Manualshelf

HP Serviceguard A.11.20.00 for Linux Release Notes, August 2012

ManualsBrandsHP ManualsSoftwareHP SAP Linux Serviceguard Cluster Extension
11121314151617181920
If you are using the Quorum Server
hacl-qs 1238/TCP HA Quorum Server
If you are using the appserver utility:
hacl-poll 5315/TCP
Ports Needed for Authentication
The ports reserved for authentication are also used by Serviceguard:
auth 113/TCP authentication
auth 113/UDP authentication
Ports Required by Serviceguard Manager
If you are using Serviceguard Manager via HP SMH, make sure the following ports are open in
addition to the ports listed above:
compaq-https 2381/tcp
compaq-https 2381/udp
cpq-wbem 2301/tcp
cpq-wbem 2301/udp
cpq-wbem1188 (tcp/udp)
System Firewalls
When using a system firewall with Serviceguard for Linux, you must leave open the ports listed
above. For detailed instructions, see Configuring firewall rules for HP Serviceguard on Red Hat
White Paper available at www.hp.com/go/linux-serviceguard-docs—> White papers.
Serviceguard also uses some dynamic ports for some cluster services; these also need to be open
in the firewall. They are typically in the range 32768-61000 for Red Hat. To determine the range
on a given system, check the contents of the file /proc/sys/net/ipv4/
ip_local_port_range. If you have adjusted the dynamic port range using kernel tunable
parameters, alter your firewall rules accordingly.
To enable intra-cluster communications, each HEARTBEAT_IP network on every node in the
cluster must allow the following communications in both directions with all other nodes in the
cluster:
TCP on port numbers 5300 and 5302 and allow only packets with the SYN flag
UDP on port numbers 5300 and 5302
TCP and UDP on dynamic ports
If you use a quorum server, all nodes in the cluster must allow the following communication
to the quorum server IP address:
TCP on port 1238 and allow only packets with the SYN flag
Any node providing quorum service for another cluster must allow the following communication
from that cluster’s nodes:
TCP on port 1238 and allow only packets with the SYN flag
Running the cmscancl command requires the ssh port be open.
12