EasyManua.ls Logo

HP HPE VAN SDN Controller 2.7 - Page 127

HP HPE VAN SDN Controller 2.7
231 pages
Save Page as PDF
Print Icon
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Never let someone who does not have access rights to the controller ‘look over your
shoulder while accessing the UI.
Make sure Keystone is configured to expire tokens after a short period of time (a common
industry practice is 20 minutes).
Do not delete any iptables with the name hazelcast, cassandra-default, or
cassadra-team, or any rules with the following ports: 5700, 7000, 7001, 7199, 9160.
Do not manually override the iptables rules to allow or deny ports 5700, 7000, 7001, 7199,
and 9160.
Example 1 “Rules created for a team of 3 controllers” displays the rules created for a team of 3
controllers (1.2.1.1, 1.2.1.2, 1.2.1.3) when running the sudo iptables -nL command:
Example 1 Rules created for a team of 3 controllers
# sudo iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
cassandra-team all -- 0.0.0.0/0 0.0.0.0/0
cassandra-default all -- 0.0.0.0/0 0.0.0.0/0
hazelcast all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
cassandra-team all -- 0.0.0.0/0 0.0.0.0/0
cassandra-default all -- 0.0.0.0/0 0.0.0.0/0
hazelcast all -- 0.0.0.0/0 0.0.0.0/0
Chain cassandra-default (2 references)
target prot opt source destination
ACCEPT tcp -- 127.0.0.1 127.0.0.1 tcp dpt:7001
ACCEPT tcp -- 127.0.0.1 127.0.0.1 tcp dpt:9160
ACCEPT tcp -- 127.0.0.1 127.0.0.1 tcp dpt:7199
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7199
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:9160
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7000
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:7001
Chain cassandra-team (2 references)
target prot opt source destination
ACCEPT tcp -- 1.2.1.2 1.2.1.3 tcp dpt:7001
ACCEPT tcp -- 1.2.1.3 1.2.1.2 tcp dpt:7001
ACCEPT tcp -- 1.2.1.1 1.2.1.3 tcp dpt:7001
ACCEPT tcp -- 1.2.1.3 1.2.1.1 tcp dpt:7001
ACCEPT tcp -- 1.2.1.3 1.2.1.3 tcp dpt:7001
Chain hazelcast (2 references)
target prot opt source destination
ACCEPT tcp -- 1.2.1.2 1.2.1.3 tcp dpt:5700
ACCEPT tcp -- 1.2.1.3 1.2.1.2 tcp dpt:5700
ACCEPT tcp -- 1.2.1.1 1.2.1.3 tcp dpt:5700
ACCEPT tcp -- 1.2.1.3 1.2.1.1 tcp dpt:5700
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:5700
Security best practices 127

Table of Contents

Related product manuals