office TDT
Disabled Default
Start the
End the
HIROERService
HIROERService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
HIROBERService management
Controller
Controller port for maintenance operations,
server IP 26329 TCP No
server such as off-hook, on-hook, and
address
isolation.
26550~26599,2
The application data proxy service
Controller 6750~26949,32
Controller MCDBProxyService(dr) listens on
server IP 060,32063~320 TCP No
server the port. Used to access the master
address 79,28002~2823
and slave databases.
1,28234,28235
ExtendedPkgRTService process
uses a port that provides dynamic
loading of programming
Controller
Controller framework tripartite packages and
server IP 30254~30274 TCP No
server the ability to provide
address
corresponding services. Used to
provide programmable tripartite
customization in SSL mode.
Controller
Controller
server IP 7811 TCP Maintenance port of OMMHA. No
server
address
Controller
Controller
server IP 8412 TCP Karaf shell local login port. No
server
address
Controller
Controller
server IP 8506 TCP Karaf shell local login port. No
server
address
Controller
Controller
server IP 8507 TCP Karaf shell local login port. No
server
address
Encryption
Authentication Mode Version Special Scenario Service Process Component
Mode
SecoManag
Digital certificate (two-way) SSH None KARAF SecoManager
erService
CloudSOP-
Digital certificate (two-way) SSL/TLS None ALL All
UniEP
HIROIRSe
Digital certificate (two-way) HTTPS None hiroir CloudSOP
rvice
HIROERSe
Digital certificate (two-way) HTTPS None hiroer CloudSOP
rvice
HIROIRSe
Digital certificate (two-way) SSL/TLS None hiroir CloudSOP
rvice
MCHIROI CloudSOP-
Digital certificate (two-way) SSL/TLS None mchiroir
RService UniEP
HIROBER
Digital certificate (two-way) HTTPS None hirober CloudSOP
Service
MCHIROI CloudSOP-
Digital certificate (two-way) SSL/TLS None mchiroir
RService UniEP
MCHIROE CloudSOP-
Digital certificate (two-way) SSL/TLS None mchiroer
RService UniEP
Port between
CloudSOP-
User Name/Password SSL/TLS primary and N/A zengine
UniEP
secondary sites.
Port between
UniEPServ CloudSOP-
User Name/Password SNMPV3 primary and gaussdb
ice UniEP
secondary sites
Need to deploy
DBProxyS
User Name/Password None master-slave dr CloudSOP
ervice
database.
MCDBPro CloudSOP-
User Name/Password None None mcdr
xyService UniEP
Port between
CloudSOP-
Digital certificate (two-way) SSL/TLS primary and N/A zengine
UniEP
secondary sites
ExtendedP ExtendedP
Digital certificate (two-way) HTTPS None kgRTServi kgRTServi AC-BP
ce ce
In the default
BusService
scenario, this port
is disabled. When
a service installs
None None BusService ir CloudSOP
BusService on
GUIs, relevant
parameters must
be configured to
enable this port.
Used in
OMMHAS CloudSOP-
Digital certificate (two-way) SSL/TLS distributed HA ommha
ervice UniEP
scenarios.
Port between
User Name/Password; Digital CloudSOP-
SSL/TLS primary and N/A zengine
certificate (two-way) UniEP
secondary sites
NCEV1R18C ACANginx
Digital certificate (two-way) SSL/TLS None ha AC-Campus
10 and later Service
CampusLV LVSServic
None None None AC-Campus
SService e
NginxServi NginxServi
None None None AC-Campus
ce ce
OMPubSer
User Name/Password SSH None KARAF AC-BP
vice
Northboun Northboun
dCommuni dCommuni
User Name/Password SSH None AC-BP
cationServi cationServi
ce ce
Configuration File and Parameter Remarks Certificate Catalog Bound IP Address Type
None 127.0.0.1
processes/hiroir-{0}-{0}/MGMT in
{installation
directory}/{tenant}/apps/HIROIRServ
ice/etc/sysconf/HIROIRService- PaaS port /opt/oss/NCE/etc/ssl 127.0.0.1
{version}.json
Note: This configuration item cannot
be modified.
processes/hiroer-{0}-{0}/MGMT in
{installation
directory}/{tenant}/apps/HIROERSer
vice/etc/sysconf/HIROERService- None /opt/oss/NCE/etc/ssl 127.0.0.1
{version}.json
Note: This configuration item cannot
be modified.
processes/hiroer-{0}-{0}/BER, BER2,
BER_ACCESS, BER_ACCESS2 in
{installation
PaaS Port /opt/oss/NCE/etc/ssl 127.0.0.1
directory}/{tenant}/apps/HIROERSer
vice/etc/sysconf/HIROERService-
version.json
processes/mchiroir-{0}-{0}/MGMT in
{installation
directory}/manager/apps/MCHIROIR
Service/etc/sysconf/MCHIROIRServi None /opt/oss/manager/etc/ssl 127.0.0.1
ce-{version}.json
Note: This parameter is
unconfigurable.
processes/mchiroer-{0}-{0}/MGMT
in {installation
directory}/manager/apps/MCHIROER
Service/etc/sysconf/MCHIROERServi None /opt/oss/manager/etc/ssl 127.0.0.1
ce-{version}.json
Note: This parameter is
unconfigurable.
/opt/oss/envs/DBAgent/*/
dbcontainer/gauss/conf/ None 127.0.0.1
defaultArgs.json/PORTS
When a third-party
programming component
package is activated, the
ExtendedPkgRTService
process creates a virtual
local private network IP
address (192.168.xxx.xxx
/opt/oss/NCE/etc/ssl/
or 172.16.xxx.xxx) and
None internal; 127.0.0.1
binds the ports from 30254
{APP_ROOT}/etc/ssl
to 30274 to the IP address
for internal communication.
This IP address is used only
for internal communication
within the programmable
framework and cannot be
used for external access.
None 127.0.0.1
127.0.0.1; Private IP
None /opt/oss/manager/etc/ssl
address
/opt/oss/envs/Product-
ACANginxService/
None 127.0.0.1
{datetime}/ha/ha-
aca_nginx/ha/local/cert
None 127.0.0.1
None 127.0.0.1
Start the
microservice. The
End the microservice.
port is enabled Foreign
The port is disabled Yes No
automatically and show
automatically.
remains open.
The dr process is
The dr process is
started and the port is
stopped and the port Foreign
automatically opened Yes No
is automatically shut show
and will always
down.
exist.
When
ExtendedPkgRTServ
End the
ice is started and a
ExtendedPkgRTServi
third-party
ce process or unload
programming
the third-party Foreign
package is loaded, a No No
programming show
port is automatically
package. The port is
opened for each
disabled
package that is
automatically.
loaded and will
always be there.
In the default
BusService scenario,
this port is disabled.
It is not turned on by
When a service
default, or it is turned Foreign
installs BusService No Yes
off after the NCE show
on GUIs, relevant
system shutdown.
parameters must be
configured to enable
this port.
The deployagent
The deployagent
process is started and
process is stopped and
the port is Foreign
the port is Yes No
automatically opened show
automatically shut
and will always
down.
exist.
This port is
This port is
automatically
automatically enabled
enabled during
during LVSService Foreign
LVSService Yes Yes
installation and show
installation and
disabled after the
disabled after the
installation.
installation.
This port is
This port is
automatically
automatically enabled
enabled during
during NginxService Foreign
NginxService Yes Yes
installation and show
installation and
disabled after the
disabled after the
installation.
installation.
Start the
End the
SDWANCfgService
SDWANCfgService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
SDWANOAMServic
SDWANOAMService
e process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
SDWANPerfService
SDWANPerfService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
开放编程框架 统一南向 无
OMPubService 杭州机制 NA
NorthboundCom
municationServic 杭州机制 NA
e
NA
NA
NE IP
Controller server Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP 32026 - - -
address
Controller
Controller server server IP 32027 - - -
address
Controller
Controller server server IP 32031 - - -
address
Controller
Controller server server IP 32032 - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP 68 - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP 7709 No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Client IP
Client Any port - - -
address
Hardware
Hardware Server Server IP Any port - - -
address
Destination Destination Destination Listening Port
Protocol Port Description
Device IP Address Port Configurable (Y/N)
Controller
Controller SouthBoundNodeService process
server IP 14004 TCP No
server listening port.
address
This port is listened to by the
devicedb service instance and
Controller
Controller receives connection requests from
server IP 16431 TCP No
server clients. The port is used to transfer
address
data in an upgrade scenario.
Controller
Controller Port used by the ACM to upload
server IP 18030 TCP No
server portal page thumbnails.
address
Controller
Controller Nginx processes use ports to load
server IP 21000 TCP No
server static UI pages.
address
Controller
Controller The oss_nginx process use ports to
server IP 22000 TCP No
server load static UI pages.
address
Controller
Controller This port is enabled for leader
server IP 26311 TCP No
server election in the ZooKeeper cluster.
address
Controller
Controller Listening port for the
server IP 26327 TCP No
server MessagingService service.
address
The HomepageNoticeService
service internal listening port is
Controller
Controller used by the bus to forward
server IP 26336 TCP No
server websocket requests to the
address
websocket service node.
Controller
Controller TCP,UD
server IP 28888 karafport of SecoManagerService No
server P
address
Port 30087 is open by the
Controller
Controller management plane and is used to
server IP 30087 UDP No
server send alerts to the product alert
address
service.
