Last active
January 27, 2025 02:21
-
-
Save papivot/eb39067e770133501255965b5413ffc4 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Source IP Address | Destination IP Address | Port Display | Protocol | Optional/Mandatory/Critical | Use | |
|---|---|---|---|---|---|---|
| Client | AVI VIP Network IP Range | 22 | TCP | Optional | Troubleshooting | |
| Client | AVI VIP Network IP Range | 80 | TCP | Optional | HTTP Workload - Use VIP Pool as Destination if using two seperate pools for VIP and vNIC | |
| Client | AVI VIP Network IP Range | 443 | TCP | Mandatory | HTTPS Workload - Use VIP Pool as Destination if using two seperate pools for VIP and vNIC | |
| Client | AVI VIP Network IP Range | 6443 | TCP | Mandatory | KubeAPI (Cluster) access - Use VIP Pool as Destination if using two seperate pools for VIP and vNIC | |
| Client | Supervisor Management IP Range | 22 | TCP | Optional | Troubleshooting | |
| Client | Workload Cluster IP Range | 22 | TCP | Optional | Troubleshooting | |
| Client | Workload Cluster IP Range | 30000-32767 | TCP | Optional | If Nodeport Support is required | |
| vCenter Server | Supervisor Management IP Range | 22 | TCP | Optional | Troubleshooting | |
| vCenter Server | Supervisor Management IP Range | 443 | TCP | Mandatory | ||
| vCenter Server | Supervisor Management IP Range | 6443 | TCP | Mandatory | Access required to Floating IP | |
| ESXi Server(s) | Supervisor Management IP Range | 443 | TCP | Optional | ||
| ESXi Server(s) | Supervisor Management IP Range | 6443 | TCP | Mandatory | Access required to Floating IP | |
| AVI Controller(s) | DNS Server | 53 | UDP/TCP | Mandatory | DNS | |
| AVI Controller(s) | NTP Server | 123 | UDP | Mandatory | NTP | |
| AVI Controller(s) | AVI Service Engines (Management) | 123 | UDP | Mandatory | NTP | |
| AVI Controller(s) | ESXi Server(s) | 443 | TCP | Mandatory | Infra connectivity | |
| AVI Controller(s) | vCenter Server | 443 | TCP | Mandatory | Infra connectivity | |
| AVI Service Engines (Management) | AVI Controller(s) | 22 | TCP | Mandatory | ||
| AVI Service Engines (Management) | AVI Controller(s) | 8443 | TCP | Mandatory | ||
| AVI VIP Network IP Range | Supervisor Workload IP Range | 80 | TCP | Optional | Supervisor Cluster - Use vNIC Pool as Source if using two seperate pools for VIP and vNIC | |
| AVI VIP Network IP Range | Supervisor Workload IP Range | 443 | TCP | Mandatory | Supervisor Cluster - Use vNIC Pool as Source if using two seperate pools for VIP and vNIC | |
| AVI VIP Network IP Range | Supervisor Workload IP Range | 2112 | TCP | Mandatory | Supervisor Cluster - Use vNIC Pool as Source if using two seperate pools for VIP and vNIC | |
| AVI VIP Network IP Range | Supervisor Workload IP Range | 2113 | TCP | Mandatory | Supervisor Cluster - Use vNIC Pool as Source if using two seperate pools for VIP and vNIC | |
| AVI VIP Network IP Range | Supervisor Workload IP Range | 6443 | TCP | Mandatory | Supervisor Cluster KubeAPI - Use vNIC Pool as Source if using two seperate pools for VIP and vNIC | |
| AVI VIP Network IP Range | Workload Cluster IP Range | 80 | TCP | Optional | HTTP Workload - Use vNIC Pool as Source if using two seperate pools for VIP and vNIC | |
| AVI VIP Network IP Range | Workload Cluster IP Range | 443 | TCP | Mandatory | HTTPS Workload - Use vNIC Pool as Source if using two seperate pools for VIP and vNIC | |
| AVI VIP Network IP Range | Workload Cluster IP Range | 6443 | TCP | Mandatory | Workload Cluster KubeAPI - Use vNIC Pool as Source if using two seperate pools for VIP and vNIC | |
| AVI VIP Network IP Range | Workload Cluster IP Range | 30000-32767 | TCP | Optional | If Nodeport Support is required - Use vNIC Pool as Source if using two seperate pools for VIP and vNIC | |
| Supervisor Management IP Range | DNS Server | 53 | UDP/TCP | Mandatory | DNS* (initial installation) | |
| Supervisor Management IP Range | NTP Server | 123 | UDP | Mandatory | NTP | |
| Supervisor Management IP Range | vCenter Server | 443 | TCP | Critical | ||
| Supervisor Management IP Range | Internet/Intranet | 443 | TCP | Mandatory | Access to Content Lib/TMC/registry (public nad private) | |
| Supervisor Management IP Range | AVI Controller(s) | 443 | TCP | Mandatory | AKO connectivity | |
| Supervisor Management IP Range | AVI VIP Network IP Range | 6443 | TCP | Mandatory | Supervisor cluster -> Workload cluster config | |
| Supervisor Management IP Range | Workload Cluster IP Range | 6443 | TCP | Mandatory | VM Operator and TKC VM communication* | |
| Supervisor Workload IP Range* | DNS Server | 53 | TCP/UDP | Mandatory | DNS | |
| Supervisor Workload IP Range* | Supervisor Management IP Range | 6443 | TCP | Mandatory | ||
| Supervisor Workload IP Range* | Workload Cluster IP Range | 6443 | TCP | Mandatory | ||
| Workload Cluster IP Range | DNS Server | 53 | UDP/TCP | Mandatory | DNS | |
| Workload Cluster IP Range | NTP Server | 123 | UDP | Mandatory | NTP | |
| Workload Cluster IP Range | AVI Controller(s) | 443 | TCP | Optional | While using AKOO on guest cluster | |
| Workload Cluster IP Range | Internet/Intranet | 443 | TCP | Mandatory | Access to TMC/registry (public nad private) | |
| Workload Cluster IP Range | AVI VIP Network IP Range | 6443 | TCP | Mandatory | Nodes need to access the Supervisor and Workload Cluster kubeapi VIP | |
| Notes:- | ||||||
| 2. This doc assumes there is no firewall | ||||||
| WITHIN a subnet/VLAN | ||||||
| 3. Supervisor Workload IP Range & | ||||||
| Workload Cluster IP Range | ||||||
| are the same subnet/VLAN for the | ||||||
| Primary Supervisor Namespace |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment