Distributed HA system Firewall
Connectivity within a fully distributed HA architecture:
Source | Destination | Ports | Bi-directional |
|---|---|---|---|
UI 1, UI 2 | Core 1, Core 2 | 3309, 5672, 9200 | - |
UI 1, UI 2 | RedServ | 5672, 9200 | - |
UI 1, UI 2 | DB 1, DB 2, DB 3 | 3306, 3309, 9198 | - |
Core 1 | Core 2 | 5701, 9300, 4369, 5672, 3309 | Yes |
Core 1, Core 2 | RedServ | 9300, 4369, 5672 | Yes |
Core 1 | Core 2, RedServ | 25672 | |
Core 1 | Core 1, RedServ | 25672 | |
RedServ | Core 1, Core 2 | 25672 | |
Core 1, Core 2 | DB 1, DB 2, DB 3 | 3306, 9198 | - |
LAM 1, LAM 2 | Core 1, Core 2, RedServ | 5672 | - |
LAM 1, LAM 2 | DB 1, DB 2, DB 3 | 3306, 9198 | - |
DB 1 | DB 2, DB 3 | 3306, 4567, 4444, 4568 | Yes |
If any of the default ports are changed then substitute it in the tables above. The ports are responsible for the following:
9200 | Used for inbound Opensearch REST API |
9300 | Used for Opensearch nodes communication within a cluster |
5672 | Access to mooms bus (RabbitMQ) |
15672 | Access to mooms (RabbitMQ) console |
4369 | Required for mooms (RabbitMQ) cluster |
5701 | Required for Hazelcast cluster |
8091 | Access the Hazelcast cluster info via Hazelcast's |
3309 | Used for initializing UI servers |
3306 | Regular MySQL port |
4567 | For group communication in Percona XtraDB Cluster |
4444 | For State Snapshot Transfer in Percona XtraDB Cluster |
4568 | For Incremental State Transfer in Percona XtraDB Cluster |
9198 | Allows HAProxy to check the node's Percona XtraDB Cluster status via http |
25672 | Used for inter-node and CLI tools communication |
35672 - 35682 | Used by CLI tools (Erlang distribution client ports) for communication with nodes and is allocated from a dynamic range (computed as server distribution port + 10000 through server distribution port + 10010) |
See Fully Distributed HA Installation for the full installation steps for a fully distributed system running with HA.