Additional NSP component port information
Default ports
The following table describes the listening ports on the various additional NSP components.
Table 6-16: Port information
Default port |
Type |
Encryption |
Description |
---|---|---|---|
NFM-P server and NFM-P statistics auxiliary | |||
N/A |
ICMP |
N/A |
ICMP Ping The active NFM-P server will periodically ping the NFM-P delegate server to ensure reachability. |
21 Ports from 1023 - 65536 |
TCP |
None See SCP and SFTP as secure alternatives. |
FTP (Passive) This port is used to enable ftp communication from a XML API client to either the NFM-P server or auxiliary. Ftp is used by the XML API client to retrieve logToFile statistics or findToFile results. (See FTP) |
22 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253. |
SSH/SCP/SFTP This port is used for remote access, rsync between NFM-P servers, rsync between the NFM-P databases, and scp/sftp to NFM-P XML API clients. |
69 |
UDP |
None See SFTP for a secure alternative. |
|
80 |
TCP |
None See port 443 for secure communications. |
HTTP This port redirects to port 443. |
162 |
UDP |
Static Encryption When SNMPv3 is configured. Cipher and strength is NE dependant. |
SNMP traps By default, this port on the NFM-P server receives SNMP traps from the network elements. This item is specified during the installation of the server and can be changed. (Not required by the NFM-P auxiliary) |
443 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTPS interface for the Web Applications through the Launchpad. |
758 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
nlogin Secure port used for connection to and from the 1830 SMS HSM server |
1095 |
TCP |
None |
Internal system communications protocol (JBoss messaging) These ports are used by commands on the NFM-P auxiliary station to adjust the NFM-P auxiliary behavior. (Example: adjusting log levels, shutting down the auxiliary server, etc) |
1097 |
TCP |
None |
Internal system communications protocol (JMS naming/messaging service) Used by the NFM-P client (GUI and XML API) and NFM-P server and NFM-P auxiliary applications to register for JMS notifications and messages. This is used to ensure that the client, server, and auxiliary are aware of system events (for example: database changes or alarm notifications, etc) |
1099 |
TCP |
None |
Internal system communications protocol (JBoss Naming Service -JNDI) This port is required to ensure the NFM-P GUI, XML API clients, auxiliaries and standby NFM-P server properly initialize with the active NFM-P server. When initially logging into the NFM-P server, NFM-P GUI and XML API clients use this port to find the various services that are available. This port is also used by the NFM-P GUI and XML API clients to register with the NFM-P server to receive notification of network changes. |
4447 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JBoss messaging port for JMS |
6633 |
TCP |
None |
OpenFlow Used to exchange openflow protocol messages with 7x50 NEs. |
7879 |
TCP |
Dynamic Encryption (if TLS is configured) Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
RPC Layer Used for FM correlation engine to NFM-P server communications. Used for CPROTO communication with the NSP |
8080 |
TCP |
None See port 8443 for secure communications |
HTTP This port provides an HTTP interface for XML API clients to access the NFM-P server. |
8085 |
TCP |
None See port 8444 for secure communications. |
HTTP This port provides an HTTP interface for NFM-P client. The NFM-P client uses this port to verify the existence of the server. |
8087 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS Servlet connector used for communication between tomcat and NFM-P server to handle requests with a normal processing time. |
8089 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS Servlet connector used for communication between tomcat and NFM-P server to handle requests with a long processing time. |
8097 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
REST port used for internal communication for DR features (DR alignment, dashboard) |
8400 |
TCP |
None |
HTTP This port redirects to port 443. |
8443 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTPS (secure HTTP) interface for XML API clients that wish to use this protocol to access the NFM-P server |
8444 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTPS (secure HTTP) interface for the NFM-P client. This is a secure version of port 8085. Used only if the NFM-P client is connecting via TLS. |
8483 |
TCP |
None |
JBoss RMI port for WebServices This is a local port to the host. |
8543 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS This port provides an HTTPS (secure HTTP) interface for the Launchpad, Web Applications, and online help. |
9010 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
This port is used for file synchronization between redundant NFM-P servers |
9100 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS HTTPS port for providing access to the node-exporter metrics. |
9443 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPS HTTPS port for providing access to the HSM server through swagger web interface |
9990 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JBoss Management Console Used to access the JBoss management console for the main server process. |
9999 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JMX Used to access the JMX console for the main server process. |
10090 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JBoss Management Console Used to access the JBoss management console for the JMS server process. |
10099 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JMX Used to access the JMX console for the JMS server process. |
10190 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JBoss Management Console Used to access the JBoss management console for the auxiliary server process. |
10199 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
JMX Used to access the JMX console for the auxiliary server process. |
10290 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
HTTPs HTTPs interface port between the NFM-P server process and HSM server process |
11800 |
TCP |
