http://docs.cloudstack.apache.org/projects/cloudstack-installation/en/4.11/hypervisor/kvm.html
Identifies a number of ports that must be opened.
It specifies a number of Dynamic/Private ports: 49152 - 49216 (libvirt
live migration)
The Cloudstack doc does not recommend reserving these ports.
They could be assigned by the OS for other tasks.
I am not sure if anyone has run into random errors in this area but I
think that it would be a good idea to use sysctl to reserve these ports
and remove them from the dynamic ports available to the OS or other
random programs that use dynamically assigned ports.
Add the following to /etc/sysctl to have these ports removed from the OS
list of available dynamic ports.
|sysctl -w net.ipv4.ip_local_reserved_ports = 49152-49216|
https://www.kernel.org/doc/Documentation/networking/ip-sysctl.txt
For some reason the libvrt guys have not registered their ports (16509,
16514) so we could all be in for a surprise when that port gets assigned
to another program. We can only hope that the program is not one that is
needed by Cloudstack.
https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
If anyone is contact with the authors of libvrt, it would be a good idea
to suggest to them that they reserve the ports that they need.
I think that it is safe to assume that libvrt will be around for a while
and having these ports reserved makes sense.
I am not sure why Cloudstack requires port 1798. It is reserved for
EventTransfer Protocol (etp).
Is this the service that Cloudstack uses or another case of a hijacked port?
Ron