ECS: Port Assignments
Summary: Information about ECS ports and ECS port.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Instructions
This article provides information about ECS ports located on ECS nodes.
Ports to open for NFSv3 UNIX clients
Open the NFSv3 ports to enable file access from the NFS UNIX clients to the ECS nodes.
Table 1: Ports to open for NFSv3 UNIX clients.
| PORT | PROTOCOL | DIRECTION | NETWORK TYPE |
|---|---|---|---|
| 111 | TCP and UDP | Bi-directional | Data |
| 2049 | TCP and UDP | Bi-directional | Data |
| 10000 | TCP and UDP | Bi-directional | Data |
Note: The ECS firewall is set up with these ports open, but it is also important to check the ports between the ECS and the client.
Ports required for ECS Service Console access
The ECS Service Console is a command-line tool that simplifies and automates various ECS service procedures, including upgrades.
Table 2: Ports required for local or remote access for Service Console
| PORT | PROTOCOL | DIRECTION | DESCRIPTION | NETWORK TYPE |
|---|---|---|---|---|
| 22 4443 9101 |
TCP | Inbound to ECS | Local access for Service Console |
|
| 4443 9101 |
TCP | Outbound from ECS | Remote access for Service Console |
|
Open ports reserved for Fabric operations
Table 3: Open ports reserved for fabric operations
| PORT | IP USED | DESCRIPTION |
|---|---|---|
| 9240 | Public IP | Agent |
| 9241 | Public IP | Lifecycle |
| 9277 | Private.4 IP (NAN) | ZooKeeper |
| 9514 | N/A | Syslog |
| 5000 | Private IP | Fabric registry |
ECS nodes to ECS nodes in other sites
Table 4: ECS nodes to ECS nodes in other sites
| PORT | PROTOCOL | DIRECTION | DATA TYPE | NETWORK TYPE |
|---|---|---|---|---|
| 9094 | TCP | Bi-directional | Replication commands | Replication |
| 9096 | TCP | Bi-directional | Replication data | Replication |
ECS nodes to network infrastructure
This section describes about ECS nodes to network infrastructure and appropriate ports, protocol, direction, and additional information.
Table 5: ECS nodes to a network infrastructure
| PORT | PROTOCOL | DIRECTION | DESCRIPTION | NETWORK TYPE |
|---|---|---|---|---|
| 25 | TCP | Outbound from ECS | Simple mail transfer protocol (SMTP) | Management |
| 53 | TCP and UDP | Outbound from ECS | Domain name server (DNS) | Management |
| 123 | UDP | Outbound from ECS | Network time protocol (NTP) | Management |
| 389 | TCP | Outbound from ECS | AD | Management |
| 636 | TCP | Outbound from ECS | AD | Management |
| 161 | TCP and UDP | Inbound from ECS SNMP NMS Clients (Query ECS) Management | Reserved for SNMP | Management |
| 162 | TCP and UDP | Outbound from ECS SNMP NMS Trap Receivers Management | Reserved for SNMP | Management |
Web service clients to ECS nodes
Table 6: Web service clients to ECS nodes
| PORT | PROTOCOL | DIRECTION | DESCRIPTION | NETWORK TYPE |
|---|---|---|---|---|
| 3218 | TCP | Bi-directional | Content Addressed Storage (CAS) application program interface (API) | Data |
| 3218 | UDP | Bi-directional | CAS API | Data |
| 9020 | TCP | Inbound to ECS | Used for the S3 Object API over HTTP | Data |
| 9021 | TCP | Inbound to ECS | S3 Object API over HTTPS | Data |
| 9022 | TCP | Inbound to ECS | ATMOS Object API over HTTP | Data |
| 9023 | TCP | Inbound to ECS | ATMOS Object API over HTTPS | Data |
| 9024 | TCP | Inbound to ECS | Used for SWIFT API over HTTP | Data |
| 9025 | TCP | Inbound to ECS | Swift Object API over HTTPS | Data |
| 9040 | TCP | Inbound to ECS | Hadoop distributed file system (HDFS) service | Data |
Management access to ECS nodes
Table 7: Management access to ECS nodes
| PORT | PROTOCOL | DIRECTION | DESCRIPTION | NETWORK TYPE |
|---|---|---|---|---|
| 22 | TCP | Inbound to ECS | Secure shell (SSH) | Management |
| 80 | TCP | Inbound to ECS | Used for accessing the ECS Portal, Port 80 auto-redirects to HTTPS (443) | Management |
| 443 | TCP | Inbound to ECS | ECS Portal | Management |
| 4443 | TCP | Inbound to ECS | ECS Management API | Management |
| 9011 | TCP | Inbound to ECS | ECS Management API | Management |
Management access to ECS nodes' RMM ports
Note: The ECS RMM ports are designated for configuration and management tasks. If you connect directly to the same subnet as the ECS Appliance network, you do not have to use the RMM ports.
