BlueCat Edge ports - BlueCat Edge - Service Point v4.x.x

BlueCat Edge Deployment Guide
ft:locale
en-US
Product name
BlueCat Edge
Version
Service Point v4.x.x
Service Point port requirements:
Source IP Destination IP Source Port Destination Port Protocol Description
<Client IP> <Service Point IP> Ephemeral 22 TCP Required for SSH access.
<Service Point IP> <Namespace forwarder IP> Ephemeral 53 UDP + TCP Outbound DNS queries
<Client IP> <Service Point> Ephemeral 53 UDP + TCP Inbound DNS queries
<Service Point IP> <NTP Server IP> Ephemeral 123 UDP NTP synchronization. By default this will reach out to the following Debian NTP servers unless configured on the service point:
  • 0.debian.pool.ntp.org
  • 1.debian.pool.ntp.org
  • 2.debian.pool.ntp.org
  • 3.debian.pool.ntp.org
<Client IP> <Service Point IP> Ephemeral 179 TCP BGP Anycast service
<Service Point IP> <Cloud Instance IP> Ephemeral 443 TCP
  • Communication channel between the service point and BlueCat Edge Cloud.

    The service point will periodically reach out to the BlueCat Edge Cloud using a mutually authenticated HTTPS connection to check for configuration updates and system upgrades.

  • Sending query logs up to kinesis for delivery to the BlueCat Edge Cloud.
  • Retrieving system updates from Amazon ECR.
<Monitoring System IP> <Service Point IP> Ephemeral 2021 TCP Diagnostics endpoint
<Monitoring System IP> <Service Point IP> Ephemeral 8082 TCP Health check of BSLD service at /api/v1/health
<Monitoring System IP> <Service Point IP> Ephemeral 8083 TCP Service Point telemetry APIs
<Monitoring System IP> <Service Point IP> Ephemeral 9222 TCP Telegraf service
<Monitoring System IP> <Service Point IP>     ICMP Pings
Additionally, the Service Point uses the following ports for internal communication between microservices.
Attention: These ports are not exposed to connections outside of the Service Point.
Port IP Address Description
2020 localhost Fluent Bit health monitoring
24224 localhost Fluent Bit Forward input plugin
4646 169.254.1.1 (link local) HTTPS API of Nomad microservice
4647 localhost RPC, Serf WAN
4648 localhost RPC, Serf WAN
8300 localhost Server RPC, Serf LAN, Serf WAN
8301 localhost Server RPC, Serf LAN, Serf WAN
8302 localhost Server RPC, Serf LAN, Serf WAN
8501 169.254.1.1 (link local) Internal Consul API port
8502 169.254.1.1 (link local) Internal Consul API port
8503 169.254.1.1 (link local) Internal Consul API port
8600 169.254.1.1 (link local) DNS interface of Consul microservice
8700 169.254.1.1, localhost Egress-gateway listening on link-local
8701 169.254.1.1, localhost Egress-gateway listening on link-local