Controller
Controller This port is the Etcd management
server IP 30101 TCP No
server port.
address
Controller
Controller The CampusL3NetPrvnService
server IP 31111 TCP No
server process inner communication port.
address
Controller
Controller tomcat port of
server IP 31113 TCP No
server RadiusServerService
address
Controller
Controller tomcat port of
server IP 32821 TCP No
server EndpointProfileService
address
The CampusAccountService
Controller
Controller process inner communication port
server IP 50303 TCP No
server provides the inner communication
address
service.
NginxService HA process
Controller
Controller interaction port, used for file
server IP 7710 TCP No
server synchronization between the
address
active and standby nodes.
Controller
Controller NginxService ha process local
server IP 7711 TCP No
server maintenance port.
address
Controller
Controller OMM-HA interactive port for
server IP 7809 TCP No
server active and backup heartbeat check.
address
Controller
Controller DRService process listen port,
server IP 8000 TCP No
server used for inner heartbeat.
address
SNMPV1/
V1:None;S
NMPv3:Enc SouthBoun SouthBoun
SNMPv1/SNMPv2c:
ryption;SN None dNodeServ dNodeServ AC-Campus
Community name, SNMPv3
MPv3 ice ice
DH:Encrypti
on
Used in a
distributed
scenario, where CloudSOP-
HMAC-SHA256 None NTP ntpd
ntp is used as a UniEP
client usage
scenario.
SouthBoun SouthBoun
Digital certificate (two-way) SSH None. dNodeServ dNodeServ AC-Campus
ice ice
The port is used
to transfer data in
an upgrade
db-migrate-
Digital certificate (two-way) SSL/TLS scenario. The port gaussdb AC-BP
service
is automatically
disabled after
migrating data.
NCEV1R18C MinigateSe
Digital certificate (two-way) HTTPS None miniGate AC-Campus
10 and later rvice
NCEV1R18C ACANginx
Digital certificate (two-way) HTTPS None aca_nginx AC-Campus
10 and later Service
NCEV1R18C ACANginx
Digital certificate (two-way) HTTPS None aca_nginx AC-Campus
10 and later Service
ACANginx ACANginx
Preshared key None None AC-Campus
Service Service
HOFSNbS hofsnbservi
Digital certificate (two-way) HTTPS None CloudSOP
ervice ce
NCEV1R18C NginxServi
Digital certificate (two-way) HTTPS None nginx AC-Campus
10 and later ce
NMQZook NMQZook
Digital certificate (two-way) SSL/TLS None eeperServic eeperServic AC-BP
e e
MultiLang
Digital certificate (one-way) HTTPS None uageServic oss_nginx AC-Campus
e
EtcdServic etcd-
Digital certificate (two-way) SSL/TLS None AC-BP
e service
CloudSOP-
Digital certificate (two-way) SSL/TLS None Etcd cse-etcd
UniEP
Digital certificate (two-way) SSL/TLS None Etcd etcd CloudSOP
EtcdServic etcd-
Digital certificate (two-way) SSL/TLS None AC-BP
e service
CampusPer CampusPer
Digital certificate (two-way) SSL/TLS None AC-Campus
fService fService
CloudSOP-
Digital certificate (two-way) SSL/TLS None ALL All
UniEP
SecoManag SecoManag
Digital certificate (two-way) SSL/TLS None SecoManager
erService erService
In distributed
scenarios, this
port is used for
application nodes MCHIROI CloudSOP-
Digital certificate (one-way) SSL/TLS mchiroir
to communicate RService UniEP
with management
nodes.
MCZKServ CloudSOP-
Digital certificate (two-way) SSL/TLS None mczkapp
ice UniEP
MCZKServ CloudSOP-
Digital certificate (two-way) SSL/TLS None mczkapp
ice UniEP
OMPubSer OMPubSer
Digital certificate (two-way) SSL/TLS None AC-BP
vice vice
Northboun Northboun
dCommuni dCommuni
Digital certificate (two-way) SSL/TLS None AC-BP
cationServi cationServi
ce ce
NCEV1R18C Messaging
Digital certificate (two-way) HTTPS None msglbsrv CloudSOP
00 and later LBService
NCEV1R18C Messaging
Digital certificate (two-way) HTTPS None msgsrv CloudSOP
00 and later Service
Messaging
Digital certificate (two-way) HTTPS None BrokeServi msgbrksrv CloudSOP
ce
HIROBER
Digital certificate (two-way) HTTPS None hirober CloudSOP
Service
HomePage homepagen
Digital certificate (two-way) SSL/TLS None NoticeServ oticeservic CloudSOP
ice e
SDWANPe SDWANPe
Digital certificate (two-way) SSL/TLS None AC-Campus
rfService rfService
LiteCASig LiteCASig
Digital certificate (two-way) None None AC-Campus
nService nService
LiteCASig LiteCASig
Digital certificate (one-way) SSL/TLS None AC-Campus
nService nService
LiteCASig LiteCASig
Digital certificate (two-way) SSL/TLS None AC-Campus
nService nService
ACANginx ACANginx
Digital certificate (two-way) None None AC-Campus
Service Service
Port between
CloudSOP-
Digital certificate (two-way) SSL/TLS primary and N/A zengine
UniEP
secondary sites
MinAPIGat
minapigate
Token SSL/TLS None ewayServic CloudSOP
wayservice
e
Port between
DRMgrSer drmgrservi CloudSOP-
Digital certificate (two-way) SSL/TLS primary and
vice ce UniEP
secondary sites
APINotify
apinotifypr
None SSL/TLS None ProxyServi CloudSOP
oxyservice
ce
MinAPIGat
minapigate
Digital certificate (one-way) SSL/TLS None ewayServic CloudSOP
wayservice
e
MinAPIGat
User Name/Password SSL/TLS None ewayServic nats CloudSOP
e
MinAPIGat
NCEV1R18C
User Name/Password SSL/TLS None ewayServic nats CloudSOP
10 and later
e
MCHIROI CloudSOP-
Digital certificate (two-way) SSL/TLS None mchiroir
RService UniEP
HIROIRSe
Digital certificate (two-way) SSL/TLS None hiroir CloudSOP
rvice
NMQZook NMQZook
Digital certificate (two-way) SSL/TLS None eeperServic eeperServic AC-BP
e e
SecoManag SecoManag
Digital certificate (two-way) HTTPS None SecoManager
erService erService
UniEPServ uniepservic CloudSOP-
User Name/Password SNMPV3 None
ice e UniEP
ServiceCen
Digital certificate (two-way) SSL/TLS None sc CloudSOP
ter
AuthServic AuthServic
Digital certificate (two-way) SSL/TLS None AC-BP
e e
SSOWebSi SSOWebSi
Digital certificate (two-way) SSL/TLS None AC-BP
te te
AuthWebSi AuthWebSi
Digital certificate (two-way) SSL/TLS None AC-BP
te te
DomainSer DomainSer
Digital certificate (two-way) SSL/TLS None AC-BP
vice vice
NCEV1R18C SMPAgent SMPAgent NCE-
Digital certificate (two-way) HTTPS None
10 and later Service Service Common
NetconfCli NetconfCli
Digital certificate (two-way) SSL/TLS None AC-BP
entService entService
CampusAc CampusAc
Digital certificate (two-way) HTTPS None cesscfgSer cesscfgSer AC-Campus
vice vice
CampusL3 CampusL3
Digital certificate (two-way) HTTPS None NetPrvnSer NetPrvnSer AC-Campus
vice vice
CampusCf CampusCf
Digital certificate (two-way) HTTPS None gCommon gCommon AC-Campus
Service Service
RadiusServ RadiusServ
Digital certificate (two-way) HTTPS None AC-Campus
erService erService
Southboun Southboun
Digital certificate (two-way) HTTPS None AC-Campus
dService dService
CampusAc CampusAc
Digital certificate (two-way) HTTPS None countServi countServi AC-Campus
ce ce
SDWANV SDWANV
Digital certificate (two-way) HTTPS None AC-Campus
NService NService
CampusFa CampusFa
Digital certificate (two-way) HTTPS None AC-Campus
bricService bricService
CampusCf CampusCf
Digital certificate (two-way) HTTPS None AC-Campus
gService gService
HIROERSe
User Name/Password HTTPS None hiroer AC-Campus
rvice
CloudSOP-
Digital certificate (two-way) SSL/TLS None DBAgent dbagentapp
UniEP
HIROIRSe
Digital certificate (two-way) HTTPS None hiroir CloudSOP
rvice
OMMHAS CloudSOP-
Digital certificate (two-way) SSL/TLS None ommha
ervice UniEP
OMMHAS CloudSOP-
Digital certificate (two-way) SSL/TLS None ommha
ervice UniEP
IP address for
communication
between the active
and standby
OMMHA nodes.
Dual-heartbeat is
configured by
default. Small
network for OMMHAS CloudSOP-
Digital certificate (two-way) SSL/TLS ommha
communication ervice UniEP
between bound
nodes IP and NCE
large network IP
(depending on the
service node,
Binding a
northbound or
southbound IP)
IP address for
communication
between the active
and standby
OMMHA nodes.
