Manualshelf

HP Serviceguard A.11.20.10 for Linux Release Notes, December 2012

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux Cluster
11121314151617181920
If you are using the Quorum Server
hacl-qs 1238/TCP HA Quorum Server
If you are using the appserver utility:
hacl-poll 5315/TCP
Ports needed for authentication
The ports reserved for authentication are also used by Serviceguard:
auth 113/TCP authentication
auth 113/UDP authentication
Ports required by Serviceguard Manager
If you are using Serviceguard Manager via HP SMH, make sure the following ports are open in
addition to the ports listed above:
compaq-https 2381/tcp
compaq-https 2381/udp
cpq-wbem 2301/tcp
cpq-wbem 2301/udp
cpq-wbem1188 (tcp/udp)
System firewalls
When using a system firewall with Serviceguard for Linux, you must leave open the ports listed
above. For more information, see the latest version of Configuring firewall rules for HP Serviceguard
on SUSE Linux Enterprise Server and Red Hat White Paper at http://www.hp.com/go/
linux-serviceguard-docs—> White papers.
Serviceguard also uses some dynamic ports for some cluster services. These must be open in the
firewall. They are typically in the range 32768-61000 for Red Hat. To determine the range on a
given system, check the contents of the file /proc/sys/net/ipv4/ip_local_port_range.
If you have adjusted the dynamic port range using kernel tunable parameters, alter your firewall
rules accordingly.
To enable intra-cluster communications, each HEARTBEAT_IP network on every node in the
cluster must allow the following communications in both directions with all other nodes in the
cluster:
TCP on port numbers 5300 and 5302 and allow only packets with the SYN flag
UDP on port numbers 5300 and 5302
TCP and UDP on dynamic ports
If you use a quorum server, all nodes in the cluster must allow the following communication
to the quorum server IP address:
TCP on port 1238 and allow only packets with the SYN flag
Any node providing quorum service for another cluster must allow the following communication
from that cluster’s nodes:
TCP on port 1238 and allow only packets with the SYN flag
Running the cmscancl command requires the ssh port be open.
20