NFM-P port information
Default ports
The following table describes the listening ports on the various NFM-P applications.
Table 6-18: NFM-P port information
|
Default port |
Type |
Encryption |
Description |
|---|---|---|---|
|
NFM-P server and NFM-P auxiliary (statistics) | |||
|
N/A |
ICMP |
N/A |
ICMP Ping The active NFM-P server will periodically ping the NFM-P delegate server to ensure reachability. |
|
21 Ports from 1023 - 65536 |
TCP |
None See SCP and SFTP as secure alternatives. |
FTP (Passive) This port is used to enable ftp communication from a XML API client to either the NFM-P server or auxiliary. Ftp is used by the XML API client to retrieve logToFile statistics or findToFile results. (See FTP) |
|
22 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253. |
SSH/SCP/SFTP This port is used for remote access, rsync between NFM-P servers, rsync between the NFM-P databases, and scp/sftp to NFM-P XML API clients. |
|
69 |
UDP |
None See SFTP for a secure alternative. |
|
|
80 |
TCP |
None See port 443 for secure communications. |
HTTP This port redirects to port 443. |
|
162 |
UDP |
Static Encryption When SNMPv3 is configured. Cipher and strength is NE dependant. |
SNMP traps By default, this port on the NFM-P server receives SNMP traps from the network elements. This item is specified during the installation of the server and can be changed. (Not required by the NFM-P auxiliary) |
|
443 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTPS interface for the Web Applications through the Launchpad. |
|
758 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
nlogin Secure port used for connection to and from the 1830 SMS HSM server |
|
1095 |
TCP |
None |
Internal system communications protocol (JBoss messaging) These ports are used by commands on the NFM-P auxiliary station to adjust the NFM-P auxiliary behavior. (Example: adjusting log levels, shutting down the auxiliary server, etc) |
|
1097 |
TCP |
None |
Internal system communications protocol (JMS naming/messaging service) Used by the NFM-P client (GUI and XML API) and NFM-P server and NFM-P auxiliary applications to register for JMS notifications and messages. This is used to ensure that the client, server, and auxiliary are aware of system events (for example: database changes or alarm notifications, etc) |
|
1099 |
TCP |
None |
Internal system communications protocol (JBoss Naming Service -JNDI) This port is required to ensure the NFM-P GUI, XML API clients, auxiliaries and standby NFM-P server properly initialize with the active NFM-P server. When initially logging into the NFM-P server, NFM-P GUI and XML API clients use this port to find the various services that are available. This port is also used by the NFM-P GUI and XML API clients to register with the NFM-P server to receive notification of network changes. |
|
2181 |
TCP |
None See port 2281 for secure communications. |
Java ZooKeeper client connections |
|
2281 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
Java ZooKeeper client connections |
|
2390 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
nspdctl |
|
4447 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JBoss messaging port for JMS |
|
5007 |
TCP |
None |
Neo4j cluster control |
|
6007 |
TCP |
None |
Neo4j cluster data |
|
6362 |
TCP |
None |
Used by the Web Server This is a local port to the host. |
|
6363 |
TCP |
None |
Neo4j database backup port This is a local port to the host. |
|
6432 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
postgresql communications port |
|
6633 |
TCP |
None |
OpenFlow Used to exchange openflow protocol messages with 7x50 NEs. |
|
7473 |
TCP |
Dynamic Encryption (if TLS is configured) Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
Neo4j https web server |
|
7474 |
TCP |
None |
Neo4j web server This is a local port to the host. NFM-P server only |
|
7687 |
TCP |
None |
Neo4j bolt connector |
|
7879 |
TCP |
Dynamic Encryption (if TLS is configured) Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
RPC Layer Used for FM correlation engine to NFM-P server communications. Used for CPROTO communication with the NSP Flow Collector |
|
7889 |
TCP |
None |
telemetry monitor connection for kpi-engine This is a local port to the host.. |
|
8080 |
TCP |
None See port 8443 for secure communications |
HTTP This port provides an HTTP interface for XML API clients to access the NFM-P server. |
|
8085 |
TCP |
None See port 8444 for secure communications. |
HTTP This port provides an HTTP interface for NFM-P client. The NFM-P client uses this port to verify the existence of the server. |
|
8087 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS Servlet connector used for communication between tomcat and NFM-P server to handle requests with a normal processing time. |
|
8088 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS Webapp services such as correlation. |
|
8089 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS Servlet connector used for communication between tomcat and NFM-P server to handle requests with a long processing time. |
|
