Non-RHCOS enabled locations in Dallas
The following network requirements are for outbound connectivity for Red Hat Enterprise Linux (RHEL) hosts for use with non Red Hat CoreOS enabled locations in the Dallas (us-south
) region.
The type of location that you create dictates the type of operating systems that can run on your hosts. If your location is RHCOS enabled, then you can attach hosts that are running either RHEL and RHCOS. If your location isn't RHCOS enabled, then you can attach only hosts that are running RHEL. You can check whether your location is RHCOS enabled. For more information about operating system support, see Planning your operating system.
You can verify your host setup with the satellite-host-check
script. For more information, see Checking your host setup.
You can download a copy of these requirements.
Review the following outbound network requirements for RHEL hosts for use with non-RHCOS enabled locations in the Dallas (us-south
) region.
- Allow hosts to connect to IBM.
-
- Destination hostnames:
cloud.ibm.com
,containers.cloud.ibm.com
,api.link.satellite.cloud.ibm.com
- Protocol and ports: HTTPS Port 443
- Destination hostnames:
- Allow access to Red Hat network time protocol (NTP) servers.
-
- Destination hostnames:
0.rhel.pool.ntp.org
,1.rhel.pool.ntp.org
,2.rhel.pool.ntp.org
,3.rhel.pool.ntp.org
- Protocol and ports: Allow NTP protocol and provide UDP on port 123.
- Destination hostnames:
- Allow hosts to communicate with Cloud Identity and Access Management.
-
- Destination hostnames:
https://iam.bluemix.net
,https://iam.cloud.ibm.com
- Protocol and ports: TCP 443
- Destination hostnames:
-
Your firewall must be Layer 7 to allow the IAM domain name. IAM does not have specific IP addresses that you can allow. If your firewall does not support Layer 7, you can allow all HTTPS network traffic on port 443.
- Allow hosts to connect to the LaunchDarkly service.
-
- Destination hostnames:
app.launchdarkly.com
,clientstream.launchdarkly.com
- Protocol and ports: HTTPS 443
- Destination hostnames:
- Allow hosts to communicate with Red Hat Container Registry.
-
Allow your host machines to access the required sites for OpenShift Container Platform. For more information, see Configuring your firewall.
- Allow control plane nodes to communicate with the management plane.
-
- Destination IP addresses: 52.117.39.146, 169.48.134.66, 169.63.36.210
- Destination hostnames:
c119.us-south.satellite.cloud.ibm.com
,c119-1.us-south.satellite.cloud.ibm.com
,c119-2.us-south.satellite.cloud.ibm.com
,c119-3.us-south.satellite.cloud.ibm.com
,c119-e.us-south.satellite.cloud.ibm.com
- Protocol and ports: TCP 30000 - 32767 and UDP 30000 - 32767
- Allow control plane nodes to back up control plane etcd data to IBM Cloud Object Storage.
-
- Destination IP addresses: N/A
- Destination hostnames:
s3.us-south.cloud-object-storage.appdomain.cloud
and*.s3.us-south.cloud-object-storage.appdomain.cloud
- Protocol and ports: HTTPS 443
- Allow continuous delivery of updates to platform components.
-
- Destination IP addresses: N/A
-
- Destination hostnames:
s3.us.cloud-object-storage.appdomain.cloud
and*.s3.us.cloud-object-storage.appdomain.cloud
- Protocol and ports: HTTPS 443
- Destination hostnames:
- Allow Link tunnel clients to connect to the Link tunnel server endpoint.
-
- Destination IP addresses: 169.48.139.210, 169.48.188.146, 169.59.239.66, 169.60.2.74, 169.61.140.18, 169.61.156.226, 169.61.31.178, 169.61.38.178, 169.62.221.10
- Destination hostnames:
c-01-ws.us-south.link.satellite.cloud.ibm.com
,api.link.satellite.cloud.ibm.com
- Protocol and ports: HTTPS 443
-
You can find the hostnames or IP addresses by running the
dig c-<XX>-ws.us-south.link.satellite.cloud.ibm.com +short
command. Replace<XX>
with01
,02
, and so on, until no more DNS results are returned. - Allow hosts to be attached to a location and assigned to services in the location.
-
- Destination IP addresses: 169.46.110.218, 169.47.70.10, 169.62.166.98, 104.94.220.130, 104.94.221.130, 104.94.222.138, 104.94.223.138, 104.96.176.130, 104.96.177.130, 104.96.178.132, 104.96.179.132, 104.96.180.129, 104.96.181.129
- Destination hostnames:
origin.us-south.containers.cloud.ibm.com
andbootstrap.us-south.containers.cloud.ibm.com
- Protocol and ports: HTTPS 443
- Allow Akamai proxied load balancers for Satellite Config and Link API.
-
- Destination IP addresses: Akamai's source IP addresses
- Destination hostnames:
api.us-south.link.satellite.cloud.ibm.com
,config.us-south.satellite.cloud.ibm.com
,us-south.containers.cloud.ibm.com
,config.satellite.cloud.ibm.com
- Protocol and ports: HTTPS 443
- Allow hosts to communicate with IBM Cloud Container Registry.
-
- Destination IP addresses: N/A
- Destination hostnames:
icr.io
,us.icr.io
,registry.bluemix.net
,registry.ng.bluemix.net
- Protocol and ports: HTTPS 443
- Optional: Allow hosts to communicate with IBM Cloud Log Analysis.
-
- Destination IP addresses and hostnames: IBM Cloud Log Analysis endpoints
- Protocol and ports: HTTPS 443
-
If you plan to use IBM Cloud Log Analysis in your Red Hat OpenShift on IBM Cloud Satellite clusters, then include these network options.
- Optional: Allow hosts to communicate with IBM Cloud Monitoring.
-
- Destination IP addresses and hostnames: Monitoring endpoints
- Protocol and ports: HTTPS 443 and 6443
-
If you plan to use Monitoring in your Red Hat OpenShift on IBM Cloud Satellite clusters, then include these network options.