IBM Cloud Docs
Non-RHCOS enabled locations in Sydney

Non-RHCOS enabled locations in Sydney

The following network requirements are for outbound connectivity for Red Hat Enterprise Linux (RHEL) hosts for use with non Red Hat CoreOS enabled locations in the Sydney (au-syd) region.

The type of location that you create dictates the type of operating systems that can run on your hosts. If your location is RHCOS enabled, then you can attach hosts that are running either RHEL and RHCOS. If your location isn't RHCOS enabled, then you can attach only hosts that are running RHEL. You can check whether your location is RHCOS enabled. For more information about operating system support, see Planning your operating system.

You can verify your host setup with the satellite-host-check script. For more information, see Checking your host setup.

You can download a copy of these requirements.

Review the following outbound network requirements for RHEL hosts for use with non-RHCOS enabled locations in the Sydney (au-syd) region.

Allow hosts to connect to IBM.
  • Destination hostnames: cloud.ibm.com, containers.cloud.ibm.com, api.link.satellite.cloud.ibm.com
  • Protocol and ports: HTTPS Port 443
Allow access to Red Hat network time protocol (NTP) servers.
  • Destination hostnames: 0.rhel.pool.ntp.org, 1.rhel.pool.ntp.org, 2.rhel.pool.ntp.org, 3.rhel.pool.ntp.org
  • Protocol and ports: Allow NTP protocol and provide UDP on port 123.
Allow hosts to communicate with Cloud Identity and Access Management.
  • Destination hostnames: https://iam.bluemix.net, https://iam.cloud.ibm.com
  • Protocol and ports: TCP 443

Your firewall must be Layer 7 to allow the IAM domain name. IAM does not have specific IP addresses that you can allow. If your firewall does not support Layer 7, you can allow all HTTPS network traffic on port 443.

Allow hosts to connect to the LaunchDarkly service.
  • Destination hostnames: app.launchdarkly.com,clientstream.launchdarkly.com
  • Protocol and ports: HTTPS 443
Allow hosts to communicate with Red Hat Container Registry.

Allow your host machines to access the required sites for OpenShift Container Platform. For more information, see Configuring your firewall.

Allow control plane nodes to communicate with the management plane.
  • Destination IP addresses: 130.198.65.82, 135.90.66.194, 168.1.58.90
  • Destination hostnames: c106.au-syd.satellite.cloud.ibm.com, c106-1.au-syd.satellite.cloud.ibm.com, c106-2.au-syd.satellite.cloud.ibm.com, c106-3.au-syd.satellite.cloud.ibm.com, c106-e.au-syd.satellite.cloud.ibm.com
  • Protocol and ports: TCP 30000 - 32767 and UDP 30000 - 32767
Allow control plane nodes to back up control plane etcd data to IBM Cloud Object Storage.
  • Destination IP addresses: N/A
  • Destination hostnames: s3.au-syd.cloud-object-storage.appdomain.cloud and *.s3.au-syd.cloud-object-storage.appdomain.cloud
  • Protocol and ports: HTTPS 443
Allow continuous delivery of updates to platform components.
  • Destination IP addresses: N/A
  • Destination hostnames: s3.us.cloud-object-storage.appdomain.cloud and *.s3.us.cloud-object-storage.appdomain.cloud
  • Protocol and ports: HTTPS 443
Allow Link tunnel clients to connect to the Link tunnel server endpoint.
  • Destination IP addresses: 130.198.75.74, 135.90.67.154, 168.1.201.194
  • Destination hostnames: c-01-ws.au-syd.link.satellite.cloud.ibm.com, api.link.satellite.cloud.ibm.com
  • Protocol and ports: HTTPS 443

You can find the hostnames or IP addresses by running the dig c-<XX>-ws.au-syd.link.satellite.cloud.ibm.com +short command. Replace <XX> with 01, 02, and so on, until no DNS results are returned.

Allow hosts to be attached to a location and assigned to services in the location.
  • Destination IP addresses: 130.198.66.26, 135.90.69.66, 168.1.8.195, 104.94.220.125, 104.94.221.125, 104.94.222.133, 104.94.223.133, 104.96.176.125, 104.96.177.125, 104.96.178.127, 104.96.179.127, 104.96.180.124, 104.96.181.124
  • Destination hostnames: origin.au-syd.containers.cloud.ibm.com and bootstrap.au-syd.containers.cloud.ibm.com
  • Protocol and ports: HTTPS 443
Allow Akamai proxied load balancers for Satellite Config and Link API.
  • Destination IP addresses: Akamai's source IP addresses
  • Destination hostnames: api.au-syd.link.satellite.cloud.ibm.com, config.au-syd.satellite.cloud.ibm.com, au-syd.containers.cloud.ibm.com, config.satellite.cloud.ibm.com
  • Protocol and ports: HTTPS 443
Allow hosts to communicate with IBM Cloud Container Registry.
  • Destination IP addresses: N/A
  • Destination hostnames: icr.io, registry.bluemix.net, au.icr.io, registry.au-syd.bluemix.net
  • Protocol and ports: HTTPS 443
Optional: Allow hosts to communicate with IBM Cloud Log Analysis.

If you plan to use IBM Cloud Log Analysis in your Red Hat OpenShift on IBM Cloud Satellite clusters, then include these network options.

Optional: Allow hosts to communicate with IBM Cloud Monitoring.
  • Destination IP addresses and hostnames: Monitoring endpoints
  • Protocol and ports: HTTPS 443 and 6443

If you plan to use Monitoring in your Red Hat OpenShift on IBM Cloud Satellite clusters, then include these network options.