8097 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
REST port used for internal communication for DR features (DR alignment, dashboard) Shared-mode only |
|
8195 |
TCP |
None |
Tomcat shutdown port This is a local port to the host. |
|
8196 |
TCP |
None |
Tomcat (app1-tomcat) shutdown port This is a local port to the host. |
|
8197 |
TCP |
None |
Tomcat (app2-tomcat) shutdown port This is a local port to the host. |
|
8400 |
TCP |
None |
HTTP This port redirects to port 443. |
|
8443 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTPS (secure HTTP) interface for XML API clients that wish to use this protocol to access the NFM-P server |
|
8444 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTPS (secure HTTP) interface for the NFM-P client. This is a secure version of port 8085. Used only if the NFM-P client is connecting via TLS. |
|
8483 |
TCP |
None |
JBoss RMI port for WebServices This is a local port to the host. |
|
8543 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTPS (secure HTTP) interface for the Launchpad, Web Applications, and online help. |
|
8544 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTPS (secure HTTP) interface for Web Applications. |
|
8545 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTPS (secure HTTP) interface for RESTCONF. |
|
8617 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
auxdb-agent Communication port from nspdctl |
|
9000 |
TCP |
None |
gRPC server used by the ts-model-app in app1-tomcat. This is a local port to the host. |
|
9010 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
This port is used for file synchronization between redundant NFM-P servers |
|
9092 |
TCP |
None See port 9192 for secure communication. |
Kafka server |
|
9100 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS HTTPS port for providing access to the node-exporter metrics. |
|
9192 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
Kafka server |
|
9400 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port redirects to port 443. |
|
9443 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS HTTPS port for providing access to the HSM server through swagger web interface |
|
9990 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JBoss Management Console Used to access the JBoss management console for the main server process. |
|
9999 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JMX Used to access the JMX console for the main server process. |
|
10090 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JBoss Management Console Used to access the JBoss management console for the JMS server process. |
|
10099 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JMX Used to access the JMX console for the JMS server process. |
|
10190 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JBoss Management Console Used to access the JBoss management console for the auxiliary server process. |
|
10199 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JMX Used to access the JMX console for the auxiliary server process. |
|
10290 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPs HTTPs interface port between the NFM-P server process and HSM server process |
|
11800 |
TCP |
Static Encryption Encryption provided by AES Cipher Algorithm with 128 bit Cipher Strength. |
Internal system communications protocol (JBoss Clustering) This port is required to ensure that redundant NFM-P servers can monitor each other. |
|
12010 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
This port is used for Warm standby Cache Sync communication between redundant NFM-P servers This port is not used on the NFM-P auxiliary. |
|
12300 - 12307 |
TCP |
None |
These ports are used for detecting communication failures between NFM-P server clusters (primary / secondary / auxiliaries) |
|
12800 |
TCP |
Static Encryption Encryption provided by AES Cipher Algorithm with 128 bit Cipher Strength. |
Internal system communications protocol (JBoss clustering) During run-time operations, the NFM-P auxiliary uses this port to send and receive information to and from the NFM-P server. The number of required ports depends on the number of NFM-P auxiliary stations that are installed. Note that NFM-P can be configured to use a different port for this purpose. The procedure is available from Nokia personnel. |
|
47100 - 47199 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
Session-Manager ignite cache communication spi Only required on the NFM-P server when hosting the nspOS components. Communication to external hosts is not required. |
|
47500 - 47599 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
Session-Manager ignite cache discovery spi Only required on the NFM-P server when hosting the nspOS components. Communication to external hosts is not required. |
|
48500 - 48599 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
Session-Manager ignite cache communication spi Only required on the NFM-P server when hosting the nspOS components. Communication to external hosts is not required. |
|
48600 - 48699 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
