HP Distributed Cloud Networking manual Tcp

Page 40

•Secure Unused TCP/UDP Ports

After installing and configuring the HP VSC, the user should take all steps necessary to ensure the network security of the HP VSC system through the use of ACLs and/or firewalls and by disabling any unneeded network services on the node.

Table 6 lists the required and optional UDP/TCP ports for particular services for inbound connections to the HP VSC.

Table 7 lists required and optional UDP/TCP ports for particular services for outbound connections from the HP VSC.

Optional ports are only required if the network service is in use on the HP VSC.

Table 6: HP VSC UDP/TCP Inbound/Opened Ports

Port	UDP/TCP	Required/	Protocol Notes
		Optional


21/22	TCP	Optional	FTP

22	TCP	Optional	SSH

23	TCP	Optional	Telnet

123	UDP	Required	NTP

161/162	UDP	Optional	SNMP ‐ required for SNMP management

179	TCP	Required	BGP ‐ required for federated HP VSCs

6633	TCP	Required	OpenFlow

49152 ‐	UDP	Optional	RADIUS for console user authentication
65535			dynamically reserves ports in this range
			upon initialization of the HP VSC for out‐
			going connections and the resulting
			response. The ports used in this range
			can be viewed with “show system con‐
			nections”.
			If RADIUS not used, no incoming packets
			will be forwarded or processed.

	Table 7: HP VSC UDP/TCP Outbound/Remote Ports

Port	UDP/TCP	Required/	Protocol Notes
		Optional


21/22	TCP	Optional	FTP

22	TCP	Optional	SSH

23	TCP	Optional	Telnet

49	TCP	Optional	TACACS+

53	UDP/TCP	Required	DNS

40 HP VSC Software Installation

Image 40

Contents HP Distributed Cloud Networking 3.0.R2 Installation Guide Warranty Table of Contents HP VRS and VRS-G Software Installation Documentation feedback Appendix Emulated Ethernet NIC Notes About This Guide AudienceHP DCN Overview and Infrastructure HP DCN OverviewHP Virtualized Services Directory HP DCN Installation Overview HP DCN Infrastructure Requirements and RecommendationsInstallation Setup HP DCN Software Installation HP VSD Installation OverviewInstallation Types HP VSD Hardware and Software RequirementsInstallation Methods Reinstalling HP VSDSet Up Appliance VMs HP VSD Installation Using QCow2 ImageTo change the root password, on each node, run Connect to Appliance VMs Verify the appliance VMs are runningConfigure DNS Server Configure NetworkingPing the gateway in this example, 192.168.100.1. ping Set up forward DNS records as follows Verify the DNS reverse named file records as followsConfigure NTP Server Install HP VSD using qcow2Set Up VM for ISO HP VSD Installation Using ISO Disc ImageInstall VSD on Node Install HP VSD Using ISO Configure Networking, DNS, and NTPExtract and Mount ISO Image Import Certificates on the Servers XmppIf you are using an Ldap store, see Using an Ldap Store Example of Load Balancer ConfigurationLdap Store HP VSC Installation Notes HP VSC Software InstallationHP VSC Software Installation Procedure on KVM For single disk deployment use Copy HP VSC disks for libvirt accessFor legacy two disk deployment use Emulated Disks Notes HP VSC Software Installation Procedure on VMware Emulated Ethernet NIC NotesInstalling HP VSC on Esxi Using OVA HP VSC Software Installation Procedure on VMware HP VSC Software Installation HP VSC Software Installation Procedure on VMware Update HP VSC configuration and reboot HP VSCHP VSC Basic Configuration HP VSC Boot Options File ConfigurationSistency file .ndx which will preserve system Dns‐domain dns‐name no dns‐domain To enable index persistence, the command is To check connectivityHP VSC System and Protocol Configuration System-level HP VSC ConfigurationNTP Servers and Time Zone In-band and Loopback IP Interfaces HP VSC Software Installation Post-install Security Tasks TCP Tftp VRS and VRS-G Installation Overview HP VRS and VRS-G Software InstallationPreparing the Hypervisor Installing the VRS or VRS-G Software Install dependencies for RhelVRS on Rhel This section containsInstall the VRS package for Rhel If you have modified /etc/default/openvswitch, restartReboot Install dependenciesInstall the following packages using dpkg VRS on Ubuntu 12.04 LTS with Ubuntu 12.04 Cloud PackagesInstalling the VRS Kernel Module for Mpls over GRE Restart the VRS serviceVRS-G on Rhel or Ubuntu This section contains the following subsectionsInstalling VRS Kernel Module On Rhel Install dependencies for DkmsReboot to pick up correct kernel To verify which kernel is currently runningConfiguring and Running VRS or VRS-G Installing VRS Kernel Module On UbuntuTo customize, use scripts that you run after bootup Verify that the VRS processes restart correctlyCreating the dVSwitch VMware VRS VM DeploymentIntroduction PrerequisitesVerifying the Creation of the dVSwitch VSphere vSwitch ConfigurationsVSwitch0 VSwitch1Information Needed Deployment of dVRSVerifying Deployment Deployment of dVRS Additional VerificationVRS Installation on Citrix XenServer Clean Install on XenServerRemove stock openvswitch Install in the following orderEnsue, with the following error Introduction BlockReboot XenServer InstallationVerification Ensure that the xenmon to OVS socket is up Upgrade Existing dVRS Installation on XenServerGives hpManagedNetworks Uuid = HPNetUUID Ensure that all packages are installed Verify HPManagedNetwork is createdRoot 15072 0.0 0.0 4032 772 hvc0 + 1545 Running and Configuring VRS Specifying the Active and Standby HP VSCsActive Contoller Standby ControllerVRS Installation on Citrix XenServer How to contact HP Software technical support and software updatesSupport and Other Resources Gather information before contacting an authorized supportRelated information Related information Support and Other Resources Documentation feedback Modify the eth0 configuration Appendix Emulated Ethernet NIC NotesEdit or create the br0 configuration