Planning for network ports

WebSphere® eXtreme Scale servers require several ports to operate.

Important: Avoid hard coding port numbers from the ephemeral range of your operating system. If you set a port that belongs in the ephemeral range, port conflicts can occur.

Catalog service domain

A catalog service domain requires the following ports to be defined:
peerPort
Specifies the port for the high availability (HA) manager to communicate between peer catalog servers over a TCP stack. In WebSphere Application Server, this setting is inherited by the high availability manager port configuration.
Note: This port is only used for peer-to-peer communication between multiple catalog servers in the same domain.
clientPort
Specifies the port that peer catalog servers use to access each other's service data. While the value defined for peerPort is used for heartbeat communication between peers that are in the same domain, the clientPort is the port over which actual data gets exchanged. In WebSphere Application Server, this port is set through the catalog service domain configuration.
Note: This port is only used for peer-to-peer communication between multiple catalog servers in the same domain.
listenerPort (catalog server)
Specifies the port number to which the Object Request Broker or the eXtremeIO (XIO) transport protocol binds for communication. The port number that is defined for listenerPort is for communication between a client and a catalog server in the same domain. It is also used for communication between a container server and a catalog server that are in the same domain. This port is also used for inter-domain and intra-domain communication between catalog servers.

Default: 2809

Note: When a data grid server is run inside WebSphere Application Server and the ORB transport protocol is being used, another port ORB_LISTENER_ADDRESS must also be opened. The BOOTSTRAP_ADDRESS port forwards requests to this port. If you are using the XIO transport protocol, the XIO_ADDRESS port must be opened.
JMXConnectorPort
Defines the Secure Sockets Layer (SSL) port to which the Java™ Management Extensions (JMX) service binds. Only required if an SSL transport protocol is needed for JMX data.
Note: If you want to collect JMX data, then a JMXServicePort port must also be opened.
Note: If SSL is enabled and a value for JMXConnectorPort is not defined, an ephemeral port is chosen. This port can vary each time that the server is restarted.
SSLPort (optional)
For secure transport of grid data, the SSL port is used only when the ORB transport protocol is used.The XIO protocol does not use a separate SSL port but will send SSL traffic over the listener port. If an SSL port is not configured an ephemeral port is chosen at startup, and this can vary each time the catalog server is restarted. When security is enabled, you must use the following argument on the startOgServer [Version 8.6 and later] or startXsServer script to configure the Secure Socket Layer (SSL) port: -jvmArgs -Dcom.ibm.CSI.SSLPort=<sslPort>.

Container servers

The WebSphere eXtreme Scale container servers also require several ports to operate. By default, an eXtreme Scale container server generates its HA manager port and listener port automatically. For an environment that has a firewall, it is advantageous for you to plan and control ports. For container servers to start with specific ports, you can use the following options in the startOgServer [Version 8.6 and later] or startXsServer command.
HAManagerPort
Specifies the port that is used by the high availability (HA) manager for heartbeat communication between peer container servers. The HAManagerPort port is only used for peer-to-peer communication between container servers that are in same domain. If the HAManagerPort property is not defined, then an ephemeral port is used. In WebSphere Application Server, this setting is inherited by the high availability manager port configuration.

Default: A dynamic port is chosen.

listenerPort (container server)
Specifies the port number to which the ORB or the XIO transport protocol binds for communication. The port number that is defined for listenerPort is used for bidirectional communication between a client and a container server that are in the same domain. It is also used for communication between a catalog server and a container server that are in the same domain. This port is also used for intra-domain replication between primary and replica shards, and inter-domain replication between primary shards.

Default: An ephemeral port is chosen.

Note: When a data grid server is run inside WebSphere Application Server and the ORB transport protocol is being used, another port ORB_LISTENER_ADDRESS must also be opened. The BOOTSTRAP_ADDRESS port forwards requests to this port. If you are using the XIO transport protocol, the XIO_ADDRESS port must be opened.
JMXConnectorPort
Defines the Secure Sockets Layer (SSL) port to which the Java Management Extensions (JMX) service binds. Only required if an SSL transport protocol is needed for JMX data.
Note: If you want to collect JMX data, then a JMXServicePort port must also be opened.
Note: If SSL is enabled and a value for JMXConnectorPort is not defined, an ephemeral port is chosen. This port can vary each time that the server is restarted.
JMXServicePort
Required only for WebSphere eXtreme Scale in a stand-alone environment. Specifies the port number on which the MBean server listens for communication with Java Management Extensions (JMX).