Session-Manager ignite cache discovery spi Only required on the NFM-P server when hosting the nspOS components. Communication to external hosts is not required. |
|
NSP Flow Collector | |||
|
21 Ports from 1023 - 65536 |
TCP |
None See SCP and SFTP as secure alternatives |
FTP (Passive) This port is used to enable ftp communication between the NSP Flow Collector and the NFM-P server or dedicated ftp server for retrieving IPDR files. |
|
22 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253 |
SSH/SCP/SFTP This port is used to enable SSH (SFTP/SCP) communication between the NSP Flow Collector and the NFM-P server or dedicated ftp server for retrieving IPDR files. |
|
2205 |
UDP |
None |
CGNAT / IPFIX cflowd records from 7750 SR routers to NSP Flow Collector |
|
4739 |
UDP |
None |
cflowd records from 7750 SR routers to NSP Flow Collector |
|
7899 |
TCP |
None |
CPROTO |
|
8080 |
TCP |
None See port 8443 for secure communications. |
HTTP This port provides an HTTP Web User interface for the NSP Flow Collector |
|
8083 |
TCP |
None |
JBoss Socket for dynamic class and resource loading. |
|
8443 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTP Web User interface for the NSP Flow Collector This is a secure version of port 8080. |
|
9443 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTPS (secure HTTP) NSP Flow Collector management interface. This is a secure version of port 9990. Used only if the NSP Flow Collector is TLS secured. |
|
9990 |
TCP |
None See port 9443 for secure communications. |
HTTP This port provides an HTTP NSP Flow Collector management interface. This is a local port to the host. |
|
9999 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JMX Used to access the JMX console. This is a local port to the host. |
|
44444 |
TCP |
None |
RMI server port |
|
NSP Flow Collector Controller | |||
|
21 Ports from 1023 - 65536 |
TCP |
None See SCP and SFTP as secure alternatives |
FTP (Passive) This port is used to enable ftp communication between the NSP Flow Collector Controller and the NFM-P server or dedicated ftp server for retrieving IPDR files. |
|
22 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253 |
SSH/SCP/SFTP This port is used to enable SSH (SFTP/SCP) communication between the NSP Flow Collector Controller and the NFM-P server or dedicated ftp server for retrieving IPDR files. |
|
1090 |
TCP |
None |
JBoss RMI/JRMP socket for connecting to the JMX MBeanServer. Used for NFM-P server to NSP Flow Collector Controller communication. |
|
1098 |
TCP |
None |
JBoss Socket Naming service used to receive RMI request from client proxies. Used for NFM-P server to NSP Flow Collector Controller communication. |
|
1099 |
TCP |
None |
JBoss The listening socket for the Naming service. Used for Jboss communication between NFM-P and NSP Flow Collector Controller. |
|
4444 |
TCP |
None |
JBoss Socket for the legacy RMI/JRMP invoker. Used for Jboss communication between NFM-P to NSP Flow Collector Controller. |
|
4445 |
TCP |
None |
JBoss Socket for the legacy Pooled invoker. Used for Jboss communication between NFM-P to NSP Flow Collector Controller. |
|
4446 |
TCP |
None |
JBoss Socket for the JBoss Remoting Connected used by Unified Invoker. Used for Jboss communication between NFM-P to NSP Flow Collector Controller. |
|
4447 |
TCP |
None |
JBoss Socket for JBoss Remoting Connections. This is a local port to the host. |
|
4457 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JBoss Socket for JBoss Messaging 1.x |
|
7879 |
TCP |
None |
CPROTO |
|
8080 |
TCP |
None See port 8443 for secure communications. |
HTTP This port provides an HTTP Web User interface for the NSP Flow Collector Controller. |
|
8083 |
TCP |
None |
JBoss Socket for dynamic class and resource loading. |
|
8443 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTP Web User interface for the NSP Flow Collector Controller. This is a secure version of port 8080. |
|
9443 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTPS (secure HTTP) NSP Flow Collector Controller management interface. This is a secure version of port 9990. Used only if the NSP Flow Collector Controller is TLS secured. |
|
9990 |
TCP |
None See port 9443 for secure communications. |
HTTP This port provides an HTTP NSP Flow Collector Controller management interface. This is a local port to the host. |
|
22222 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253 |
SFTP SFTP connection from NSP Flow Collector. |
|
44444 |
TCP |
None |
RMI server port |
|
NSP analytics server | |||
|
8443 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides a secure HTTP Web User interface for the NSP analytics server. In deployments of NFM-P alone, it's used by the NFM-P server and web-based clients for HTTPS requests. In deployments that include both NFM-P and NSP, it's used by the NSP kubernetes VM and web-based clients. This is a secure version of port 8080. |
|
10990 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS Used to access the JMX console for the analytics process. |
|
NFM-P auxiliary database | |||
|