Dual-heartbeat is
configured by
default. Small
network for OMMHAS CloudSOP-
Digital certificate (two-way) SSL/TLS ommha
communication ervice UniEP
between bound
nodes IP and NCE
large network IP
(depending on the
service node,
Binding a
northbound or
southbound IP)
MCHIROI CloudSOP-
Digital certificate (two-way) SSL/TLS None mchiroir
RService UniEP
Zookeeper zookeepera
Digital certificate (two-way) SSL/TLS None CloudSOP
Service pp
Zookeeper zookeepera
Digital certificate (two-way) SSL/TLS None CloudSOP
Service pp
Port between
User Name/Password; Digital CloudSOP-
SSL/TLS primary and N/A zengine
certificate (two-way) UniEP
secondary sites
CloudSOP-
User Name/Password None None N/A redis-server
UniEP
EndpointPr EndpointPr
Digital certificate (two-way) HTTPS None ofileServic ofileServic AC-Campus
e e
SDWANCf SDWANCf
Digital certificate (two-way) SSL/TLS None AC-Campus
gService gService
SDWANO SDWANO
Digital certificate (two-way) SSL/TLS None AC-Campus
AMService AMService
SDWANPe SDWANPe
Digital certificate (two-way) SSL/TLS None AC-Campus
rfService rfService
NMQZook NMQZook
Digital certificate (two-way) SSL/TLS None eeperServic eeperServic AC-BP
e e
CampusAc CampusAc
Digital certificate (two-way) SSL/TLS None countServi countServi AC-Campus
ce ce
CampusOA CampusOA
Digital certificate (two-way) SSH None AC-Campus
MService MService
None: standard protocol CloudSOP-
None None DHCP dhcpd
(application layer protocol) UniEP
NCEV1R18C NginxServi
Digital certificate (two-way) SSL/TLS None ha AC-Campus
10 and later ce
NCEV1R18C NginxServi
Digital certificate (two-way) SSL/TLS None ha AC-Campus
10 and later ce
NCEV1R18C NginxServi
Digital certificate (two-way) SSL/TLS None ha AC-Campus
10 and later ce
NCEV1R18C ACANginx
Digital certificate (two-way) SSL/TLS None ha AC-Campus
10 and later Service
NCEV1R18C ACANginx
Digital certificate (two-way) SSL/TLS None ha AC-Campus
10 and later Service
NCEV1R18C
Digital certificate (two-way) SSL/TLS None DRService DRService AC-BP
10 and later
PortalServe PortalServe
Digital certificate (two-way) HTTPS None AC-Campus
rService rService
NCEV1R18C ACANginx
Public key SSH None rsyncd AC-Campus
10 and later Service
DmqKafka dmqkafkas
Digital certificate (two-way) SSL/TLS None AC-BP
Service vr
MinAPIGat
minapigate
Token SSL/TLS None ewayServic CloudSOP
wayservice
e
LiteCASig LiteCASig
Digital certificate (two-way) None None AC-Campus
nService nService
LiteCASig LiteCASig
Digital certificate (one-way) SSL/TLS None AC-Campus
nService nService
LiteCASig LiteCASig
Digital certificate (two-way) SSL/TLS None AC-Campus
nService nService
MCHIROE CloudSOP-
User Name/Password SSL/TLS None mcer
RService UniEP
UniEPServ uniepservic CloudSOP-
User Name/Password SNMPV3 None
ice e UniEP
Configuration File and Parameter Remarks Certificate Catalog Bound IP Address Type
/opt/oss/envs/Product-
None MinigateService/ Private IP address
{datetime}/init/cert/
/opt/oss/envs/Product-
FIProxyService/
{datetime}/tomcat/
Fls_OpenAS_Tomcat7/
conf/
None keystore.keystore; Private IP address
/opt/oss/envs/Product-
FIProxyService/{dateti
me}/tomcat/Fls_OpenA
S_Tomcat7/conf/
truststore.keystore
/opt/oss/envs/Product-
NginxService/
{datetime}/init/cert/
local.crt;
/opt/oss/envs/Product-
None Private IP address
NginxService/{datetim
e}/init/cert/local.key;
/opt/oss/envs/Product-
NginxService/{datetim
e}/init/cert/ca.crt;
/opt/oss/envs/Product-
None ACANginxService/ Private IP address
{datetime}//cert/
/opt/oss/envs/Product-
None ACANginxService/ Private IP address
{datetime}//cert/
/opt/oss/envs/Product-
SouthboundService/
{datetime}/controller/
configuration/ssl/
akka_ssl/
None keystore.keystore; Private IP address
/opt/oss/envs/Product-
SouthboundService/{da
tetime}/controller/confi
guration/ssl/akka_ssl/
truststore.keystore;
$NAAS_HOME/
controller/
None Private IP address
configuration/ssl/
akka_ssl
${APP_ROOT}/
None controller/ Private IP address
configuration/ssl/jetty/
processes/hofsnbservice-{0}-{0}/
osd/port in {installation
directory}/{tenant}/apps/HOFSNbSer None /opt/oss/NCE/etc/ssl Private IP address
vice/etc/sysconf/HOFSNbService-
{version}.json
/opt/oss/
NCECAMPUS/etc/ssl/
internal/server.cer;
/opt/oss/NCECAMPUS
None /etc/ssl/internal/server_ Private IP address
key.pem;
/opt/oss/NCECAMPUS
/etc/ssl/internal/trust.cer
;
/opt/oss/
NCECAMPUS/etc/ssl/
internal/server.cer;
/opt/oss/NCECAMPUS
None /etc/ssl/internal/server_ Private IP address
key.pem;
/opt/oss/NCECAMPUS
/etc/ssl/internal/trust.cer
;
/opt/oss/envs/Product-EtcdService/
{time-shot}/conf/etcd_server.yaml/
/opt/oss/envs/Product-
advertise-client-urls
None EtcdService/{time- Private IP address
/opt/oss/envs/Product-EtcdService/
shot}/conf
{time-shot}/conf/etcd_server.yaml/
listen-client-urls
/opt/oss/envs/Product-EtcdService/
{time-shot}/conf/etcd_server.yaml/
initial-advertise-peer-urls
/opt/oss/envs/Product-EtcdService/ /opt/oss/envs/Product-
{time-shot}/conf/etcd_server.yaml/ None EtcdService/{time- Private IP address
listen-peer-urls shot}/conf
/opt/oss/envs/Product-EtcdService/
{time-shot}/conf/etcd_server.yaml/
initial-cluster
/opt/oss/envs/Product-
PortalServerService/
{datetime}/controller/
configuration/ssl/
akka_ssl/
None keystore.keystore; Private IP address
/opt/oss/envs/Product-
PortalServerService/{d
atetime}/controller/conf
iguration/ssl/akka_ssl/
truststore.keystore;
/opt/oss/envs/Product-
CampusBaseService/
{datetime}/controller/
configuration/ssl/
akka_ssl/
None keystore.keystore; Private IP address
/opt/oss/envs/Product-
CampusBaseService/{d
atetime}/controller/conf
iguration/ssl/akka_ssl/
truststore.keystore;
/opt/oss/envs/Product-
CampusFabricService/
{datetime}/controller/
configuration/ssl/
akka_ssl/
None keystore.keystore; Private IP address
/opt/oss/envs/Product-
CampusBaseService/{d
atetime}/controller/conf
iguration/ssl/akka_ssl/
truststore.keystore;
/opt/oss/envs/Product-
CampusOAMService/
{datetime}/controller/
configuration/ssl/
akka_ssl/
None keystore.keystore; Private IP address
/opt/oss/envs/Product-
CampusBaseService/{d
atetime}/controller/conf
iguration/ssl/akka_ssl/
truststore.keystore;
/opt/oss/envs/Product-
CampusPerfService/
{datetime}/controller/
configuration/ssl/
akka_ssl/
None keystore.keystore; Private IP address
/opt/oss/envs/Product-
CampusBaseService/{d
atetime}/controller/conf
iguration/ssl/akka_ssl/
truststore.keystore;
processes/mchiroir-{0}-{0}/
ONEWAY_AUTH in {installation
directory}/manager/apps/MCHIROIR
Service/etc/sysconf/MCHIROIRServi None /opt/oss/manager/etc/ssl Private IP address
ce-{version}.json
Note: This parameter is
unconfigurable.
${APP_ROOT}/
None controller/ Private IP address
configuration/ssl/jetty/
${APP_ROOT}/
None None controller/ Private IP address
configuration/ssl/jetty/
listeners in {installation
directory}/{tenant}/apps/MessagingBr
None /opt/oss/NCE/etc/ssl Private IP address
okeService/kafka/kafka_version/
config/server.properties
/opt/oss/envs/Product-
SDWANPerfService/
{datetime}/controller/
configuration/ssl/
/opt/oss/envs/Product-
akka_ssl/
SDWANPerfService/{datetime}/
None keystore.keystore; Private IP address
controller/configuration/initial/
/opt/oss/envs/Product-
akka.conf:port
SDWANPerfService/{d
atetime}/controller/conf
iguration/ssl/akka_ssl/
truststore.keystore;
/opt/oss/NCECAMPUS/apps/
Public IP address; Private
LiteCASignService/conf/server.xml None
IP address
/opt/oss/NCECAMPUS/apps/
Public IP address; Private
LiteCASignService/conf/server.xml None 数据库
IP address
/opt/oss/NCECAMPUS/apps/
Public IP address; Private
LiteCASignService/conf/server.xml None 数据库
IP address
/etc/aca_nginx/aca_nginx.conf
None Private IP address
A relational database has a
maximum of 20 database
instances. Each instance is
configured with an access
port and a replication port.