Static Encryption Encryption provided by AES Cipher Algorithm with 128 bit Cipher Strength. |
Internal system communications protocol (JBoss Clustering) This port is required to ensure that redundant NFM-P servers can monitor each other. |
12010 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
This port is used for Warm standby Cache Sync communication between redundant NFM-P servers This port is not used on the NFM-P auxiliary. |
12300 - 12307 |
TCP |
None |
These ports are used for detecting communication failures between NFM-P server clusters (primary / secondary / auxiliaries) |
12800 |
TCP |
Static Encryption Encryption provided by AES Cipher Algorithm with 128 bit Cipher Strength. |
Internal system communications protocol (JBoss clustering) During run-time operations, the NFM-P auxiliary uses this port to send and receive information to and from the NFM-P server. The number of required ports depends on the number of NFM-P auxiliary stations that are installed. Note that NFM-P can be configured to use a different port for this purpose. The procedure is available from Nokia personnel. |
NSP auxiliary database | |||
22 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253 |
SSH / SFTP Vertica Administration Tools. Inter-node and inter-cluster communication |
4803 |
TCP |
None |
Spread Client connections Inter-node communication only. |
4803 |
UDP |
None |
Spread Daemon to Daemon connections Inter-node communication only. |
4804 |
UDP |
None |
Spread Daemon to Daemon connections Inter-node communication only. |
5433 |
TCP |
Dynamic Encryption (if secure=true) Encryption provided by TLS. Strong ciphers are supported using various AES ciphers provided by TLS. |
JDBC Client communication port (NFM-P server, statistics auxiliary, NSP Cluster) |
5433 |
UDP |
None |
Vertica Vertica spread monitoring Inter-node communication only. |
5434 |
TCP |
None |
Vertica Intra and inter cluster communication Inter-node communication only. |
6543 |
TCP |
None |
Spread Monitor to Daemon connections Inter-node communication only. |
7299 |
TCP |
Dynamic Encryption (if secure=true) Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
RMI NSP auxiliary database proxy port. |
7300–7309 |
TCP |
None |
RMI NSP auxiliary database proxy ports. Not used if secure=true. |
50000 |
TCP |
None |
Rsync Inter-node and inter-cluster communication |
32768-60999 |
TCP |
None |
Vertica - Zygote Inter-node communication only |
32768-60999 |
UDP |
None |
Vertica - Spread Inter-node communication only |
Managed devices | |||
21 Ports from 1023 - 65536 |
TCP |
None |
FTP (Passive) This port is used to enable ftp communication between the NFM-P server and the managed routers. Ftp occurs to transfer information from the routers to the NFM-P server such as accounting statistics. See FTP for a more detailed description of ftp requirements. |
22 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253 |
SSH / SFTP This port used by clients to request a SSH session to a managed router. |
23 |
TCP |
None |
Telnet This port used by clients to request a telnet session to a managed router. |
80 |
TCP |
None |
HTTP This port is required for the NFM-P client to communicate with the network element Web GUIs. See Network element specific requirements for the network elements that require this port. |
161 |
UDP |
Static Encryption When SNMPv3 is configured. Cipher and strength is NE dependant. |
SNMP By default, NFM-P server sends SNMP messages, such as configuration requests and service deployments, to this port on the network elements. |
1491 |
TCP |
Static Encryption When SNMPv3 is configured. Cipher and strength is NE dependant. |
SNMP Streaming Used for TCP Streaming during NE discovery and resync. Only applicable to 7950 XRS, 7750 SR, 7450 ESS, 11.0R5+. |
5001 |
TCP |
None |
Proprietary Java socket connection This port is used by CPAM to communicate with the 7701 CPAA to obtain control plane information. |
5010 |
UDP |
None |
Trap Trap port used by 9500 MPR / Wavence SM devices to send traps to NFM-P clients running the NetO manager. |
11500 |
TCP |
None |
Equipment View Used while managing 9500 MPR / Wavence SM(MSS-1C, MPR-e, MSS-8) NEs using the Equipment View function as part of NetO |
N/A |
ICMP |
N/A |
ICMP Only used if the Ping Policy is enabled as part of network element mediation. |
NFM-P database | |||
22 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253 |
SSH This port is used by NFM-P for an optional rsync feature between NFM-P databases |
1523 |
TCP |
Static Encryption Encryption provided by RC4 Cipher Algorithm with 128 bit Cipher Strength. |
Oracle SQL*Net Listener This port is used by the NFM-P server to connect to and communicate with the NFM-P database. When there are redundant databases, this port is also used by Oracle DataGuard to keep the databases in sync. The data on this port is encrypted. |
9002 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS. |
NFM-P database Proxy This port is used by the NFM-P server to monitor disk usage on a remote NFM-P database. When there are redundant databases, it is also allows the NFM-P server to initiate database switchovers and failovers. |
9003 |
TCP |
Dynamic Encryption Encryption provided by TLS. Strong ciphers are supported using various CBC and AES ciphers provided by TLS |
Database file transfer Port This port is used by the NFM-P database stations in a redundant station configuration. This port allows database transfers between the primary and standby databases. For example: when the standby database is reinstantiated, or when the standby database is installed for the first time. |
NFM-P client and client delegate server | |||
20 |
TCP |
None |
FTP Active FTP port for 9500 MPR / Wavence SM software download from NEtO. |
21 Ports from 1023 - 65535 |
TCP |
None |
FTP 9500 MPR / Wavence SM software download from NEtO. |
22 |
TCP |
Dynamic Encryption Cipher Suite and strength as per RFC 4253 |
sFTP 9500 MPR / Wavence SM software download from NEtO |
162 |
UDP |
None |
Trap Trap port used by 9500 MPR / Wavence SM (MPR-e, MSS-8) devices to send traps to NFM-P clients running the NetO manager. |
5010 |
UDP |
None |
Trap Trap port used by 9500 MPR / Wavence SM devices to send traps to NFM-P clients running the NetO manager. |