Default: 1099

[Version 8.6 and later]xioChannel.xioContainerTCPSecure.Port
[Version 8.6 and later]
[Version 8.6 and later]Deprecated featureDeprecated: This property is deprecated. The value that is specified by the listenerPort property is used instead.
Specifies the SSL port number of eXtremeIO on the server. This property is used only when the transportType property is set to SSL-Supported or SSL-Required.
[Version 8.6 and later]xioChannel.xioContainerTCPNonSecure.Port
[Version 8.6 and later]
[Version 8.6 and later]Deprecated featureDeprecated: This property is deprecated. The value that is specified by the listenerPort property is used instead.
Specifies the non-secure listener port number of eXtremeIO on the server. If you do not set the value, an ephemeral port is used. This property is used only when the transportType property is set to TCP/IP.
Restriction: The xioChannel.xioContainerTCPNonSecure.Port property is not supported in the Liberty profile.
SSLPort (optional)
For secure transport of grid data, the SSL port is used only when the ORB transport protocol is used. The XIO protocol does not use a separate SSL port but will send SSL traffic over the listener port. If an SSL port is not configured an ephemeral port is chosen at startup, and this can vary each time the container server is restarted. When security is enabled, you must use the following argument on the startOgServer [Version 8.6 and later] or startXsServer script to configure the Secure Socket Layer (SSL) port: -jvmArgs -Dcom.ibm.CSI.SSLPort=<sslPort>.

Proper planning of port control is essential when hundreds of Java virtual machines are started in a server. If a port conflict exists, container servers do not start.

Clients

When using an ORB transport protocol, WebSphere eXtreme Scale clients can receive callbacks from servers when you are using the DataGrid API or other multi-partition operations. Use the listenerPort property in the client properties file to specify the port on which the client listens for callbacks from the server.
listenerPort (client)
Specifies the port number to which the ORB or the XIO transport protocol binds for communication. This setting configures the client to communicate with the catalog and container service. If a listener is not configured with the ORB transport protocol, an ephemeral port is chosen at startup. This port can vary each time the client application is started.

Default: An ephemeral port is chosen.

Note: When a data grid client is run inside WebSphere Application Server and the ORB transport protocol is being used, another port ORB_LISTENER_ADDRESS must also be opened. The BOOTSTRAP_ADDRESS port forwards requests to this port.
SSLPort (optional)
For secure transport of grid data, the SSL port is used only when the ORB transport protocol is used. When the ORB [Version 8.6 and later]or XIO transport protocol is used, SSL is an optional configuration. [Version 8.6 and later]When SSL is enabled with the XIO protocol, it does not use a separate SSL port and sends SSL traffic over the listener port. When SSL is enabled with the ORB transport protocol, both sides can initiate traffic. If an SSL port is not configured an ephemeral port is chosen at startup, and this can vary each time the client is restarted. When security is enabled, you must use the following system property when starting the client process: -Dcom.ibm.CSI.SSLPort=<sslPort>.

Ports in WebSphere Application Server

  • The listenerPort value is inherited. The value is different depending on the type of transport you are using:
    • If you are using the ORB transport, the BOOTSTRAP_ADDRESS and the ORB_LISTENER_ADDRESS values for each WebSphere Application Server application server are used.
    • [Version 8.6 and later]If you are using the IBM eXtremeIO transport, the XIO_ADDRESS value is used.
  • The haManagerPort and peerPort values are inherited from the DCS_UNICAST_ADDRESS value for each WebSphere Application Server application server.
  • The JMXServicePort and JMXConnectorPort values are inherited from the BOOTSTRAP_ADDRESS value for each WebSphere Application Server application server.
  • The SSLPort value is inherited from the CSIV2_SSL_SERVERAUTH_LISTENER_ADDRESS value for each WebSphere Application Server application server.

You can define a catalog service domain in the administrative console. For more information, see Creating catalog service domains in WebSphere Application Server.

You can view the ports for a particular server by clicking one of the following paths in the administrative console:
  • WebSphere Application Server Network Deployment Version 7.0 and later: Servers > Server Types > WebSphere Application Servers > server_name > Ports > port_name.

Planning your environment for firewall communication

In order for correct data grid operations to occur, you must ensure that all necessary grid communication is allowed through any firewall. The following topics are based on an example scenario in which there are two domains: A and B. Each catalog service domain has two catalog servers and two container servers. An inter-domain link exists between domain A and domain B. Use this sample to identify which ports must be opened. Except where noted, Transport Control Protocol (TCP) transport is used for all firewall communication.