IP addresses of the active
and standby DB nodes
Public IP address; Private
None (including DB and Domain /opt/oss/manager/etc/ssl
IP address
DB)
The source and destination
IP addresses are subject to
the actual configuration of
the replication network
between the active and
standby sites.
/opt/oss/manager/etc/
None None Private IP address
ssl/internal/
/opt/oss/NCE/etc/ssl/
None None Private IP address
internal/
/opt/oss/
None None NCECOMMONE/etc/ Private IP address
ssl/internal
/opt/oss/envs/Prouct-
add SecoManagerService SecoManagerService/
None Private IP address
prot of karaf {datetime}/controller/
configuration/ssl
Configuration item NBI_PORT in The engrnotifyservice.cfg
installation file is not available by
Private IP address
directory/manager/var/etc/engrnotifys default and needs to be
ervice/engrnotifyservice.cfg customized.
httpport in <installation
directory>/{tenant}/apps/ServiceCente None /opt/oss/manager/etc/ssl Private IP address
r/conf/app.conf
/opt/oss/manager/etc/
None Private IP address
ssl/internal/
/opt/oss/NCE/etc/ssl/
None Private IP address
internal/
/opt/oss/NCE/etc/ssl/
None Private IP address
internal/
/opt/oss/NCE/etc/ssl/
None Private IP address
internal/
/opt/oss/NCE/etc/ssl/
None Private IP address
internal/
/opt/oss/manager/etc/
None Private IP address
ssl/internal
/opt/oss/NCE/etc/ssl/
None None Private IP address
internal/
/opt/oss/
None None NCECAMPUS/etc/ssl/ Private IP address
internal
/opt/oss/
None None NCECAMPUS/etc/ssl/ Private IP address
internal
/opt/oss/
None None NCECAMPUS/etc/ssl/ Private IP address
internal
/opt/oss/envs/Product-
RadiusServerService/
None None Private IP address
{datetime}/controller/
configuration/ssl
/opt/oss/
None None NCECAMPUS/etc/ssl/ Private IP address
internal
/opt/oss/
None None NCECAMPUS/etc/ssl/ Private IP address
internal
/opt/oss/
None None NCECAMPUS/etc/ssl/ Private IP address
internal
/opt/oss/
None None NCECAMPUS/etc/ssl/ Private IP address
internal
/opt/oss/
${APP_ROOT}/pub/app_define.json None Private IP address
NCECAMPUS/etc/ssl
/opt/oss/
None None Private IP address
NCECAMPUS/etc/ssl
/opt/oss/
None None Private IP address
NCECAMPUS/etc/ssl
/opt/oss/
None None Private IP address
NCECAMPUS/etc/ssl
/opt/oss/
None None Private IP address
NCECAMPUS/etc/ssl
/opt/oss/
None None Private IP address
NCECAMPUS/etc/ssl
/opt/oss/
None None Private IP address
NCECAMPUS/etc/ssl
/opt/oss/
None None Private IP address
NCECAMPUS/etc/ssl
/opt/oss/
None None NCECAMPUS/etc/ssl/ Private IP address
internal
processes/hiroer-{0}-{0}/ER, ER2,
ACCESS_EXTERNAL,
ACCESS_EXTERNAL2 in
{installation None /opt/oss/NCE/etc/ssl Private IP address
directory}/tenant/apps/HIROERServic
e/etc/sysconf/HIROERService-
version.json
REST_PORT in {installation
directory}/manager/apps/DBAgent/en None /opt/oss/manager/etc/ssl Private IP address
vs/*.properties
processes/hiroir-{0}-{0}/IR in
{installation
directory}/{tenant}/apps/HIROIRServ None /opt/oss/NCE/etc/ssl Private IP address
ice/etc/sysconf/HIROIRService-
{version}.json
processes/mchiroir-{0}-{0}/IR in
{installation
directory}/manager/apps/MCHIROIR
Service/etc/sysconf/MCHIROIRServi None /opt/oss/manager/etc/ssl Private IP address
ce-{version}.json
Note: This parameter is
unconfigurable.
127.0.0.1; Private IP
None /opt/oss/manager/etc/ssl
address
secureClientPort in {configuration file
path}/oss/product
name/ZookeeperService/conf/zoo_v2.
cfg
"env":"stage":"config":"ZookeeperSer
vice.PortList" in {installation
directory}/{product
name}/apps/ZookeeperService/etc/sys
conf/deployment_env.json
ZookeeperService.PortList in
{installation directory}/{product
name}/apps/ZookeeperService/envs/*. None /opt/oss/manager/etc/ssl Private IP address
properties
"parameters":"ZookeeperService.Port
List":"default" in {installation
directory}/{product
name}/apps/ZookeeperService/pub/ap
p_define.json
"parameters":"ZookeeperService.Port
List":"default" in {installation
directory}/{product
name}/etc/pub/ZookeeperService-*/pu
b/app_define.json
/opt/oss/envs/Prouct-
EndpointProfileService
None None Private IP address
/{datetime}/controller/
configuration/ssl
/opt/oss/
${APP_ROOT}/pub/app_define.json None NCECOMMONE/etc/ Private IP address
ssl
/opt/oss/
${APP_ROOT}/pub/app_define.json None NCECOMMONE/etc/ Private IP address
ssl
/opt/oss/
None None NCECOMMONE/etc/ Private IP address
ssl
/opt/oss/
None None NCECOMMONE/etc/ Private IP address
ssl/internal
/opt/oss/envs/Product-
FreeMobilityService/
None None {datetime}/controller/ Private IP address
configuration/ssl/
iae_ssl
/opt/oss/envs/Product-
NginxService/
None Private IP address
{datetime}/ha/ha-
aca_nginx/ha/local/cert
/opt/oss/envs/Product-
None NginxService/ Private IP address
{datetime}/init/cert/
/opt/oss/envs/Product-
None NginxService/ 127.0.0.1
{datetime}/init/cert/
/opt/oss/envs/Product-
ACANginxService/
None Private IP address
{datetime}/ha/ha-
aca_nginx/ha/local/cert
/opt/oss/envs/Product-
ACANginxService/
None Private IP address
{datetime}/ha/ha-
aca_nginx/ha/local/cert
/opt/oss/manager/etc/
None Private IP address
ssl/dr
/opt/oss/envs/Product-
PortalServerService/
{datetime}/controller/
configuration/ssl/jetty/
server.p12;/opt/oss/
None Private IP address
envs/Product-
PortalServerService/
{datetime}/controller/
configuration/ssl/jetty/
trust.jks
/opt/oss/
None NCECOMMONE/etc/ Private IP address
ssl
/opt/oss/NCECAMPUS/apps/
Public IP address; Private
LiteCASignService/conf/server.xml None
IP address
/opt/oss/NCECAMPUS/apps/
Public IP address; Private
LiteCASignService/conf/server.xml None 数据库
IP address
/opt/oss/NCECAMPUS/apps/
Public IP address; Private
LiteCASignService/conf/server.xml None 数据库
IP address
processes/mchiroer-{0}-{0}/ER in
{installation
directory}/manager/apps/MCHIROER
Service/etc/sysconf/MCHIROERServi None /opt/oss/manager/etc/ssl Public IP address
ce-{version}.json
Note: This parameter is
unconfigurable.
This file is not available by
default. If the user needs to
Private IP address;
customize it, a new file
Hardware IP
needs to be created.
Port Can Be Port Is Disabled by
Enabling Method Disabling Method Type Office TDT
Disabled Default
Start the
End the
SouthBoundNodeSer
SouthBoundNodeServ
vice process. The Foreign
ice process. The port No No
port is enabled show
is disabled
automatically and
automatically.
remains open.
Start the
End the
SouthBoundNodeSer
SouthBoundNodeServ
vice process. The Foreign
ice process. The port No No
port is enabled show
is disabled
automatically and
automatically.
remains open.
The port is
The port is enabled automatically disabled
when the devicedb if the devicedb service Foreign
Yes Yes
service instance instance in the show
starts. Gaussdb process is
stopped.
The port is
The port is enabled automatically disabled
when the commondb if the commondb
Foreign
service instance service instance in the Yes Yes
show
starts. Gaussdb process is
stopped.
The port is
The port is enabled automatically disabled
when the localdb if the localdb service
Foreign
service instance instance in the Yes Yes
show
starts. Gaussdb process is
stopped.
The port is
The port is enabled automatically disabled
when the fmlogdb if the fmlogdb service
Foreign
service instance instance in the Yes Yes
show
starts. Gaussdb process is
stopped.
The port is
The port is enabled automatically disabled
when the fcapsdb if the fcapsdb service
Foreign
service instance instance in the Yes Yes
show
starts. Gaussdb process is
stopped.
The port is
The port is enabled automatically disabled
when the secmdb if the secmdb service
Foreign
service instance instance in the Yes Yes
show
starts. Gaussdb process is
stopped.
The port is
The port is enabled automatically disabled
when the omdb if the omdb service
Foreign
service instance instance in the Yes Yes
show
starts. Gaussdb process is
stopped.
Start the
End the
FIProxyService
FIProxyService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the nginx
End the nginx
process. The port is
process. The port is Foreign
enabled No No
disabled show
automatically and
automatically.
remains open.
