Link Search Menu Expand Document

This page lists the connectivity requirements for running a SCIONLab AS. Any firewalls or other network equipment must be configured to allow these.

Incoming connectivity requirements

Protocol Port Source Comment
ALL   ESTABLISHED  
ICMP, ICMP6   0.0.0.0/0 Heartbeats
UDP 50000–50010 0.0.0.0/0 SCION inter-AS connectivity
UDP 30000 - 35000 machines in the same SCION AS SCION intra-AS connectivity
TCP 22 82.130.64.0/18
129.132.0.0/16
195.176.96.0/19
192.33.87.0/24
192.33.88.0/23
192.33.91.0/24
192.33.92.0/24
192.33.93.0/24
192.33.94.0/23
192.33.96.0/21
192.33.104.0/22
192.33.108.0/23
192.33.110.0/24
Administrative SSH access for configuration management
TCP 443 82.130.64.0/18
129.132.0.0/16
195.176.96.0/19
192.33.87.0/24
192.33.88.0/23
192.33.91.0/24
192.33.92.0/24
192.33.93.0/24
192.33.94.0/23
192.33.96.0/21
192.33.104.0/22
192.33.108.0/23
192.33.110.0/24
Administrative ILO/MGMT access (for physical machines)

Outgoing connectivity requirements

Protocol Port Destination Comment
ALL   ESTABLISHED  
ICMP, ICMP6   0.0.0.0/0 Heartbeats
UDP 50000–50010 0.0.0.0/0 SCION inter-AS connectivity
UDP 30000–35000 machines in the same SCION AS SCION intra-AS connectivity
TCP 80, 443 0.0.0.0/0 Software updates, monitoring
UDP 51820 82.130.64.0/18
129.132.0.0/16
195.176.96.0/19
192.33.87.0/24
192.33.88.0/23
192.33.91.0/24
192.33.92.0/24
192.33.93.0/24
192.33.94.0/23
192.33.96.0/21
192.33.104.0/22
192.33.108.0/23
192.33.110.0/24
Administrative access for monitoring

Additionally, reliable DNS and NTP services must be accessible (but may be provided by the local network).


Copyright © 2020, Network Security Group, ETH Zurich