DO NOT SHARE THESE DOCS WITH CUSTOMERS!
This is an LA release that will only be provided to a select number of PLM-sanctioned customers (PDFs only). Contact PLM for details.
Security groups and security group rules control what traffic can access the instances. You can use the Horizon dashboard GUI or the OpenStack CLI to create security rules or security groups. Refer to OpenStack documentation or the documentation provided by your OpenStack vendor for more information.
OpenStack security groups do not apply to SR-IOV interfaces.
Prior to instantiating, you can consider adding a rule that enables the ICMP protocol to enable the instance to respond to ping message. In addition to such basic rules, the following tables provide a summary of all the ports used by the SBC SWe application in an OpenStack cloud environment. Access through these ports should be allowed by adding security rules in the default security group or in another security group you create and associate with the instance.
You can continue to add, delete, or modify security rules after the instance is deployed.
Some ports are specific to an application or a feature and are only required when it is in use. Similarly, some ports are specific to a particular SBC personality type (M-SBC, S-SBC, I-SBC, SLB) or OAM nodes.
The fields in the following tables are:
Direction (initial) - for UDP, this will be BOTH. For TCP, this will be OUTBOUND for clients and INBOUND for servers (to match the direction of the initial connection).
These definitions match the way firewall rules typically have to be defined.
The following three tables provide input for security rules grouped by port type.