OpenStack

The table below describes OpenStack internal protocols and ports used outside the Calico networking.

Component	Network	Protocol	Port	Description	Consumers
Nova	Live migration network	TCP	8022	SSH transport for migration	nova-compute during migration
Libvirt	Live migration network	TCP	16509	Libvirt	nova-compute during migration
Libvirt	Live migration network	TCP	5900-6923	VNC ports accessed from noVNC Proxy	nova-novncproxy, nova-spiceproxy
Neutron	Tunnel network	UDP	4790	Neutron tenant networks	neutron-ovs agents
Neutron/IPsec	Tunnel network	UDP	500	IKE/ISAKMP	neutron-ovs agents
Neutron/IPsec	Tunnel network	ESP (50)			neutron-ovs agents
Neutron/IPsec	Tunnel network	AH (51)			neutron-ovs agents
Ironic	OpenStack bare metal network	TCP	8080	NGINX HTTP storage	Bare metal nodes
Ironic	OpenStack bare metal network	UDP	69	TFTP	Bare metal nodes

Services exposed outside a managed cluster to public clients

Component	Network	Protocol	Port	Description
Ingress	MetalLB	TCP	80, 443	Public OpenStack endpoints
Designate/PowerDNS	MetalLB	UDP/UDP	53	PowerDNS back end