Open Network Ports (Step 6)

For the Cisco Metacloud service to communicate with the Cisco Metacloud Operations Center, you must allow connectivity from your network to Cisco Metacloud. Have your network team allow communication on the following ports in your network.

Administrative Outbound Connections

Port Number Protocol Source IP Destination IP Function
NA ICMP ASR External Network Any of the below Connectivity Testing
443 TCP ASR External Network 208.90.61.185 Image Store (VM Images, Firmware)
443 TCP ASR External Network 208.90.61.161 Configuration Management System
443 TCP ASR External Network 208.90.61.156 PKI services
443, 8443 TCP ASR External Network 208.90.61.177 Portal (expected 2017)
80, 443 TCP ASR External Network 208.90.61.167, 208.90.61.178, 208.90.61.180, 208.90.61.189 Package Repositories
8443 TCP ASR External Network 208.90.61.183, 208.90.61.188 Monitoring
23485 TCP ASR External Network 208.90.61.186, 208.90.61.179 Remote Admin Channel
24284 TCP ASR External Network 208.90.61.182, 208.90.61.155 Log Monitoring
24769 TCP ASR External Network 208.90.61.187 DB Backups
53 TCP/UDP ASR External Network 208.90.61.153, 208.90.61.154, 206.190.80.21, 208.90.61.196 Zone Transfer Servers
53 TCP/UDP ASR External Network Any IP Name Resolution (if not provided by customer)
123 TCP/UDP ASR External Network Any IP Time Synchronization (if not provided by customer)
1194 TCP ASR External Network 208.90.61.184 Management VPN Tunnel

OOB Outbound Connections

Port Number Protocol Source IP Destination IP Function
NA ICMP ISR2901 WAN IP^ 208.90.61.205, 208.90.61.206 Connectivity Testing
500 UDP ISR2901 WAN IP^ 208.90.61.205, 208.90.61.206 OOB VPN Tunnel
4500 UDP ISR2901 WAN IP^ 208.90.61.205, 208.90.61.206 OOB VPN Tunnel
NA ESP ISR2901 WAN IP^ 208.90.61.205, 208.90.61.206 OOB VPN Tunnel

^If a private IP address is used, then use the public NAT address.

OOB Inbound Connections

Port Number Protocol Source IP Destination IP Function
NA ICMP 208.90.61.205, 208.90.61.206 ISR2901 WAN IP^ Connectivity Testing
500 UDP 208.90.61.205, 208.90.61.206 ISR2901 WAN IP^ OOB VPN Tunnel
4500 UDP 208.90.61.205, 208.90.61.206 ISR2901 WAN IP^ OOB VPN Tunnel
NA ESP 208.90.61.205, 208.90.61.206 ISR2901 WAN IP^ OOB VPN Tunnel
22 TCP 208.90.61.128/26 ISR2901 WAN IP^ SSH Admin Connectivity

^If a private IP address is used, then use the public NAT address.

Default VLAN IDs

The following table lists the VLANs that are used in a Metacloud Availability Zone.

Name IPv4 Type VLAN ID Netmask Description
External Private or Public 1001 Variable Network “external”/outside of the ASR’s – this network is used as the hop between the AZ and the rest of the routed domain.
Service Private 1003 Mostly /24 The service is assigned by Metacloud Operations.
Intracluster Private 1002 None required. The “Intracluster” VLAN will need to be the “native”, untagged VLAN associated with each of the Ethernet switch ports. The PXE boot of the nodes happens across this VLAN.
Storage Private 1004 Variable Each MHV will connect to this network for storage services.
OOB Private 1000 Mostly /24 The OOB network is assigned by Metacloud Operations. It is where network device management ports and LOM/Console interfaces of MCP and MHV reside.
Metacloud Project Private 2000 /24 A dedicated project domain for Metacloud Engineering.
Project Network(s) Private Start at 2001 Variable The project network for instances is sized for the maximum number of instance interfaces attached.

Enabling Traffic from Metacloud to Floating IP Addresses

If you have ASRs for your Metacloud controller, you must configure your router and firewall to enable hairpin traffic originating from Metacloud and routed to a Metacloud Floating IP address (FIP). Network performance of that traffic is limited by the bandwidth in the applicable router and firewall links. Refer to the information on the Starter Configuration, General Purpose Configuration, and High-performance Configuration for bandwidth information.

Next Steps

Once you have verified remote connectivity from the Cisco 2901 and all UCS Controller Servers have their BIOS settings in place, contact the Cisco Metacloud Operations Center. Once remote connectivity has been established from the Cisco Metacloud Operations Center, Cisco will be able to fully provision your Cisco Metacloud service. This includes but is not limited to adding your compute servers and configuring Cisco Block Storage or Customer-provided storage.

Note
Contact information for Cisco Metacloud Operations will be provided after your ordered is placed.