Table 8: RMM dedicated ports for Gen1 and Gen2 hardware.
| PORT | PROTOCOL | DIRECTION | DESCRIPTION |
|---|---|---|---|
| 80 | TCP | Inbound to ECS | RMM UI |
| 443 | TCP | Inbound to ECS | RMM UI |
| 5900 | TCP | Inbound to ECS | Virtual Console keyboard and mouse redirection, Virtual Media, Virtual Folders, and Remote File Share |
SNMP, Secure Remote Services, and xDoctor dedicated ports
This section provides information about the dedicated SNMP, Secure Remote Services, and xDoctor ports.
Table 9: Dedicated SNMP, Secure Remote Services, and xDoctor ports
| PORT | PROTOCOL | DIRECTION | DESCRIPTION | NETWORK TYPE |
|---|---|---|---|---|
| 21 | TCP | Outbound from ECS to Secure Remote Services Gateway. | Deprecated | Management |
| 22 | TCP | Inbound from Secure Remote Services Gateway to ECS |
|
Management |
| 25 | TCP | Outbound from ECS to Secure Remote Services Gateway. |
|
Management |
| 80 | TCP | Inbound from Secure Remote Services Gateway to ECS | ECS UI HTTP | Management |
| 443 | TCP | Inbound from Secure Remote Services Gateway to ECS | ECS UI HTTPs | Management |
| 4443 | TCP | Inbound from Secure Remote Services Gateway to ECS | ECS Management API | Management |
| 6090 | TCP | Inbound and Outbound | Reserved for xDoctor | Management |
| 9443 | TCP | Outbound from ECS to Secure Remote Services Gateway. | Secure Remote Services V3 Gateway on ECS 2.2 and later | Management |
All Flash Appliance platform ports
This section describes about the port details related to All Flash Appliance (AFA).
Table 10: All Flash Appliance platform ports
| PORT | PROTOCOL | DIRECTION | IP USED |
|---|---|---|---|
| 9270 | TCP, UDP | Bi-directional | Public |
| 10081 | TCP | Bi-directional | Private |
| 10082 | TCP | Bi-directional | Private |
| 15000~20000 | UDP | Bi-directional | Private |
Note: The AFA ports are applicable only when AFA is in use.
Monitoring stack ports
All ports are on the private.4 network and are not opened by ECS firewall. These ports are used for internal ECS monitoring.
Table 11: ECS monitoring stack ports
| PORT | PROTOCOL | DESCRIPTION | NETWORK TYPE |
|---|---|---|---|
| 11002 | TCP | Telegraf | Management |
| 9273 | TCP | Telegraf | Management |
| 8082 | TCP | InfluxDB | Management |
| 8086 | TCP | InfluxDB | Management |
| 8087 | TCP | InfluxDB | Management |
| 8088 | TCP | InfluxDB | Management |
| 8093 | TCP | Fluxd | Management |
| 3000 | TCP | Grafana | Management |
Port assignments for systems that implement network separation
When ECS network traffic is separated, port assignments remain the same while the network the port assigned to is different. Verify that the firewall is configured to recognize these networks and ports. The tables in this section identify the ports used for the:
- Data network
- Management network
- Replication network
Data network ports
This section provides information about the designated data network ports.
