Skip to main content

Distributed HA system Firewall

Connectivity within a fully distributed HA architecture:

Source

Destination

Ports

Bi-directional

UI 1,

UI 2

Core 1,

Core 2

3309, 5672, 9200

-

UI 1,

UI 2

RedServ

5672, 9200

-

UI 1,

UI 2

DB 1,

DB 2,

DB 3

3306, 3309, 9198

-

Core 1

Core 2

5701, 9300, 4369, 5672, 3309

Yes

Core 1,

Core 2

RedServ

9300, 4369, 5672

Yes

Core 1

Core 2,

RedServ

25672

Core 1

Core 1,

RedServ

25672

RedServ

Core 1,

Core 2

25672

Core 1,

Core 2

DB 1,

DB 2,

DB 3

3306, 9198

-

LAM 1,

LAM 2

Core 1,

Core 2,

RedServ

5672

-

LAM 1,

LAM 2

DB 1,

DB 2,

DB 3

3306, 9198

-

DB 1

DB 2,

DB 3

3306, 4567, 4444, 4568

Yes

If any of the default ports are changed then substitute it in the tables above. The ports are responsible for the following:

9200

Used for inbound Opensearch REST API

9300

Used for Opensearch nodes communication within a cluster

5672

Access to mooms bus (RabbitMQ)

15672

Access to mooms (RabbitMQ) console

4369

Required for mooms (RabbitMQ) cluster

5701

Required for Hazelcast cluster

8091

Access the Hazelcast cluster info via Hazelcast's

3309

Used for initializing UI servers

3306

Regular MySQL port

4567

For group communication in Percona XtraDB Cluster

4444

For State Snapshot Transfer in Percona XtraDB Cluster

4568

For Incremental State Transfer in Percona XtraDB Cluster

9198

Allows HAProxy to check the node's Percona XtraDB Cluster status via http

25672

Used for inter-node and CLI tools communication

35672 - 35682

Used by CLI tools (Erlang distribution client ports) for communication with nodes and is allocated from a dynamic range (computed as server distribution port + 10000 through server distribution port + 10010)

See Fully Distributed HA Installation for the full installation steps for a fully distributed system running with HA.