Is UDP ports 500 and 4500 needed on the Rancher server host?

demarant · March 30, 2016, 10:31am

Looking at the installation guide there is no mentioning that the host has to have any ports open for the ipsec. If we have SSL termination, the host needs just port 80 and 443 open of course.

I also know that each docker host (rancher node) must have UDP ports 500 and 4500 open for all other docker hosts managed by Rancher for the IPsec and health-checks to work.

But my question is: does the Host where the Rancher server is running need to have udp 500 and 4500 open as well?

sjiveson · March 30, 2016, 3:27pm

No, it does not.

Communication between Server and container hosts (Rancher Node) is via the API.

vincent · March 30, 2016, 6:01pm

Correct, the IPSec network is point-to-point between hosts, the rancher/server container does not connect to it.

Health checks are run inside the Network Agents on your hosts, and are scheduled to check from 3 different hosts than the container being checked is on (when possible, num_hosts > 3).

Topic		Replies	Views
Rancher-Agent ports Rancher 1.x	2	1371	December 14, 2015
Information on ports to be opened between Master Server and Hosts Rancher 1.x	5	5961	March 23, 2017
Rancher architecture and Communication	10	4472	July 27, 2017
Managed Network through TCP Rancher 1.x	4	1370	June 1, 2016
Ensuring Cross-Host Communication Rancher 1.x	1	958	January 24, 2018

Is UDP ports 500 and 4500 needed on the Rancher server host?

Related topics