Table 12: Designated data network ports
|
PORT
|
PROTOCOL
|
DIRECTION
|
DESCRIPTION
|
|---|---|---|---|
|
22
|
TCP
|
Inbound to ECS
|
SSH
|
|
2689
|
TCP
|
Bi-directional
|
ZooKeeper
|
|
3218
|
TCP
|
Bi-directional
|
CAS API
|
|
3218
|
UDP
|
Bi-directional
|
CAS API
|
|
9020
|
TCP
|
Inbound to ECS
|
S3 Object API over HTTP
|
|
9021
|
TCP
|
Inbound to ECS
|
S3 Object API over HTTPS
|
|
9022
|
TCP
|
Inbound to ECS
|
ATMOS Object API over HTTP
|
|
9023
|
TCP
|
Inbound to ECS
|
ATMOS Object API over HTTPS
|
|
9024
|
TCP
|
Inbound to ECS
|
Swift Object API over HTTP
|
|
9025
|
TCP
|
Inbound to ECS
|
Swift Object API over HTTPS
|
|
9040
|
TCP
|
Inbound to ECS
|
HDFS Service
|
Management network ports
Table 13: Designated management network ports
| PORT | PROTOCOL | DIRECTION | DESCRIPTION |
|---|---|---|---|
| 22 | TCP | Inbound to ECS | SSH |
| 25 | TCP | Outbound from ECS | SMTP |
| 53 | TCP | Outbound from ECS | DNS |
| 80 | TCP | Inbound to ECS | ECS Portal |
| 123 | UDP | Outbound from ECS | NTP |
| 389 | TCP | Outbound from ECS | AD |
| 443 | TCP | Inbound to ECS | ECS Portal |
| 636 | TCP | Outbound from ECS | AD (SSL) |
| 4443 | TCP | Inbound to ECS | ECS Management API |
Replication network ports
Table 14: Designated replication network ports
| PORT |
PROTOCOL |
DIRECTION |
DESCRIPTION |
|---|---|---|---|
| 22 |
TCP |
Inbound to ECS |
SSH |
| 9094 |
TCP |
Bi-directional |
Geo Receiver (HTTP) |
| 9096 |
TCP |
Bi-directional |
Geo Data (HTTP) |
ECS ports that must remain open
This section provides information about the ports that are reserved for internal communication between services and the ECS nodes.
Note: The Object services that remain open uses most of the ports on the public network. The Object service does not use private networks.
Table 15: Ports reserved for internal communication between services and the ECS nodes
| PORT |
PROTOCOL |
SERVICE NAME |
NETWORK TYPE |
NETWORK SCOPE |
|---|---|---|---|---|
| 1095 |
TCP, UDP |
Ssm |
Data |
Public |
| 1096 |
TCP, UDP |
rm |
Data |
Public |
| 1098 |
TCP, UDP |
Blobsvc |
Data |
Public |
| 1298 |
TCP, UDP |
Dataheadsvc |
Data |
Public |
| 2180 |
TCP |
Coordinatorsvc |
Data |
Private |
| 2181 |
TCP |
ZooKeeper |
Data |
Private |
| 2887 |
TCP |
ZooKeeper |
Data |
Private |
| 2888 |
TCP |
ZooKeeper |
Data |
Private |
| 2889 |
TCP |
ZooKeeper |
Data |
Private |
| 3888 |
TCP |
ZooKeeper |
Data |
Private |
| 9010 |
TCP |
Objcontrolsvc |
Management |
Loopback |
| 9011 |
TCP |
Objcontrolsvc |
Management |
Loopback |
| 9028 |
TCP |
Blobsvc |
Data |
Public |
| 9029 |
TCP |
Blobsvc |
Data |
Public |
| 9069 |
TCP |
Storageserver |
Data |
Public (Protected by Fabric Firewall manager. Port is not available outside of the cluster.) |
| 9091 |
TCP, UDP |
cm |
Data |
Public |
| 9098 |
TCP |
Georeceiver |
Data |
Public |
| 9099 |
TCP, UDP |
Storageserver |
Data |
