Link Search Menu Expand Document

This page lists the connectivity requirements for running a SCIONLab AS. Any firewalls or other network equipment must be configured to allow these.

Incoming connectivity requirements

Protocol Port Source Comment
ALL   ESTABLISHED  
ICMP, ICMP6   0.0.0.0/0 Heartbeats
UDP 50000–50010 0.0.0.0/0 SCION inter-AS connectivity
UDP 30000 - 35000 machines in the same SCION AS SCION intra-AS connectivity
TCP 22 82.130.64.0/18
129.132.0.0/16
195.176.96.0/19
192.33.64.0/18
Administrative SSH access for configuration management
TCP 443 82.130.64.0/18
129.132.0.0/16
195.176.96.0/19
192.33.64.0/18
Administrative ILO/MGMT access (for physical machines)

Outgoing connectivity requirements

Protocol Port Destination Comment
ALL   ESTABLISHED  
ICMP, ICMP6   0.0.0.0/0 Heartbeats
UDP 123 0.0.0.0/0 NTP Time Server Access (or provide an internally accessible NTP server)
UDP 50000–50010 0.0.0.0/0 SCION inter-AS connectivity
UDP 30000–35000 machines in the same SCION AS SCION intra-AS connectivity
TCP 80, 443 0.0.0.0/0 Software updates, monitoring

Additionally, reliable DNS and NTP services must be accessible (but may be provided by the local network).


Copyright © 2020, Network Security Group, ETH Zurich