OSDir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Host KVM Installation - tcp ports



http://docs.cloudstack.apache.org/projects/cloudstack-installation/en/4.11/hypervisor/kvm.html
Identifies a number of ports that must be opened.

It specifies a number of Dynamic/Private ports: 49152 - 49216 (libvirt live migration)

The Cloudstack doc does not recommend reserving these ports.
They could be assigned by the OS for other tasks.
I am not sure if anyone has run into random errors in this area but I think that it would be a good idea to use sysctl to reserve these ports and remove them from the dynamic ports available to the OS or other random programs that use dynamically assigned ports.

Add the following to /etc/sysctl to have these ports removed from the OS list of available dynamic ports.

|sysctl -w net.ipv4.ip_local_reserved_ports = 49152-49216|

https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt

For some reason the libvrt guys have not registered their ports (16509, 16514) so we could all be in for a surprise when that port gets assigned to another program. We can only hope that the program is not one that is needed by Cloudstack.

https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

If anyone is contact with the authors of libvrt, it would be a good idea to suggest to them that they reserve the ports that they need. I think that it is safe to assume that libvrt will be around for a while and having these ports reserved makes sense.

I am not sure why Cloudstack requires port 1798. It is reserved for EventTransfer Protocol (etp).
Is this the service that Cloudstack uses or another case of a hijacked port?

Ron