IBM Cloud Docs
Host network requirements

Host network requirements

Review the following requirements that relate to the network setup of host machines.

You can verify your host setup with the satellite-host-check script. For more information, see Checking your host setup.

Networking configurations

In general, do not set any custom networking configurations on your hosts, such as network manager scripts, dnsmasq setups, custom IP table rules, or custom MTU settings like jumbo frames.

All hosts must meet the following network requirements:

  • The localhost value must resolve to a valid local host IP address, typically 127.0.0.1.

  • You cannot use custom iptables to route traffic to the public or private network, because default Satellite and Calico policies override custom iptables.

  • The following IP address ranges are reserved, and must not be used in any of the networks that you want to use in IBM Cloud Satellite, including the host networks.

    Non-CoreOS enabled locations:

    172.16.0.0/16, 172.18.0.0/16, 172.19.0.0/16, 172.20.0.0/16, and 192.168.255.0/24

    CoreOS enabled locations:

    172.20.0.0/16 and 172.16.0.0/16

  • Host IP addresses must remain static and cannot change over time, such as due to a reboot or other potential infrastructure updates.

  • If you are provisioning your host on-prem, you must configure your host to use a public DNS server, such as 8.8.8.8. You can use a private DNS server, but it must be able to resolve hostnames on the public Internet.

Hosts assigned to a specific Red Hat OpenShift cluster or to the control plane must share some properties, which can be different across clusters.

  • All Satellite hosts must have the same MTU values.
  • Hosts must have TCP/UDP/ICMP Layer 3 connectivity for all ports across hosts. You cannot block certain ports that might block communication across hosts.

Host network bandwidth

  • The hosts must have minimum network bandwidth connectivity of 100 Mbps, with 1 Gbps preferred.
  • The bandwidth required between hosts varies with the number of clusters in the location, and the workloads that run in the cluster. Insufficient network bandwidth can lead to network performance problems.

Network gateways and interfaces

  • Satellite does not support IPv6.
  • All Satellite hosts must have an IPv4 address that can access containers.cloud.ibm.com and must have full IPv4 backend connectivity to the other hosts in the same cluster in the location.
  • Hosts can use gateways to connect to the location control plane.

Inbound connectivity requirements for Satellite hosts

Hosts must have inbound connectivity on the primary network interface through the default gateway or firewall the system. Hosts that are assigned to the same service; for example, the same cluster, must be able to talk to each other and with the Satellite control plane.

For example, if the primary network interface for a host is eth0, you must open the following required IP addresses and ports on the default gateway or firewall on the eth0 private network interface.

Required inbound connectivity for hosts on the primary network interface
Description Source IP Destination IP Protocol and ports
Allow hosts that are assigned to the same service in your location to communicate with each other and with the Satellite control plane All Satellite hosts All Satellite hosts All ports and protocols
Access the API to make changes in a Red Hat OpenShift cluster and access the Red Hat OpenShift web console or through the Red Hat OpenShift router Clients or authorized users Control plane hosts TCP 30000 - 32767
Access the web console for a Red Hat OpenShift cluster through the Red Hat OpenShift router Clients or authorized users Red Hat OpenShift cluster hosts TCP 443

Outbound connectivity requirements for Satellite Connector

For Satellite Connector outbound connectivity requirements, see Network requirements.