Distributed HA system Firewall
Connectivity within a fully distributed HA architecture:
Source |
Destination |
Ports |
Bi-directional |
---|---|---|---|
UI 1, UI 2 |
Core 1, Core 2 |
3309, 5672, 9200 |
- |
UI 1, UI 2 |
RedServ |
5672, 9200 |
- |
UI 1, UI 2 |
DB 1, DB 2, DB 3 |
3306, 3309, 9198 |
- |
Core 1 |
Core 2 |
5701, 9300, 4369, 5672 |
Yes |
Core 1, Core 2 |
RedServ |
9300, 4369, 5672 |
Yes |
Core 1 |
Core 2, RedServ |
25672 |
|
Core 1 |
Core 1, RedServ |
25672 |
|
RedServ |
Core 1, Core 2 |
25672 |
|
Core 1, Core 2 |
DB 1, DB 2, DB 3 |
3306, 9198 |
- |
LAM 1, LAM 2 |
Core 1, Core 2, RedServ |
5672 |
- |
LAM 1, LAM 2 |
DB 1, DB 2, DB 3 |
3306, 9198 |
- |
DB 1 |
DB 2, DB 3 |
3306, 4567, 4444, 5468 |
Yes |
If any of the default ports are changed then substitute it in the tables above. The ports are responsible for the following:
9200 |
Used for inbound Elastic Search REST API |
9300 |
Used for Elastic nodes communication within a cluster |
5672 |
Access to mooms bus (RabbitMQ) |
15672 |
Access to mooms (RabbitMQ) console |
4369 |
Required for mooms (RabbitMQ) cluster |
5701 |
Required for Hazelcast cluster |
8091 |
Access the Hazelcast cluster info via Hazelcast's |
3309 |
Used for initializing UI servers |
3306 |
Regular MySQL port |
4567 |
For group communication in Percona XtraDB Cluster |
4444 |
For State Snapshot Transfer in Percona XtraDB Cluster |
4568 |
For Incremental State Transfer in Percona XtraDB Cluster |
9198 |
Allows HAProxy to check the node's Percona XtraDB Cluster status via http |
25672 |
Used for inter-node and CLI tools communication |
See Distributed HA Installation for the full installation steps for a fully distributed system running with HA.