22 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253 |
SSH / SFTP Vertica Administration Tools. Inter-node and inter-cluster communication |
|
4803 |
TCP |
None |
Spread Client connections Inter-node communication only. |
|
4803 |
UDP |
None |
Spread Daemon to Daemon connections Inter-node communication only. |
|
4804 |
UDP |
None |
Spread Daemon to Daemon connections Inter-node communication only. |
|
5433 |
TCP |
Dynamic Encryption (if secure=true) Encryption provided by TLS. Strong ciphers are supported using various AES ciphers provided by TLS. |
JDBC Client communication port (NFM-P server, statistics auxiliary, Flow Collector, analytics server) |
|
5433 |
UDP |
None |
Vertica Vertica spread monitoring Inter-node communication only. |
|
5434 |
TCP |
None |
Vertica Intra and inter cluster communication Inter-node communication only. |
|
6543 |
TCP |
None |
Spread Monitor to Daemon connections Inter-node communication only. |
|
7299 |
TCP |
Dynamic Encryption (if secure=true) Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
RMI NFM-P auxiliary database proxy port. |
|
7300–7309 |
TCP |
None |
RMI NFM-P auxiliary database proxy ports. Not used if secure=true. |
|
50000 |
TCP |
None |
Rsync Inter-node and inter-cluster communication |
|
32768-60999 |
TCP |
None |
Vertica - Zygote Inter-node communication only |
|
32768-60999 |
UDP |
None |
Vertica - Spread Inter-node communication only |
|
Managed devices | |||
|
21 Ports from 1023 - 65536 |
TCP |
None |
FTP (Passive) This port is used to enable ftp communication between the NFM-P server and the managed routers. Ftp occurs to transfer information from the routers to the NFM-P server such as accounting statistics. See FTP for a more detailed description of ftp requirements. |
|
22 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253 |
SSH / SFTP This port used by clients to request a SSH session to a managed router. |
|
23 |
TCP |
None |
Telnet This port used by clients to request a telnet session to a managed router. |
|
80 |
TCP |
None |
HTTP This port is required for the NFM-P client to communicate with the network element Web GUIs. See Network element specific requirements for the network elements that require this port. |
|
161 |
UDP |
Static Encryption When SNMPv3 is configured. Cipher and strength is NE dependant. |
SNMP By default, NFM-P server sends SNMP messages, such as configuration requests and service deployments, to this port on the network elements. |
|
1491 |
TCP |
Static Encryption When SNMPv3 is configured. Cipher and strength is NE dependant. |
SNMP Streaming Used for TCP Streaming during NE discovery and resync. Only applicable to 7950 XRS, 7750 SR, 7450 ESS, 11.0R5+. |
|
5001 |
TCP |
None |
Proprietary Java socket connection This port is used by CPAM to communicate with the 7701 CPAA to obtain control plane information. |
|
5010 |
UDP |
None |
Trap Trap port used by 9500 MPR / Wavence SM devices to send traps to NFM-P clients running the NetO manager. |
|
11500 |
TCP |
None |
Equipment View Used while managing 9500 MPR / Wavence SM(MSS-1C, MPR-e, MSS-8) NEs using the Equipment View function as part of NetO |
|
N/A |
ICMP |
N/A |
ICMP Only used if the Ping Policy is enabled as part of network element mediation. |
|
NFM-P database | |||
|
22 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253 |
SSH This port is used by NFM-P for an optional rsync feature between NFM-P databases |
|
1523 |
TCP |
Static Encryption Encryption provided by RC4 Cipher Algorithm with 128 bit Cipher Strength. |
Oracle SQL*Net Listener This port is used by the NFM-P server to connect to and communicate with the NFM-P database. When there are redundant databases, this port is also used by Oracle DataGuard to keep the databases in sync. The data on this port is encrypted. |
|
9002 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
NFM-P database Proxy This port is used by the NFM-P server to monitor disk usage on a remote NFM-P database. When there are redundant databases, it is also allows the NFM-P server to initiate database switchovers and failovers. |
|
9003 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS |
Database file transfer Port This port is used by the NFM-P database stations in a redundant station configuration. This port allows database transfers between the primary and standby databases. For example: when the standby database is reinstantiated, or when the standby database is installed for the first time. |
|
NFM-P client and client delegate server | |||
|
20 |
TCP |
None |
FTP Active FTP port for 9500 MPR / Wavence SM software download from NEtO. |
|
21 Ports from 1023 - 65535 |
TCP |
None |
FTP 9500 MPR / Wavence SM software download from NEtO. |
|
22 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253 |
sFTP 9500 MPR / Wavence SM software download from NEtO |
|
162 |
UDP |
None |
Trap Trap port used by 9500 MPR / Wavence SM (MPR-e, MSS-8) devices to send traps to NFM-P clients running the NetO manager. |
|
5010 |
UDP |
None |
Trap Trap port used by 9500 MPR / Wavence SM devices to send traps to NFM-P clients running the NetO manager. |