Network Prerequisites
To ensure the performance and stability of Anypoint Platform Private Cloud Edition (Anypoint Platform PCE), every node in your Anypoint Platform PCE environment must meet the network requirements described in this topic.
| Before you install Anypoint Platform PCE, your infrastructure team must review each of the following sections and verify that your environment meets the stated network requirements. If needed, contact your MuleSoft representative for assistance. |
Verify Static IPs
All nodes in the cluster must have static private IPv4 assigned to them, and these must persist after restarts. If IP addresses are not persistent between reboots, the cluster can fail.
Verify VXLAN
The version of Kubernetes supported by Anypoint Platform PCE uses an overlay VXLAN and UDP transport to encapsulate traffic. There is direct communication between components of the cluster. The following table lists the ports used for inter-host communication. You must ensure that all of the following ports are configured correctly on all nodes.
| Protocol | Port/Range | Purpose |
|---|---|---|
TCP/UDP |
53 |
Internal cluster DNS |
TCP |
2379, 2380, 4001, 7001 |
etcd distributed database |
TCP |
4242 |
Installer |
TCP |
6060 |
Health check |
TCP |
6443 |
Kubernetes API server |
TCP |
7496, 7373 |
Serf RPC agent |
TCP |
8080 |
Kubernetes API server |
TCP |
10248, 10249, 10250, 10255 |
Kubernetes Kubelet |
TCP |
5000 |
Docker registry |
TCP |
3008-3012, 3022-3025, 3080, 7496, 7575 |
Cluster control plane |
TCP |
7000, 7011, 7199, 9042, 9160 |
Cassandra |
TCP |
18080, 18443 |
Object store cluster |
TCP |
5431-5435, 5973 |
Database cluster |
TCP |
30000-32767 |
Internal services port range |
TCP |
61008-61010 |
Installer port ranges (only used during install) |
TCP |
61022-61024 |
Installer port ranges (only used during install) |
UDP |
8472 |
Overlay VXLAN network |
TCP |
32009 |
Ops Center Admin UI |
You can use netcat or a similar utility to verify port configuration.
Enable Required Ports
-
You must enable TCP ports 53, 3011, and 3012 on all nodes to allow communication with the database cluster.
-
If you plan to use the GUI installer to install Anypoint Platform PCE, you must enable port 61009.
Verify NAT Traffic Requirements
In some situations, the Kubernetes overlay network uses NAT. NAT requires that nodes be able to send and receive packages with a source and destination different from the node’s internal IP.
Any software that monitors the network traffic must be tuned to allow this type of network interaction.
Verify SMTP Server Requirements
Your network must include an SMTP server to manage email alerts that are triggered by the platform. Anypoint Platform PCE must be connected to this SMTP server.
For additional information, refer to the instructions in Configure SMTP in Anypoint Private Cloud.
Verify External Identity Provider Configuration and Client Management
Your network must include an external identity provider that is compatible with LDAP, OpenIDConnect, or SAML. To configure an External Identity Provider for user SSO (LDAP, OpenIDConnect, and SAML) or for external client management as OpenID Connect, the cluster must be able to access the external identity provider endpoint.
For additional information, refer to the instructions in Configure an External Identity Provider in Anypoint Private Cloud.