Manualshelf

HP Serviceguard A.11.20.20 for Linux Release Notes, May 2013

ManualsBrandsHP ManualsSoftwareHP SAP Linux Serviceguard Cluster Extension
11121314151617181920
If you have adjusted the dynamic port range using kernel tunable parameters, alter your firewall
rules accordingly.
To enable intra-cluster communications, each HEARTBEAT_IP network on every node in the
cluster must allow the following communications in both directions with all other nodes in the
cluster:
TCP on port numbers 5300 and 5302 and allow only packets with the SYN flag
UDP on port numbers 5300 and 5302
TCP and UDP on dynamic ports
If you use a quorum server, all nodes in the cluster must allow the following communication
to the quorum server IP address:
TCP on port 1238 and allow only packets with the SYN flag
Any node providing quorum service for another cluster must allow the following communication
from that cluster’s nodes:
TCP on port 1238 and allow only packets with the SYN flag
Running the cmscancl command requires the ssh port be open.
There are additional firewall requirements to enable execution of Serviceguard commands from
nodes outside the cluster, such as those listed in cmclnodelist. To allow execution of Serviceguard
commands, follow these guidelines:
All nodes in the cluster must allow the following communications:
from the remote nodes:
TCP on ports 5302 and allow only packets with the SYN flag
UDP on port 5302
to the remote nodes:
TCP and UDP on dynamic ports
The remote nodes must allow the following communications:
from the cluster nodes
TCP and UDP on dynamic ports
to the cluster nodes
TCP on ports 5302 and allow only packets with the SYN flag
UDP on port 5302
Authentication communication must allow the following ports:
from the cluster nodes:
TCP and UDP on port 113
to the cluster nodes:
TCP and UDP on port 113
NOTE: If you suspect that the firewall is blocking communications, you can add -j LOG before
the last line in your iptables file (for example /etc/sysconfig/iptables) to log any blocked
ports. Consult your Linux distribution’s documentation on firewalls for information on iptables.
18