Additional NSP component port information

Default ports

The following table describes the listening ports on the various additional NSP components.

Table 6-16: Port information

Default port

Type

Encryption

Description

NFM-P server and NFM-P statistics auxiliary

N/A

ICMP

N/A

ICMP Ping

The active NFM-P server will periodically ping the NFM-P delegate server to ensure reachability.

21

Ports from 1023 - 65536

TCP

None

See SCP and SFTP as secure alternatives.

FTP (Passive)

This port is used to enable ftp communication from a XML API client to either the NFM-P server or auxiliary. Ftp is used by the XML API client to retrieve logToFile statistics or findToFile results. (See FTP)

22

TCP

Dynamic Encryption

Cipher Suite and strength as per RFC 4253.

SSH/SCP/SFTP

This port is used for remote access, rsync between NFM-P servers, rsync between the NFM-P databases, and scp/sftp to NFM-P XML API clients.

69

UDP

None

See SFTP for a secure alternative.

80

TCP

None

See port 443 for secure communications.

HTTP

This port redirects to port 443.

162

UDP

Static Encryption

When SNMPv3 is configured. Cipher and strength is NE dependant.

SNMP traps

By default, this port on the NFM-P server receives SNMP traps from the network elements. This item is specified during the installation of the server and can be changed.

(Not required by the NFM-P auxiliary)

443

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

HTTPS

This port provides an HTTPS interface for the Web Applications through the Launchpad.

758

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

nlogin

Secure port used for connection to and from the 1830 SMS HSM server

1095

TCP

None

Internal system communications protocol (JBoss messaging)

These ports are used by commands on the NFM-P auxiliary station to adjust the NFM-P auxiliary behavior. (Example: adjusting log levels, shutting down the auxiliary server, etc)

1097

TCP

None

Internal system communications protocol (JMS naming/messaging service)

Used by the NFM-P client (GUI and XML API) and NFM-P server and NFM-P auxiliary applications to register for JMS notifications and messages. This is used to ensure that the client, server, and auxiliary are aware of system events (for example: database changes or alarm notifications, etc)

1099

TCP

None

Internal system communications protocol (JBoss Naming Service -JNDI)

This port is required to ensure the NFM-P GUI, XML API clients, auxiliaries and standby NFM-P server properly initialize with the active NFM-P server.

When initially logging into the NFM-P server, NFM-P GUI and XML API clients use this port to find the various services that are available. This port is also used by the NFM-P GUI and XML API clients to register with the NFM-P server to receive notification of network changes.

4447

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

JBoss messaging port for JMS

6633

TCP

None

OpenFlow

Used to exchange openflow protocol messages with 7x50 NEs.

7879

TCP

Dynamic Encryption (if TLS is configured)

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

RPC Layer

Used for FM correlation engine to NFM-P server communications.

Used for CPROTO communication with the NSP

8080

TCP

None

See port 8443 for secure communications

HTTP

This port provides an HTTP interface for XML API clients to access the NFM-P server.

8085

TCP

None

See port 8444 for secure communications.

HTTP

This port provides an HTTP interface for NFM-P client. The NFM-P client uses this port to verify the existence of the server.

8087

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

HTTPS

Servlet connector used for communication between tomcat and NFM-P server to handle requests with a normal processing time.

8089

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

HTTPS

Servlet connector used for communication between tomcat and NFM-P server to handle requests with a long processing time.

8097

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

REST port used for internal communication for DR features (DR alignment, dashboard)

8400

TCP

None

HTTP

This port redirects to port 443.

8443

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

HTTPS

This port provides an HTTPS (secure HTTP) interface for XML API clients that wish to use this protocol to access the NFM-P server

8444

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

HTTPS

This port provides an HTTPS (secure HTTP) interface for the NFM-P client. This is a secure version of port 8085. Used only if the NFM-P client is connecting via TLS.

8483

TCP

None

JBoss RMI port for WebServices

This is a local port to the host.

8543

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

HTTPS

This port provides an HTTPS (secure HTTP) interface for the Launchpad, Web Applications, and online help.

9010

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

This port is used for file synchronization between redundant NFM-P servers

9100

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

HTTPS

HTTPS port for providing access to the node-exporter metrics.

9443

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

HTTPS

HTTPS port for providing access to the HSM server through swagger web interface

9990

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

JBoss Management Console

Used to access the JBoss management console for the main server process.

9999

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

JMX

Used to access the JMX console for the main server process.

10090

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

JBoss Management Console

Used to access the JBoss management console for the JMS server process.

10099

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

JMX

Used to access the JMX console for the JMS server process.

10190

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

JBoss Management Console

Used to access the JBoss management console for the auxiliary server process.

10199

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

JMX

Used to access the JMX console for the auxiliary server process.

10290

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

HTTPs

HTTPs interface port between the NFM-P server process and HSM server process

11800

TCP

Static Encryption

Encryption provided by AES Cipher Algorithm with 128 bit Cipher Strength.

Internal system communications protocol (JBoss Clustering)

This port is required to ensure that redundant NFM-P servers can monitor each other.

12010

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

This port is used for Warm standby Cache Sync communication between redundant NFM-P servers

This port is not used on the NFM-P auxiliary.

