Arcfra logoDocs
Search Docs...
⌘ K
OverviewDeploymentManagementOperationReference
    ACOS 6.1.1
  • Deploying an Arcfra Cloud Operating System cluster>
  • Using Arcfra Virtualization Engine>
  • Requirements>
  • Network requirements>
  • Firewall port requirements

Ports used by internal services of ACOS

By default, the local firewall is not enabled for ACOS. To ensure the proper functioning of ACOS internal services and features, you must open the following TCP or UDP ports in the firewall for the network connections between the hosts in the cluster.

Fixed ports

The following table lists the services running on ACOS and the open ports on the cluster nodes. To prevent conflicts, it is essential to ensure that these ports are not being used by other services.

Service nameNetwork usedPorts used
zbs-metadStorage network10100-10104
zbs-chunkdStorage network10200-10208, 11201 (used when RDMA is enabled), 20048, 3261, ​2049 (fixed port used by NFS), 111 (fixed port used by NFS)
zbs-taskdManagement network, Storage network10600, 10601
zbs-iscsi-redirectordStorage network, Access network3260
zbs-auroradStorage networkNone
zbs-aurora-monitordStorage networkNone
zbs-inspectorStorage network10700, 10701
timemachineManagement network, Storage network9912
zbs-watchdogdManagement network10300
job-center-workerStorage networkNone
job-center-schedulerStorage networkNone
elf-vm-monitorStorage network10416
elf-vm-schedulerStorage network10443
master-monitorNone
elf-dhcpStorage network6767
elf-exporterManagement network, Storage network10405
vmtools-agentManagement network, Storage network10809
zbs-rest-serverManagement network, Storage network10402
zbs-deploy-serverManagement network10403
log-collectorManagement network, Storage network10406
cluster-upgraderManagement network, Storage network10408, 8090 (used only during upgrades)
ntpmManagement network, Storage network10414
tuna-exporterManagement network, Storage network10404
disk-healthdManagement network, Storage network10415, 10480 (UDP ports, storage network only)
turbot-serverManagement network, Storage network10409
network-monitorManagement network10410
octopusManagement network, Storage network9900
oscarManagement network, Storage network9800, 20401
sirenManagement network, Storage network9903, 20701
aquariumManagement network, Storage network9910
harborManagement network, Storage network9980, 20801-20803
crabManagement network, Storage network9999
dolphinManagement network, Storage network9909
amphiManagement network, Storage network9904, 9943, 10800-10899
sealManagement network, Storage network9923, 9924, 20900
fluent-bitStorage network5170, 20501
snmpdManagement network, Storage network161
svcresctldManagement network, Storage network10413
envoy-xdsManagement network, Storage network24680
consulManagement network, Storage network8301, 8510
consul-serverStorage network8300, 8311, 8510
mongodStorage network27017
nginxManagement network80, 443
chronydManagement network, Storage network123 (UDP port)
zookeeperStorage network2181, 2888, 3888
envoyManagement network, Storage network9943, 10001, 10900, ​10901, 10902
libvirtd16509
prometheusStorage network9090
containerdManagement network10000
everoute-agentManagement network30002
sshdManagement network, storage network22
vmagentManagement network, storage network8429
vmagent-prod (observability)Management network, storage network8430 (only used when associated with an observability service)
vector (observability)Management network, storage network8686 (only used when associated with an observability service)
node-exporterManagement network, storage network9100

Random ports

In actual scenarios, NFS services and local clients may also use some random ports. Details are as follows:

  • In addition to using the two fixed ports 2049 and 111, the NFS service also starts other processes (such as status, nlockmgr, etc.), whose ports are randomly assigned by the RPC service. The ports used each time the NFS service starts are different.

    If you need to view all the ports currently used by NFS, or check which process corresponds to an unknown port, you can use the following methods:

    • View the random ports currently used by NFS: Execute the rpcinfo -p command on the host to view.
    • View the service process corresponding to a certain port: Execute the netstat -nlp command on the host to view.

  • The local client may also enable some random ports to interface with cluster services. If such unknown local ports are scanned, you can execute the netstat -nlp command on the host to view the source port or destination port corresponding to that port, and determine the cluster service corresponding to the local port based on the fixed ports used by ACOS services.