cancel
Showing results for 
Search instead for 
Did you mean: 

Why don't SCI use tcp port 8443?

hyosang_choi
Valued Contributor
Hi.

Customer is using SCI and vSZ(above 3.5).

But thier SCI don't use 8443 port.

We can see some port using connection SCI and vSZ on document.
Image_ images_messages_5f91c3e8135b77e2478db496_68a01a497e4a30cdd9997577ad025510_RackMultipart2017090150452187k-d5d6b97f-e2e6-4d50-90d1-750c89ff3e56-2095853525.PNG1504230792

But SCI don't use 8443 in result I check it using tcpdump on SCI shell.

SCI reciecve only packets for 8883 port from vSZ.



Image_ images_messages_5f91c3e8135b77e2478db496_2405c6cfac7b1fe9ee477b3247b30c79_RackMultipart20170901171711fax-6fe27d1e-6011-42cc-b71a-4b583b506802-1789673450.png1504231247

Doesn't it use outbound-8443 port?

Is it intended?

Should we only open inbound tcp 8883 port from vSZ to SCI?

Thanks.
7 REPLIES 7

see_ho_ting
Contributor
Hi Jeronimo,

Yes, port 8883 is used for SZ to communicate with SCI. This is because the communication protocol used is MQTT and port 8883 is the official port for MQTT over SSL and is registered with IANA (http://www.iana.org).

Port 8443 is typically reserved for HTTP and thus we are not using it for MQTT.

For firewall rules, traffic is outbound from SZ to SCI. Sorry, the documentation is not clear. The 8443 is for SZ 3.4 and below where the API is HTTPS based. SZ 3.5 and above will be using port 8883.

Hope this helps.

Thanks!

hyosang_choi
Valued Contributor
Thanks for reply, See Hong.

If in sz 3.5 above SCI don't use 8443 port, plz write down correctly in document.

Does SCI use 8443 for polling from SCI to vSZ?

Does SCI only recieve packet through 8883 port form vSZ to SCI?

And should We open only inbound 8883 port on Firewall? 

Or in 3.4 below, does SCI use 8443 for polling from SCI to vSZ?

Plz let me know about it. 

And if it is incorrect, write down clearly in document.

It causes confusion.

Regards.

see_ho_ting
Contributor
Hi Jeronimo,

Quick answers to your questions:

If in sz 3.5 above SCI don't use 8443 port, plz write down correctly in document.
=> Yes, we will have this documented more clearly ASAP.

Does SCI use 8443 for polling from SCI to vSZ?
=> Yes, but this is only for SZ3.4.2 and below. From SZ3.5 onwards, the API has changed completely from HTTPS pull to MQTT pull.

Does SCI only recieve packet through 8883 port form vSZ to SCI?
=> Yes. And again, this is only for SZ3.5 and above.

And should We open only inbound 8883 port on Firewall? 
=> Yes, that is correct.

Or in 3.4 below, does SCI use 8443 for polling from SCI to vSZ?
=> Yes, for SZ3.4 and below, SCI uses 8443 to poll the SZ.

Hope this helps and we apologise for the ambiguity in the documentation.

Thanks!

hyosang_choi
Valued Contributor
Hi See ho Ting.

Thank for kindly and deep reply.

I got it perfectly.

In first, plz upload about it on KB.

Additionally question.

We have two vSZ bound to cluster.

If two vSZ is existed on cluster, should we add both on SCI?

Currently we add only one vSZ.


Plz let me know about it.

Thank you very much.