Start the
End the
ACANginxService
ACANginxService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
SouthboundService
SouthboundService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
hofsnbservice End the hofsnbservice
process. The port is process. The port is Foreign
No No
enabled disabled show
automatically and automatically.
remains open.
Start the
End the
NMQZookeeperServ
NMQZookeeperServi
ice process. The port Foreign
ce process. The port is No Yes
is enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
PortalServerService
PortalServerService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
CampusBaseService
CampusBaseService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
CampusFabricServic
CampusFabricService
e process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
CampusOAMService
CampusOAMService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
CampusPerfService
CampusPerfService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
microservice. The
End the microservice.
port is enabled Foreign
The port is disabled Yes No
automatically and show
automatically.
remains open.
Start the
End the
SecoManagerService
SecoManagerService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
Stop the
OMPubService karaf
OMPubService karaf
process. The port is Foreign
process. The port is Yes No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
Stop the
NorthboundCommun
NorthboundCommuni
icationService karaf
cationService karaf Foreign
process. The port is Yes No
process. The port is show
enabled
disabled
automatically and
automatically.
remains open.
disable
Start
MessagingLBService, Foreign
MessagingLBService No No
the port will close. show
, the port will open.
Start Disable
Foreign
MessagingService, MessagingService, No No
show
the port will open. the port will close.
Start the
End the
MessagingBrokeServ
MessagingBrokeServi
ice process. The port Foreign
ce process. The port is No No
is enabled show
automatically
automatically and
disabled.
remains open.
Start the
End the
homepagenoticeservi
homepagenoticeservic
ce process. The port Foreign
e process. The port is Yes No
is enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the basicwebsite
basicwebsite process.
process. The port is Foreign
The port is enabled No No
disabled show
automatically and
automatically.
remains open.
Start the zengine
Stop the zengine
database process, the
database process and Foreign
port is automatically Yes No
the port is show
opened and will
automatically closed.
always exist.
Start the
End the
SDWANPerfService
SDWANPerfService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
LiteCASignService
LiteCASignService
process. The port is
process. The port is Foreign
enabled No No
disabled show
automatically and
automatically.
remains open.
Log in to the system
as the admin user. On
Log in to the system the CA
as the admin user, Service/CMP/TLS
upload the identity Configuration page,
certificate and trust delete the identity
certificate on the CA certificate and trust
Service/CMP/TLS certificate, and restart
Foreign
Configuration page, the Yes Yes
show
and restart the LiteCASignService
LiteCASignService process. The port is
process. The port is disabled. Or End the
enabled and always LiteCASignService
exists. process. The port is
disabled
automatically.
Start the
End the
ACANginxService
ACANginxService
process. The port is
process. The port is Foreign
enabled No No
disabled show
automatically and
automatically.
remains open.
Start the zengine
Stop the zengine
database process, the
database process and Foreign
port is automatically Yes No
the port is show
opened and will
automatically closed.
always exist.
The
The
minapigatewayservic
minapigatewayservice
e process is started
process is stopped and Foreign
and the port is Yes No
the port is show
automatically opened
automatically shut
and will always
down.
exist.
The drmgrservice
The drmgrservice
process is started and
process is stopped and
the port is Foreign
the port is Yes No
automatically opened show
automatically shut
and will always
down.
exist.
The
The
apinotifyproxyservic
apinotifyproxyservice
e process is started
process is stopped and Foreign
and the port is Yes No
the port is show
automatically opened
automatically shut
and will always
down.
exist.
The
The
minapigatewayservic
minapigatewayservice
e process is started
process is stopped and Foreign
and the port is Yes No
the port is show
automatically opened
automatically shut
and will always
down.
exist.
Start the
End the
NMQZookeeperServ
NMQZookeeperServi
ice process. The port Foreign
ce process. The port is No Yes
is enabled show
disabled
automatically and
automatically.
remains open.
Start the
SecoManagerService End the
process. The port is SecoManagerService Foreign
No No
enabled process. The port is show
automatically and disabled automatically
remains open
The uniepservice
The uniepservice
process is started and
process is stopped and
the port is Foreign
the port is Yes No
automatically opened show
automatically shut
and will always
down.
exist.
Start the
Stop the
SMPMQService
SMPMQService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
SSOWebSite End the SSOWebSite
process. The port is process. The port is Foreign
No No
enabled disabled show
automatically and automatically.
remains open.
Start the
AuthWebSite End the AuthWebSite
process. The port is process. The port is Foreign
No No
enabled disabled show
automatically and automatically.
remains open.
Start the
End the
DomainService
DomainService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start
Stop the
SMPAgentService
SMPAgentService
process, the port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
NetconfClientService
NetconfClientService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
CampusAccesscfgSe
CampusAccesscfgSer
rvice process. The Foreign
vice process. The port No No
port is enabled show
is disabled
automatically and
automatically.
remains open.
Start the
End the
CampusL3NetPrvnS
CampusL3NetPrvnSe
ervice process. The Foreign
rvice process. The No No
port is enabled show
port is disabled
automatically and
automatically.
remains open.
Start the
End the
CampusCfgCommon
CampusCfgCommon
Service process. The Foreign
Service process. The No No
port is enabled show
port is disabled
automatically and
automatically.
remains open.
Start the
End the
RadiusServerService
RadiusServerService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
SouthboundService
CampusAccesscfgSer
process. The port is Foreign
vice process. The port No No
enabled show
is disabled
automatically and
automatically.
remains open.
Start the
End the
CampusAccountServ
CampusAccountServi
ice process. The port Foreign
ce process. The port is No No
is enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
SDWANVNService
SDWANVNService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
CampusFabricServic
CampusFabricService
e process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
CampusBaseService
CampusBaseService
process. The port is Foreign
process. The port is No No
enabled show
automatically
automatically and
disabled.
remains open.
Start the
End the
ACUpgradeService
ACUpgradeService
process. The port is Foreign
process. The port is No No
enabled show
automatically
automatically and
disabled.
remains open.
Start the
End the
CampusOAMService
CampusOAMService
process. The port is Foreign
process. The port is No No
enabled show
automatically
automatically and
disabled.
remains open.
Start the
AlarmService End the AlarmService
process. The port is process. The port is Foreign
No No
enabled automatically show
automatically and disabled.
remains open.
Start the
End the
SSHServerService
SSHServerService
process. The port is Foreign
process. The port is No No
enabled show
automatically
automatically and
disabled.
remains open.
Start the
End the
DataCollectorService
DataCollectorService
process. The port is Foreign
process. The port is No No
enabled show
automatically
automatically and
disabled.
remains open.
Start the
End the
CampusPerfService
CampusPerfService
process. The port is Foreign
process. The port is No No
enabled show
automatically
automatically and
disabled.
remains open.
Start the
End the
RouterService
RouterService
process. The port is Foreign
process. The port is No No
enabled show
automatically
automatically and
disabled.
remains open.
Start the
End the
CampusCfgService
CampusCfgService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start Disable
Foreign
HIROERService, the HIROERService, the No No
show
Port will open. Port will close.
The dbagentapp
The dbagentapp
process is started and
process is stopped and
the port is Foreign
the port is Yes No
automatically opened show
automatically shut
and will always
down.
exist.
Open with NCE Close when NCE Foreign
No No
system startup. system shutdown. show
The deployagent
The deployagent
process is started and
process is stopped and
the port is Foreign
the port is Yes No
automatically opened show
automatically shut
and will always
down.
exist.
The zookeeperapp
The zookeeperapp
process is started and
process is stopped and
the port is Foreign
the port is Yes No
automatically opened show
automatically shut
and will always
down.
exist.
Start the
zookeeperapp End the zookeeperapp
process. The port is process. The port is Foreign
Yes No
enabled automatically show
automatically and disabled.
remains open.
The zookeeperapp
The zookeeperapp
process is started and
process is stopped and
the port is Foreign
the port is No No
automatically opened show
automatically shut
and will always
down.
exist.
The redis-server
The redis-server
process is started and
process is stopped and
the port is Foreign
the port is Yes No
automatically opened show
automatically shut
and will always
down.
exist.
Start the
End the
EndpointProfileServi
EndpointProfileServic
ce process. The port Foreign
e process. The port is No No
is enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
SDWANCfgService
SDWANCfgService
process. The port is Foreign
process. The port is No No
enabled show
automatically
automatically and
disabled.
remains open.
Start the
End the
SDWANOAMServic
SDWANOAMService
e process. The port is Foreign
process. The port is No No
enabled show
automatically
automatically and
disabled.
remains open.
Start the
End the
SDWANPerfService
SDWANPerfService
process. The port is Foreign
process. The port is No No
enabled show
automatically
automatically and
disabled.
remains open.
Start the
End the
NMQZookeeperServ
NMQZookeeperServi
ice process. The port Foreign
ce process. The port is No Yes
is enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
CampusAccountServ
CampusAccountServi
ice process. The port Foreign
ce process. The port No No
is enabled show
is disabled
automatically and
automatically.
remains open.
Start the
End the
DRServiceprocess.
DRServiceprocess. Foreign
The port is enabled No No
The port is disabled show
automatically and
automatically.
remains open.
Start the
End the
PortalServerService
PortalServerService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
DrProductService
DrProductService
process. The port is Foreign
process. The port is No No
enabled show
disabled
automatically and
automatically.
remains open.
