Yes he also listens to udp4. By allowing udp 3456 and 3457, it worked.

Do you know why 3457 is used when the incoming listening port for
loggregator is specified as 3456?

Sent from my iPhone

On Jun 5, 2015, at 1:58 AM, Lev Berman <lev.berman(a)altoros.com> wrote:

We found the loggregator was listening on port 3456 and 3457 with upd6.


He also probably listens for udp4 connections. Have you tried to allow
udp4 traffic to ports 3456-3457 and check if loggregator collects the logs
after it?

On Fri, Jun 5, 2015 at 4:17 AM, Meng, Xiangyi <xiangyi.meng(a)emc.com>
wrote:

We found the loggregator was listening on port 3456 and 3457 with upd6.



udp6 0 0 [::]:3457 [::]:*





But we can’t use ipv6 in our env. So is there any way to force
loggregator to use ipv4?



Thanks,

Maggie



*From:* cf-dev-bounces(a)lists.cloudfoundry.org [mailto:
cf-dev-bounces(a)lists.cloudfoundry.org] *On Behalf Of *Lev Berman
*Sent:* 2015年6月2日 20:05

*To:* Discussions about Cloud Foundry projects and the system overall.
*Subject:* Re: [cf-dev] What ports will be needed to support hm and
loggregator



Sorry, I've missed your notes about the firewalls you configure for each
CF machine - this firewalls is what needs to be configured to accept UDP
traffic to ports 3456 and 3457 from any host. vSphere itself will probably
allow this traffic without any additional configuration.



On Tue, Jun 2, 2015 at 1:51 PM, Berman Lev <lev.berman(a)altoros.com>
wrote:

I have never worked with vSphere, unfortunately. I've googled a bit and
found this table which shows which TCP and UDP ports are open by default on
vSphere VMs -
https://pubs.vmware.com/vsphere-55/index.jsp#com.vmware.vsphere.security.doc/GUID-ECEA77F5-D38E-4339-9B06-FF9B78E94B68.html.
Consult the vSphere documentation to find out how to add UDP 3456 and 3457
ports to this list.



On Tue, Jun 2, 2015 at 1:32 PM, Meng, Xiangyi <xiangyi.meng(a)emc.com>
wrote:

I deployed my CF on vshpere server.



*From:* cf-dev-bounces(a)lists.cloudfoundry.org [mailto:
cf-dev-bounces(a)lists.cloudfoundry.org] *On Behalf Of *Lev Berman
*Sent:* 2015年6月2日 18:30


*To:* Discussions about Cloud Foundry projects and the system overall.
*Subject:* Re: [cf-dev] What ports will be needed to support hm and
loggregator



You have posted your Application Security Groups -
http://docs.pivotal.io/pivotalcf/adminguide/app-sec-groups.html. This
groups are created and managed by Cloud Foundry.

But the issue here is with security groups configured in your
infrastructure - AWS, OpenStack, etc. Which one is your CF deployed on?



On Tue, Jun 2, 2015 at 1:23 PM, Meng, Xiangyi <xiangyi.meng(a)emc.com>
wrote:

Hi, Lev



Would you please let me know what exactly I should add to my security
group? Following are the current configuration.



- name: public_networks

rules:

- protocol: all

destination: 0.0.0.0-9.255.255.255

- protocol: all

destination: 11.0.0.0-169.253.255.255

- protocol: all

destination: 169.255.0.0-172.15.255.255

- protocol: all

destination: 172.32.0.0-192.167.255.255

- protocol: all

destination: 192.169.0.0-255.255.255.255

- name: dns

rules:

- protocol: tcp

destination: 0.0.0.0/0

ports: '53'

- protocol: udp

destination: 0.0.0.0/0

ports: '53'

default_running_security_groups:

- public_networks

- dns

default_staging_security_groups:

- public_networks

- dns



Thanks,

Maggie



*From:* cf-dev-bounces(a)lists.cloudfoundry.org [mailto:
cf-dev-bounces(a)lists.cloudfoundry.org] *On Behalf Of *Lev Berman
*Sent:* 2015年6月2日 18:16
*To:* Discussions about Cloud Foundry projects and the system overall.
*Subject:* Re: [cf-dev] What ports will be needed to support hm and
loggregator



Hi,

At least for loggregator to successflly talk to metron agents, you need
to add a rule to a security group for your private subnet allowing the
ingress UDP traffic through ports 3456 and 3457 from all hosts (0.0.0.0/0).
See more about security group rules needed for CF here -
http://docs.cloudfoundry.org/deploying/common/security_groups.html.




On Tue, Jun 2, 2015 at 1:04 PM, Meng, Xiangyi <xiangyi.meng(a)emc.com>
wrote:

Hi,



I am updating my cf env from 172 to 197. But I found some issues after
upgrade is done. I couldn’t get the correct running application instance
number:



CF_TRACE=true cf apps

…

"running_instances": -1,

…

application started ?/3



Another issue is I can’t get log information from loggregator. “cf logs”
showed nothing after I restarted my application.



I think this may be related to our firewall configuration. Because in
another environment where no firewall is configured, hm and loggregator
work perfectly well. We have firewalls for deas, routers and all other
components separately(three firewalls). So would anyone please tell me what
ports we should open for deas, routers or other components?



Thanks,

Maggie





--

Lev Berman

Altoros - Cloud Foundry deployment, training and integration



Github*: *https://github.com/ldmberman





--

Lev Berman

Altoros - Cloud Foundry deployment, training and integration



Github*: *https://github.com/ldmberman





--

Lev Berman

Altoros - Cloud Foundry deployment, training and integration



Github*: *https://github.com/ldmberman





--

Lev Berman

Altoros - Cloud Foundry deployment, training and integration



Github*: *https://github.com/ldmberman

--
Lev Berman

Altoros - Cloud Foundry deployment, training and integration

Github
*: https://github.com/ldmberman <https://github.com/ldmberman>*

_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev


_______________________________________________
cf-dev mailing list
cf-dev(a)lists.cloudfoundry.org
https://lists.cloudfoundry.org/mailman/listinfo/cf-dev