Public (Protected by Fabric Firewall manager. Port is not available outside of the cluster.) |
| 9100 |
TCP |
Dtquery |
Data |
Public |
| 9101 |
TCP |
Dtqueryrecv |
Data |
Private |
| 9106 |
TCP |
Storageserver |
Data |
Public (Protected by Fabric Firewall manager. Port is not available outside of the cluster.) |
| 9201 |
TCP, UDP |
Stat |
Data |
Public |
| 9202 |
TCP |
Stat |
Data |
Loopback |
| 9203 |
TCP, UDP |
Metering |
Management |
Public |
| 9204 |
TCP, UDP |
Vnest |
Data |
Public |
| 9205 |
TCP |
Vnest |
Data |
Public |
| 9206 |
TCP |
Vnest |
Data |
Private |
| 9209 |
TCP, UDP |
Eventsvc |
Management |
Public |
| 9212 |
TCP, UDP |
Objcontrolsvc |
Management |
Public |
| 9220 |
TCP |
Vnestclient |
Data |
Public |
| 9230 |
TCP |
Zkutils |
Data |
Public |
| 9260 |
TCP, UDP |
SR |
Data |
Public |
| 9278 |
TCP |
Fabric services (ZooKeeper) |
Data |
Private |
| 9279 |
TCP |
Fabric services (ZooKeeper) |
Data |
Private |
| 9888 |
TCP, UDP |
Resourcesvc |
Data |
Public |
| 9898 |
TCP |
Objcontrolsvc |
Management |
Public |
| 10017 |
TCP |
Storageserver |
Data |
Public (Protected by Fabric Firewall manager. Port is not available outside of the cluster.) |
| 10098 |
TCP, UDP |
Transformsvc |
Data |
Public |
| 10099 |
TCP |
Transformsvc |
Data |
Private |
Note: All the other ports except the ones that are mentioned in this document are closed or unused ports on ECS nodes.
ECS ports used for migration or application-specific
This section lists the ports that are used for migration or application-specific.
Table 16: ECS ports used for migration or application-specific
| PORT |
PROTOCOL |
SERVICE NAME |
NETWORK TYPE |
NETWORK SCOPE |
|---|---|---|---|---|
| 3218 |
TCP, UDP |
CAS |
- |
Public |
ECS ports required between VDCs
This section lists the ports that are required between VDCs.
Table 17: ECS ports required between VDCs
| PORT |
PROTOCOL |
SERVICE NAME |
NETWORK TYPE |
NETWORK SCOPE |
|---|---|---|---|---|
| 9094 |
TCP, UDP |
Geocmd |
- |
Public |
| 9096 |
TCP |
Geodata |
- |
Public |
| 9098 |
TCP |
Georeceiver |
- |
Public |
Additional Information
See ECS Security Configuration and Hardening Guide.
Affected Products
ECS, ECS Appliance, ECS Appliance Gen 1, ECS Appliance Gen 2, ECS Appliance Gen 3, ECS Appliance Hardware Gen1 U-Series, ECS Appliance Hardware Gen1 C-Series, ECS Appliance Hardware Gen2 C-Series, ECS Appliance Hardware Gen2 D-Series
, ECS Appliance Hardware Gen2 U-Series
...
Products
ECS Appliance Hardware Gen3 EX5000, ECS Appliance Hardware Gen3 EX300, ECS Appliance Hardware Gen3 EX3000, ECS Appliance Hardware Gen3 EX500, ECS Appliance Hardware Gen3 EXF900, ECS Appliance Hardware Series, ECS Appliance Software with Encryption
, ECS Appliance Software without Encryption, ECS Software
...
Article Properties
Article Number: 000214715
Article Type: How To
Last Modified: 03 Jul 2024
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.