Default port allocations
The Anapaya appliance exposes multiple APIs and component communication endpoints at different ports.
There are two classes of network endpoints:
- Underlay endpoints: These are always UDP/IP.
- Service endpoints: These can be TCP/IP, UDP/SCION or QUIC/SCION depending on how the corresponding service endpoint should be reachable.
The port mapping is provided to the appliance through the appliance configuration file. There exist default values for each network endpoint. However, an operator can manually specify different ports for the network endpoints as long as there is no port overlap.
Default port tables
Here, we provide a table for each of our applications which includes the default port numbers. Note that if more than one AS is configured on the appliance or if some of the default port numbers are used by the operator for a different purpose, then the allocated ports might not match the default values provided in the tables below.
Control
| Endpoint | Protocol | Class | Default port |
|---|---|---|---|
| IntraAS | TCP/IP & UDP/SCION | Service | 40000 |
| InterAS | QUIC/SCION | Service | chosen by service |
| Cluster | UDP/IP & TCP/IP | Service | 40001 |
Router
| Endpoint | Protocol | Class | Default port |
|---|---|---|---|
| Internal Interface | UDP/IP | Underlay | 30100 |
| External Interface | UDP/IP | Underlay | 31000-39999 |
The External Interface ports are set by the operator. Any ports from the range 31000-39999 can be used. By default, you can assign port 31000 to an external interface and increase monotonically from there if multiple external interfaces are on the same IP address. Otherwise, port 31000 can be reused.
Gateway
| Endpoint | Protocol | Class | Default port |
|---|---|---|---|
| Data | UDP/SCION | Service | 40200 |
| Control | QUIC/SCION | Service | 40201 |
| Probe | UDP/SCION | Service | 40202 |
Dispatcher
| Endpoint | Protocol | Class | Default port |
|---|---|---|---|
| Data | UDP/IP | Underlay | 30041 |
Appliance Controller
| Endpoint | Protocol | Class | Default port |
|---|---|---|---|
| Appliance Mgmt API | TCP/IP | Service | 443 |
| Telemetry | TCP/IP | Service | 42001 |
| Synchronization API | gRPC (TCP/IP) | Service | 42003 |
L3 communication matrices
The following port ranges are used to access the management and telemetry APIs of the Anapaya appliance and for the Anapaya appliances to communicate with each other. Firewall rules need to be configured accordingly to allow communication on these ports.
Appliance management
| Endpoint | Protocol | Port |
|---|---|---|
| Management API | TCP/IP | 443 |
| Telemetry | TCP/IP | 42001 |
Appliance intra-AS
| Endpoint | Protocol | Port | Comment |
|---|---|---|---|
| Dispatcher | UDP/IP | 30041 | |
| Internal SCION Interface | UDP/IP | 30100-30199 | Required ports depend on the number of internal interfaces. |
| Control Plane | TCP/IP | 40000-40099 | Required ports depend on the number of ISD-ASes (two ports per ISD-AS). |
| Appliance Topology Sync | TCP/IP | 42003 |
SCION inter-AS links
| Endpoint | Protocol | Port | Comment |
|---|---|---|---|
| External SCION Interface | UDP/IP | 31000-39999 | Required ports depend on the number of external interfaces. Note that these are external facing ports and usually outside of any firewall infrastructure. |