The
The
minapigatewayservic
minapigatewayservice
e process is started
process is stopped and Foreign
and the port is Yes No
the port is show
automatically opened
automatically shut
and will always
down.
exist.
Start the
End the
LiteCASignService
LiteCASignService
process. The port is
process. The port is Foreign
enabled No No
disabled show
automatically and
automatically.
remains open.
Log in to the system
as the admin user. On
Log in to the system the CA
as the admin user, Service/CMP/TLS
upload the identity Configuration page,
certificate and trust delete the identity
certificate on the CA certificate and trust
Service/CMP/TLS certificate, and restart
Foreign
Configuration page, the Yes Yes
show
and restart the LiteCASignService
LiteCASignService process. The port is
process. The port is disabled. Or End the
enabled and always LiteCASignService
exists. process. The port is
disabled
automatically.
无
gaussdb 杭州子系统
gaussdb 杭州子系统 无
gaussdb 杭州子系统 无
gaussdb 杭州子系统 无
gaussdb 杭州子系统 无
gaussdb 杭州子系统 无
Netconf 苏州子系统 无
NCE Common
DTPService 无
统一南向服务
NMQZookeeperS
中间件服务 无
ervice
NCE-Common
租户管理 无
协议框架PD
NCE-Common
租户管理 无
协议框架PD
NCE-Common
租户管理 无
协议框架PD
NCE-E共享服
南向协议 无
务域
NMQZookeeperS NCE Common
无
ervice 中间件服务
容灾服务 协议框架服务 无
NCE-
DmqKafkaServic
COMMON 中 无
e
间件服务
Remark 2 (encryption standards for ports that
do not support encryption)
无
无
无
无
无
无
None
None
无
无
无
无
无
无
无
无
无
770259839.xlsx 文档密级
Encryption
Authentication Mode Version Special Scenario Service Process Component
Mode
NCE-
User Name/Password HTTPS None EasySuite EasySuite
Engineer
NCE-
User Name/Password None None EasySuite IPMI
Engineer
Configuration File and Parameter Remarks Certificate Catalog Bound IP Address Type
windows: easysuite\easysuite\
runsslserver.bat set HOST=127.0.0.1 127.0.0.1; Public IP
None \easysuite\certs
set PORT=19090 address
linux: easysuite\start.sh
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Third-party
Third-party
server IP Any port - - -
server
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP 3800 No - -
address
Controller
Controller server server IP 3801 No - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP 1161 - - -
address
Controller
Controller server server IP Any port No - -
address
Controller
Controller server server IP Any port No - -
address
Third-party
Third-party
server IP Any port - - -
server
address
Third-party
Third-party
server IP Any port - -
server
address
OSS IP
OSS Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP Any port - - -
address
Controller
Controller server server IP 6666 - - -
address
Controller
Controller server server IP Any port - - -
address
NTP server
NTP server Any port - - -
IP address
ActiveDirecto
ActiveDirect The NCE server interconnects
ry
ory Specified port with the AD server and provide
authentication TCP Not Concerning
authenticatio on the server terminal user authentication and
server IP
n server data synchronization functions.
address
Encryption
Authentication Mode Version Special Scenario Service Process Component
Mode
Used in a
distributed
scenario, where CloudSOP-
HMAC-SHA256 None NTP ntpd
ntp is used as a UniEP
client usage
scenario.
arbitration- NCE-
Digital certificate (two-way) SSL/TLS None DRService
etcd Common
The destination
port is on a third-
party server. Pay
attention to this APINotify
apinotifypr
None None port only when ProxyServi CloudSOP
oxyservice
outbound rules ce
must be
configured on the
firewall.
NMQKafk NMQKafk
Digital certificate (two-way) SSL/TLS None AC-BP
aService aService
AuthServic AuthServic
User Name/Password None None AC-BP
e e
AuthServic AuthServic
User Name/Password SSL/TLS None AC-BP
e e
CampusAc CampusAc
User Name/Password None None countServi countServi AC-Campus
ce ce
CampusAc CampusAc
User Name/Password SSL/TLS None countServi countServi AC-Campus
ce ce
CampusAc CampusAc
User Name/Password SSL/TLS None countServi countServi AC-Campus
ce ce
The destination
port is on a third-
party server. Pay
attention to this
SNMPV1/ port only when
SNMPv1/SNMPv2c: V2c: none; outbound rules
RMService rmservice CloudSOP
Community name, SNMPv3 SNMPV3: must be
encryption configured on the
firewall. No
default value is
provided on the
NCE GUI.
CampusAc CampusAc
User Name/Password HTTPS None countServi countServi AC-Campus
ce ce
CampusAc CampusAc
Public key; User
SSL/TLS None countServi countServi AC-Campus
Name/Password
ce ce
The destination
port is on a third-
party server. Pay
attention to this APINotify
apinotifypr
Digital certificate (one-way) SSL/TLS port only when ProxyServi CloudSOP
oxyservice
outbound rules ce
must be
configured on the
firewall.
CampusBa CampusBa
User Name/Password SSL/TLS None AC-Campus
seService seService
CampusBa CampusBa
User Name/Password HTTPS None AC-Campus
seService seService
PortalServe PortalServe
User Name/Password None None AC-Campus
rService rService
PortalServe PortalServe
User Name/Password None None AC-Campus
rService rService
PortalServe PortalServe
User Name/Password HTTPS None AC-Campus
rService rService
Northboun Northboun
SNMPv2c: Community name, dCommuni dCommuni
SNMPV3 None AC-BP
SNMPv3 cationServi cationServi
ce ce
CampusAc CampusAc
User Name/Password HTTPS None countServi countServi AC-Campus
ce ce
CampusAc CampusAc
User Name/Password SSL/TLS None countServi countServi AC-Campus
ce ce
Northboun Northboun
dCommuni dCommuni
Digital certificate (two-way) SSL/TLS None AC-BP
cationServi cationServi
ce ce
SNMPV1/
SNMPv1/SNMPv2c: V2c: none; SnmpAgen snmpagents
None CloudSOP
Community name, SNMPv3 SNMPV3: tService ervice
encryption
Northboun Northboun
dCommuni dCommuni
Digital certificate (two-way) SSL/TLS None AC-BP
cationServi cationServi
ce ce
Northboun Northboun
dCommuni dCommuni
Digital certificate (two-way) SSL/TLS None AC-BP
cationServi cationServi
ce ce
Northboun Northboun
dCommuni dCommuni
User Name/Password SSH None AC-BP
cationServi cationServi
ce ce
SNMPV1/
SNMPv1/SNMPv2c: V2c: none; SnmpAgen snmpagents
None CloudSOP
Community name, SNMPv3 SNMPV3: tService ervice
encryption
Northboun Northboun
dCommuni dCommuni
None None None AC-BP
cationServi cationServi
ce ce
Used in a
distributed
scenario, this CloudSOP-
HMAC-SHA256 None NTP ntpd
describes the UniEP
usage scenario of
ntp as a server.
Configuration File and Parameter Remarks Certificate Catalog Bound IP Address Type
/opt/arbitration-etcd/
None None Public IP address
keystore
/opt/oss/
NCECOMMONE/
None None apps/ Public IP address
NMQKafkaService/
tools/ssl
由用户配置并上传,
None 只保存证书内容,不 Public IP address
保存证书目录。
/opt/oss/envs/Product-
CampusBaseService/
None {datetime}/controller/ Public IP address
configuration/ssl/
registerCenter/
控制器为client端不涉
None 及server证书,ca使用 Public IP address
系统ca
/opt/oss/envs/Product-
PortalServerService/
None Public IP address
{datetime}/controller/
configuration
/opt/oss/envs/Product-
NorthboundCommunic
ationService/{time-
None None Public IP address
shot}/controller/
configuration/ssl/
websocket/
/opt/oss/envs/Product-
NorthboundCommunic
ationService/{time-
None None Public IP address
shot}/controller/
configuration/ssl/
syslog/client/
/opt/oss/envs/Product-
NorthboundCommunic
ationService/{time-
None None Public IP address
shot}/controller/
configuration/restful-
trust/
Start the
End the
apinotifyproxyservic
apinotifyproxyservice
e process. The port is Foreign
process. The port is Not Concerning Not Concerning
enabled show
disabled
automatically and
automatically.
remains open.
Start the
End the
NMQKafkaService
NMQKafkaService
process. The port is Foreign
process. The port is No Yes
enabled show
disabled
automatically and
automatically.
remains open
The authentication
mode is configured
for AD Disable the AD Foreign
Not Concerning Not Concerning
authentication and authentication mode. show
connecting to the AD
server.
The authentication
mode is configured
for AD Disable the AD Foreign
Not Concerning Not Concerning
authentication and authentication mode. show
connecting to the AD
server.
The authentication
mode is configured
for Radius Disable the Radius Foreign
Not Concerning Not Concerning
authentication and authentication mode. show
connecting to the
Radius server.
The rmservice
process is started and The rmservice process
the port is is stopped and the Foreign
Not Concerning Not Concerning
automatically opened port is automatically show
and will always shut down.
exist.
The
The
apinotifyproxyservic
apinotifyproxyservice
e process is started
process is stopped and Foreign
and the port is Not Concerning Not Concerning
the port is show
automatically opened
automatically shut
and will always
down.
exist.