12300 - 12307

TCP

None

These ports are used for detecting communication failures between NFM-P server clusters (primary / secondary / auxiliaries)

12800

TCP

Static Encryption

Encryption provided by AES Cipher Algorithm with 128 bit Cipher Strength.

Internal system communications protocol (JBoss clustering)

During run-time operations, the NFM-P auxiliary uses this port to send and receive information to and from the NFM-P server.

The number of required ports depends on the number of NFM-P auxiliary stations that are installed.

Note that NFM-P can be configured to use a different port for this purpose. The procedure is available from Nokia personnel.

NSP auxiliary database

22

TCP

Dynamic Encryption

Cipher Suite and strength as per RFC 4253

SSH / SFTP

Vertica Administration Tools.

Inter-node and inter-cluster communication

4803

TCP

None

Spread

Client connections

Inter-node communication only.

4803

UDP

None

Spread

Daemon to Daemon connections

Inter-node communication only.

4804

UDP

None

Spread

Daemon to Daemon connections

Inter-node communication only.

5433

TCP

Dynamic Encryption (if secure=true)

Encryption provided by TLS. Strong ciphers are supported using various AES ciphers provided by TLS.

JDBC

Client communication port (NFM-P server, statistics auxiliary, NSP Cluster)

5433

UDP

None

Vertica

Vertica spread monitoring

Inter-node communication only.

5434

TCP

None

Vertica

Intra and inter cluster communication

Inter-node communication only.

6543

TCP

None

Spread

Monitor to Daemon connections

Inter-node communication only.

7299

TCP

Dynamic Encryption (if secure=true)

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

RMI

NSP auxiliary database proxy port.

7300–7309

TCP

None

RMI

NSP auxiliary database proxy ports. Not used if secure=true.

50000

TCP

None

Rsync

Inter-node and inter-cluster communication

32768-60999

TCP

None

Vertica - Zygote

Inter-node communication only

32768-60999

UDP

None

Vertica - Spread

Inter-node communication only

Managed devices

21

Ports from 1023 - 65536

TCP

None

FTP (Passive)

This port is used to enable ftp communication between the NFM-P server and the managed routers. Ftp occurs to transfer information from the routers to the NFM-P server such as accounting statistics. See FTP for a more detailed description of ftp requirements.

22

TCP

Dynamic Encryption

Cipher Suite and strength as per RFC 4253

SSH / SFTP

This port used by clients to request a SSH session to a managed router.

23

TCP

None

Telnet

This port used by clients to request a telnet session to a managed router.

80

TCP

None

HTTP

This port is required for the NFM-P client to communicate with the network element Web GUIs. See Network element specific requirements for the network elements that require this port.

161

UDP

Static Encryption

When SNMPv3 is configured. Cipher and strength is NE dependant.

SNMP

By default, NFM-P server sends SNMP messages, such as configuration requests and service deployments, to this port on the network elements.

1491

TCP

Static Encryption

When SNMPv3 is configured. Cipher and strength is NE dependant.

SNMP Streaming

Used for TCP Streaming during NE discovery and resync. Only applicable to 7950 XRS, 7750 SR, 7450 ESS, 11.0R5+.

5001

TCP

None

Proprietary Java socket connection

This port is used by CPAM to communicate with the 7701 CPAA to obtain control plane information.

5010

UDP

None

Trap

Trap port used by 9500 MPR / Wavence SM devices to send traps to NFM-P clients running the NetO manager.

11500

TCP

None

Equipment View

Used while managing 9500 MPR / Wavence SM(MSS-1C, MPR-e, MSS-8) NEs using the Equipment View function as part of NetO

N/A

ICMP

N/A

ICMP

Only used if the Ping Policy is enabled as part of network element mediation.

NFM-P database

22

TCP

Dynamic Encryption

Cipher Suite and strength as per RFC 4253

SSH

This port is used by NFM-P for an optional rsync feature between NFM-P databases

1523

TCP

Static Encryption

Encryption provided by RC4 Cipher Algorithm with 128 bit Cipher Strength.

Oracle SQL*Net Listener

This port is used by the NFM-P server to connect to and communicate with the NFM-P database. When there are redundant databases, this port is also used by Oracle DataGuard to keep the databases in sync. The data on this port is encrypted.

9002

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS.

NFM-P database Proxy

This port is used by the NFM-P server to monitor disk usage on a remote NFM-P database. When there are redundant databases, it is also allows the NFM-P server to initiate database switchovers and failovers.

9003

TCP

Dynamic Encryption

Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS

Database file transfer Port

This port is used by the NFM-P database stations in a redundant station configuration. This port allows database transfers between the primary and standby databases. For example: when the standby database is reinstantiated, or when the standby database is installed for the first time.

NFM-P client and client delegate server

20

TCP

None

FTP

Active FTP port for 9500 MPR / Wavence SM software download from NEtO.

21

Ports from 1023 - 65535

TCP

None

FTP

9500 MPR / Wavence SM software download from NEtO.

22

TCP

Dynamic Encryption

Cipher Suite and strength as per RFC 4253

sFTP

9500 MPR / Wavence SM software download from NEtO

162

UDP

None

Trap

Trap port used by 9500 MPR / Wavence SM (MPR-e, MSS-8) devices to send traps to NFM-P clients running the NetO manager.

5010

UDP

None

Trap

Trap port used by 9500 MPR / Wavence SM devices to send traps to NFM-P clients running the NetO manager.