A Network Port Flows
Network Port Flows
This section describes network port flows for CNE and OCNWDAF.
- Cluster IP addresses are reachable outside of the cluster and are typically assigned by using a Network Load Balancer.
- Node IP addresses are reachable from the bastion host (and may be exposed outside of the cluster).
CNE Port Flows
Table A-1 CNE Port Flows
| Name | Server/Container | Ingress Port ext[:int]/Proto | TLS | Cluster IP (Service IP) | Node IP | Notes |
|---|---|---|---|---|---|---|
| SSH | ALL | 22/TCP | Y | SSH Access | Administrative SSH Access. Only root or key is not allowed. | |
| Repository | Bastion Host | 80/TCP,443/TCP, 5000/TCP | Repository Access | Access repositories (YUM, Docker, Helm, and so on.) | ||
| MySQL Query | MySQL SQL Node | 3306/TCP | N | Microservice SQL Access | The SQL Query interfaces are used for NWDAF to access the database. | |
| ETCD Client | Kubernetes Master Nodes | 2379/TCP | Y | Client Access | Keystore DB used by Kubernetes | |
| Kubelet API | Kubernetes Nodes | 10250/TCP | Y | Control Plane Node Access | API which allows full node access. | |
| Kubelet State | Kubernetes Nodes | 10255/TCP | Y | Node State Access | Unauthenticated read-only port, allowing access to node state. | |
| Kube-proxy | Kubernetes Nodes | 10256/TCP | N | Health Check | Health check server for Kube Proxy. | |
| Kube-controller | Kubernetes Nodes | 10257/TCP | Y | Controller Access | HTTPS Access | |
| Kube-Scheduler | Kubernetes Node | 10259/TCP | Y | Scheduler Access | HTTPS Access | |
| Jaeger Agent | Kubernetes Nodes | 5775/UDP | N | Agent | Accepts zipkin.thrift in compact Thrift protocol (deprecated; only used by very old Jaeger clients, circa 2016). | |
| Jaeger Agent | Kubernetes Nodes | 5778/TCP | N | Agent | Serves SDK configs, namely sampling strategies at /sampling. | |
| Jaeger Agent | Kubernetes Nodes | 6831/UDP | N | Agent | UDP Accepts jaeger.thrift in compact Thrift protocol used by most current Jaeger clients. | |
| Jaeger Agent | Kubernetes Nodes | 6831/UDP | N | Agent | UDP Accepts jaeger.thrift in binary Thrift protocol used by Node.js Jaeger client (because thriftrw npm package does not support compact protocol). | |
| Jaeger Agent | Kubernetes Nodes | 14271/TCP | N | Agent | Admin port: health check at / and metrics at /metrics. | |
| Jaeger Collector | Kubernetes Nodes | 9411/TCP | N | Collector | Accepts Zipkin spans in Thrift, JSON and Proto (disabled by default). | |
| Jaeger Collector | Kubernetes Nodes | 14250/TCP | N | Collector | Used by jaeger-agent to send spans in model.proto format. | |
| Jaeger Collector | Kubernetes Nodes | 14268/TCP | N | Collector | Accepts spans directly from clients in jaeger.thrift format with binary thrift protocol (POST to /api/traces). Also serves sampling policies at /api/sampling, similar to Agent’s port 5778. | |
| Jaeger Collector | Kubernetes Nodes | 14269/TCP | N | Collector | Admin port: health check at / and metrics at /metrics. | |
| Jaeger-Query | Kubernetes Nodes | 80/TCP | N | GUI | Service frontend | |
| Prometheus Server | Kubernetes Nodes | 80/TCP | N | GUI | Prometheus Server | |
| Prometheus-Exporter | Kubernetes Nodes | 9100/TCP | N | Prometheus Exporter | Prometheus Exporter | |
| Alertmanager | Kubernetes Nodes | 80/TCP | N | GUI | The Alertmanager handles alerts sent by client applications such as the Prometheus server. |
OCNWDAF Port Flows
Table A-2 OCNWDAF Port Flows
| Name | Server /Container | Ingress Port [external]:internal | TLS | Cluster IP (Service IP) | Node IP | Notes |
|---|---|---|---|---|---|---|
| NWDAF | Kubernetes Nodes/NWDAF Service |
8080/TCP |
Y |
Ingress Gateway |
ocn-nwdaf-gateway-service |
NWDAF |
| NWDAF Portal | Kubernetes Nodes/NWDAF Service | 80/TCP | Y | GUI | nwdaf-portal | NWDAF GUI web. |