Modify the
configuration
parameters of
iMaster_NCE-
Campus on
CloudSOP-UniEP,
set
No business triggers
ENABLE_RADIUS Foreign
will not access third- Not Concerning Not Concerning
_PORT to 'true', and show
party servers.
restart
PortalServerService,
the port is used when
sending radius
Access-Request and
Accounting-Request
packets after that.
Modify the
configuration
parameters of
iMaster_NCE-
Campus on
CloudSOP-UniEP,
set No business triggers
Foreign
ENABLE_RADIUS will not access third- Not Concerning Not Concerning
show
_PORT to 'true', and party servers.
restart
PortalServerService,
the port is used when
sending radius
detection packets
after that.
The apimlbservice
The apimlbservice
process is started and
process is stopped and
the port is Foreign
the port is Yes No
automatically opened show
automatically shut
and will always
down.
exist.
The
snmpagentservice The snmpagentservice
process is started and process is stopped and
Foreign
the port is the port is Yes No
show
automatically opened automatically shut
and will always down.
exist.
The
snmpagentservice The snmpagentservice
process is started and process is stopped and
Foreign
the port is the port is Not Concerning Not Concerning
show
automatically opened automatically shut
and will always down.
exist.
NorthboundCom
NCE Common
municationServic 无
协议框架服务
e
杭州中间件
API Gateway XFT 支持认证
Websocket通道 杭州机制 NA
Syslog通道 杭州机制 NA
Restful上报通道 杭州机制 NA
SFTP通道 杭州机制 NA
Syslog通道 杭州机制 是
不涉及
不涉及
不涉及
支持加密
NA
NA
NA
NA
Geographic redundancy port All ports on the Geographic Redundancy tab page
NAT Policy
Configure a NAT policy if NAT is enabled.
Configure a NAT policy if NAT is enabled.
N/A
Remarks
N/A
Enable port 22 based on the site requirements. Enable this port if external users
need to access internal servers. Otherwise, this port does not need to be enabled.
User's machine (where the web browser opens) IP of the Random Datanode
user's
machine
(where the
web
browser
opens)
User's machine (where the web browser opens) IP of the Random Datanode
user's
machine
(where the
web
browser
opens)
Backup and Recovery source-end NodeManager Backup and Random Backup and
Recovery Recovery
source-end destination-
NodeMana end
ger node IP Datanode
address
Backup and Recovery source-end NodeManager Backup and Random Backup and
Recovery Recovery
source-end destination-
NodeMana end
ger node IP NameNode
address
Users machine (where the web browser is opens) IP address Random NodeMana
of the ger
machines
where the
NodeMana
ger is
running
NodeManager (where the containers are running) IP address Random NodeMana
of the ger
machines
where the
NodeMana
ger is
running
Users machine (where the Job client is open) Users Random Application
machine Master
(where the
Job client
is open)
Users machine (where the Job client is open) Users Random Application
machine Master
(where the
Job client
is open)
Users machine (where the Job client is open) Users Random Application
machine Master
(where the
Job client
is open)
HBase clients [Region server and user clients] IP address Random HMaster
of the
machines
where the
HBase
clients are
running
Users machine (where the web browser is opens) Users Random HMaster
machine
IP(where
the HBase
server UI is
opened)
Users machine (where the web browser is opens) Users Random RegionServ
machine er
IP(where
the
RegionServ
er UI is
opened)
HBase clients [Region server and user clients] IP address Random HMaster1
of the
machines
where the
HBase1
clients are
running
Users machine (where the web browser is opens) Users Random HMaster1
machine
IP(where
the HBase
server1 UI
is opened)
Users machine (where the web browser is opens) Users Random RegionServ
machine er1
IP(where
the
RegionServ
er1 UI is
opened)
HBase clients [Region server and user clients] IP address Random HMaster2
of the
machines
where the
HBase2
clients are
running
Users machine (where the web browser is opens) Users Random HMaster2
machine
IP(where
the HBase
server2 UI
is opened)
Users machine (where the web browser is opens) Users Random RegionServ
machine er2
IP(where
the
RegionServ
er2 UI is
opened)
HBase clients [Region server and user clients] IP address Random HMaster3
of the
machines
where the
HBase3
clients are
running
Users machine (where the web browser is opens) Users Random HMaster3
machine
IP(where
the HBase
server3 UI
is opened)
Users machine (where the web browser is opens) Users Random RegionServ
machine er3
IP(where
the
RegionServ
er3 UI is
opened)
HBase clients [Region server and user clients] IP address Random HMaster4
of the
machines
where the
HBase4
clients are
running
Users machine (where the web browser is opens) Users Random HMaster4
machine
IP(where
the HBase
server4 UI
is opened)
Users machine (where the web browser is opens) Users Random RegionServ
machine er4
IP(where
the
RegionServ
er4 UI is
opened)
Port for data synchronization between the active and standby No Non-
nodes during OMS database reconstruction persistent
This port is used for: connection
Synchronizing the data between the active and standby
databases
Port used by the CEP to obtain data from the PMS for No Non-
statistics collection and calculation persistent
This port is used for: connection
Querying performance monitoring data
Port used by the Controller to obtain monitoring data from the No Non-
PMS persistent
This port is used for: connection
Querying performance monitoring data
Port for the communication between the license server and the No Non-
license client persistent
This port is used for: connection
License management
Port for data synchronization between the active and standby No Persistent
nodes during database reconstruction connection
This port is used for:
Synchronizing the data between the active and standby
databases
This port is used for (this port is not open by default): Yes Persistent
FTP data port connection
[Parameter] active-data-port
[Whether to be enabled by default after installation] Yes
[Whether to be enabled after security hardening] N/A
[Description] FTP-Server JMXPort NO Persistent
Note: The default port range is used and cannot be modified. connection
This port is used for (this port is not open by default): Yes Non-
FTP control port persistent
connection
[Parameter] port
[Whether to be enabled by default after installation] Yes
[Whether to be enabled after security hardening] N/A
This port is used for (this port is not open by default): Yes Persistent
FTPS data port connection
[Parameter] ssl-active-data-port
[Whether to be enabled by default after installation] Yes
[Whether to be enabled after security hardening] N/A
[Parameter] ssl-port
[Whether to be enabled by default after installation] Yes
[Whether to be enabled after security hardening] N/A
[Parameter] passive-data-ports
[Whether to be enabled by default after installation] No
[Whether to be enabled after security hardening] N/A
[Parameter] ssl-passive-data-ports
[Whether to be enabled by default after installation] No
[Whether to be enabled after security hardening] N/A
1. Cilent to connect to RM
2.NM to connect to RM
3. AM to connect to RM
[Description] Application Master RPC Port for job client YES Persistent
connection
This port is used for:
Port for receiving service requests that are forwarded from YES Persistent
other servers connection
Port for Broker to receive data and obtain services YES Persistent
connection
Port for accessing the SolrCloud service using HTTPS Yes Persistent
connection
Port for accessing the SolrCloud service using HTTP Yes Persistent
connection
Port for monitoring requests for stopping Tomcat, to stop Yes Non-
tomcat and the SolrServer service persistent
connection
Port used for the communication between Redis servers in the No Persistent
Redis cluster, including heartbeat and Gossip message connection
exchange
Port for Broker to provide SSL communication, which YES Persistent
provides the communication encryption service. connection
Port for Broker to provide SASL security authentication and YES Persistent
SSL communication, which provides the security connection
authentication and communication encryption services.
Taskmanager RPC port, an internal Flink port used for YES Persistent
communication between the Taskmanager and Jobmanager connection
RPC
Taskmanager Data port, an internal Flink port used for Netty YES Persistent
data exchange between Taskmanagers connection
BLOB Server port, an internal Flink port used for delivering YES Persistent
JAR files of user jobs connection
BLOB Server port, an internal Flink port used for delivering YES Persistent
JAR files of user jobs connection
Jobmanager RPC port, an internal Flink port used for YES Persistent
Jobmanager RPC communication connection
Jobmanager RPC port, an internal Flink port used for YES Persistent
Jobmanager RPC communication connection
Flink client RPC port, an internal Flink port used for YES Persistent
communication between the Jobmanager and Flink client connection
The port range used for Flink's internal metric query service YES Persistent
connection
The port range used for Flink's internal metric query service YES Persistent
connection
Port for accessing the Elasticsearch service using HTTP or Yes Persistent c
HTTPS
Port for accessing the Elasticsearch service using RPC Yes Persistent c
The port of GraphServer is accessed using the Hypertext Yes Short connec
Transfer Protocol (HTTP).
The port is used by the Tomcat of the TaskManager service. No Short connec
The port is the listening port of the Socket service of No Long connec
GremlinServer.
The port is the listening port of the HTTP service of No Long connec
GremlinServer.
The port is used by the Tomcat of the GraphServer service. No Short connec
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Obtain resource files.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Manages data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Obtain the Spark attribute of the driver.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode and
is used for data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Obtain resource files.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Manages data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Obtain the Spark attribute of the driver.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode and
is used for data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Obtain resource files.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Manages data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Obtain the Spark attribute of the driver.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode and
is used for data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Obtain resource files.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Manages data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Obtain the Spark attribute of the driver.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode and
is used for data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Obtain resource files.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after the Spark N/A Persistent c
application is started.
This port is used for: Manages data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Obtain the Spark attribute of the driver.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark internal port. This port exists only after N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode and
is used for data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark2x internal port, which is available only after the N/A Persistent c
Spark2x application is started.
This port is used for: Manages data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Internal port of the Spark2x. This port exists only after the N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Internal port of the Spark2x. This port exists only after the N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode and
is used for data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark2x internal port, which is available only after the N/A Persistent c
Spark2x application is started.
This port is used for: Manages data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Internal port of the Spark2x. This port exists only after the N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Internal port of the Spark2x. This port exists only after the N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode and
is used for data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark2x internal port, which is available only after the N/A Persistent c
Spark2x application is started.
This port is used for: Manages data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Internal port of the Spark2x. This port exists only after the N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Internal port of the Spark2x. This port exists only after the N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode and
is used for data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark2x internal port, which is available only after the N/A Persistent c
Spark2x application is started.
This port is used for: Manages data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Internal port of the Spark2x. This port exists only after the N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Internal port of the Spark2x. This port exists only after the N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode and
is used for data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Spark2x internal port, which is available only after the N/A Persistent c
Spark2x application is started.
This port is used for: Manages data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Internal port of the Spark2x. This port exists only after the N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode.
This port is used for: Controls message communication.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Internal port of the Spark2x. This port exists only after the N/A Persistent c
CoarseGrainedExecutorBackend is started in Yarn mode and
is used for data transmission.
Indicates whether to enable the function by default during
installation. The options are as follows: Yes
Indicates whether to enable the function after security
hardening. Yes
Username and password,or Public Key Username and password,or Public Key
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
Certificate Certificate
Certificate Certificate
N/A N/A
N/A N/A
HMAC-SHA HMAC-SHA
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
Keytab Keytab
Keytab Keytab
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
TOKEN TOKEN
Username and password Username and password
N/A N/A
HMAC-SHA HMAC-SHA
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
Keytab N/A
Keytab N/A
Keytab N/A
N/A N/A
DIGEST N/A
N/A N/A
N/A N/A
Keytab N/A
Keytab N/A
Keytab N/A
N/A N/A
DIGEST N/A
N/A N/A
N/A N/A
Keytab N/A
Keytab N/A
Keytab N/A
N/A N/A
DIGEST N/A
N/A N/A
N/A N/A
Keytab N/A
Keytab N/A
Keytab N/A
N/A N/A
DIGEST N/A
N/A N/A
N/A N/A
Keytab N/A
Keytab N/A
Keytab N/A
N/A N/A
DIGEST N/A
N/A N/A
N/A N/A
Username and password,or keytab file Username and password,or keytab file
certification certification
Username and password,or keytab file Username and password,or keytab file
certification certification
Username and password Username and password
N/A N/A
N/A N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
N/A N/A
Keytab N/A
Keytab N/A
N/A N/A
Keytab N/A
Keytab N/A
N/A N/A
Keytab N/A
Keytab None
Keytab None
Keytab None
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Internal communication between the Internal communication between the
processes processes
N/A N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
IP Filtering N/A
IP Filtering N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
IP Filtering N/A
IP Filtering N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
IP Filtering N/A
IP Filtering N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
IP Filtering N/A
IP Filtering N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
Keytab N/A
IP Filtering N/A
IP Filtering N/A
Keytab N/A
IP Filtering IP Filtering
N/A N/A
Username and password N/A
N/A N/A
N/A N/A
N/A N/A
Keytab N/A
Keytab N/A
N/A N/A
N/A N/A
Keytab N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
N/A N/A
Keytab N/A
Username and password or keytab file N/A
authentication
N/A N/A
N/A N/A
Keytab N/A
Keytab N/A
N/A N/A
Keytab N/A
Keytab None
Access between internal processes None
None None
None None
None None
None None
None None
None None
None None
None None
None None
None None
keytab/Username and password None
Keytab None
Keytab None
digest None
digest None
digest None
digest None
digest None
None None
None None
digest None
None None
None None
Keytab None
Keytab None
keytab/Username and password None
digest None
digest None
digest None
digest None
digest None
digest None
None None
None None
Keytab None
Keytab None
digest None
digest None
digest None
digest None
digest None
digest None
None None
None None
Keytab None
Keytab None
keytab/Username and password None
digest None
digest None
digest None
digest None
digest None
digest None
None None
None None
Keytab None
Keytab None
digest None
digest None
digest None
digest None
digest None
digest None
digest None
None None
None None
Keytab None
Keytab None
digest None
digest None
digest None
None None
None None
Keytab None
Keytab None
digest None
digest None
digest None
None None
None None
Keytab None
Keytab None
digest None
digest None
digest None
None None
None None
Keytab None
Keytab None
digest None
digest None
digest None
None None
None None
Keytab None
Keytab None
digest None
digest None
kerberos+token None
kerberos+token None
Destinatio
n Port
Enabled
Encryption Mode Encryption Mode
Plane for
(Security Mode) (Normal Mode)
External
Access
(Yes/No)
Rsa encryption and asymmetric encryption Rsa encryption and asymmetric encryption Manageme Yes
algorithms algorithms nt plane
TLS1.0 or later (except the weak password SSLv3 or later (except the weak password Manageme No
suite) suite) nt plane
TLS1.0 or later (except the weak password SSLv3 or later (except the weak password Service No
suite) suite) plane
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No N/A Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. Manager Between APP nodes
No Only the local IP address can access the port. DBService Between APP nodes
Yes This port needs to be enabled only when HDFS Between APP nodes
WebHDFS HTTP is used to access HDFS.
Yes This port needs to be enabled only when HDFS Between APP nodes
WebHDFS HTTPS is used to access HDFS.
Yes This port needs to be enabled only when HDFS Between APP nodes
WebHDFS HTTP is used to access HDFS.
Yes This port needs to be enabled only when HDFS Between APP nodes
WebHDFS HTTP is used to access HDFS.
Yes This port needs to be enabled only when HDFS Between APP nodes
Router is used.
Yes This port needs to be enabled only when HDFS Between APP nodes
Router is used.
Yes This port needs to be enabled only when HDFS Between APP nodes
Router is used.
Yes This port needs to be enabled only when HDFS Between APP nodes
Router is used.
Yes Under the system for the installation of secure Kafka Between APP nodes
version to use
Yes Under the system for the installation of secure Kafka Between APP nodes
version to use
No This port can be accessed only by a local IP Oozie Between APP nodes
address.
Yes Under the system for the installation of normal Solr Between APP nodes
mode version to use
No This port can be accessed only by a local IP Solr Between APP nodes
address.
No This port can be accessed only by a local IP Solr Between APP nodes
address.
No This port can be accessed only by a local IP Loader Between APP nodes
address.
Yes Under the system for the installation of secure Kafka Between APP nodes
version to use
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
N/A
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
N/A
When the
OS
OpenLDA
P version is
earlier than
2.4.39,
SSLv3,
TLSv1.0,
TLSv1.1,
and
TLSv1.2
are
supported.
When the
OpenLDA
P version is
2.4.39,
TLSv1.0,
TLSv1.1,
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
TLSv1.1
and
TLSv1.2
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
N/A
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
N/A
N/A
Supported
TLS
versions:
TLSv1.1
and
TLSv1.2
N/A
N/A
This port
will be
deleted
from the
official
version.
Therefore,
do not use
it.This
interface is
not
supported
in security
mode.
Supported
TLS
versions:
TLS1.1,TL
S1.2
Supported
TLS
versions:
TLS1.1,TL
S1.2
System Source Device Source IP Address Source Port Destination Device
iMaster NCE
Controller server IP addresses of internal Any port Controller server
communication NICs on the first and
second Agile Controller-Campus
nodes
FI
HDFS client/Peer Random Datanode
DataNode
FI
IP addresses of internal communicatio
IP addresses of internal 26950 to 26969 TCP This port is used as a listening port for data
communication NICs on the first synchronization between relational database
and second Agile Controller- clusters (Gauss).
Campus nodes
IP addresses of internal 22 TCP Listening port for the SFTP process. This
communication NICs on the first port provides secure file transfer services and
and second Agile Controller- is used to copy CA certificates. When the
Campus nodes arbitration software is installed, the
arbitration port information is transmitted to
the active and standby commonservice nodes.
IP addresses of internal 123 UDP Default NTP listening port. This port is used
communication NICs on the first to ensure that the time of all Agent
and second Agile Controller- application nodes is the same.
Campus nodes
IP addresses of internal 2390,2392,2394,239 TCP Port used by the arbitration service of the DR
communication NICs on the first 6,2398,2400,2402,2 system. This port is used by the arbitration-
and second Agile Controller- 404,2406,2408 etcd process and the DRService connects to
Campus nodes this port to obtain the arbitration status.
IP addresses of internal 2391,2393,2395,239 TCP Port used by the arbitration service of the DR
communication NICs on the first 7,2399,2401,2403,2 system. This port is used by the arbitration-
and second Agile Controller- 405,2407,2409 etcd process for internal ETCD
Campus nodes communication as well as raft status and data
synchronization.
IP addresses of internal 8099 TCP Port used by the arbitration service of the DR
communication NICs on the first system. This port is used by the arbitration-
and second Agile Controller- monitor process for heartbeat detection
Campus nodes between arbitration-monitor processes of
active and standby clusters.
IP addresses of internal 9001 TCP Port used by the automatic switchover service
communication NICs on the first of the DR system. This port is the listening
and second Agile Controller- port of the DRService process used for
Campus nodes heartbeat detection of the DR system.
25/PBI1-23710112/PBI1-21431666/PBI1-