Network port requirements for VMware NSX for vSphere 6.x

Products

VMware NSX

Issue/Introduction

This article provides information on the port requirements for the VMware NSX for vSphere.

For the most up-to-date information, see the Ports and Protocols Required by NSX section of the NSX Installation Guide.

Environment

VMware NSX for vSphere 6.1.x
VMware NSX for vSphere 6.3.x
VMware NSX for vSphere 6.0.x
VMware NSX for vSphere 6.4.x
VMware NSX for vSphere 6.2.x

Resolution

Source	Target	Port	Protocol	Purpose	Services
ESXi Hosts	NSX Manager	5671	TCP	Rabbit MQ (messaging bus technology)	Rabbit MQ
ESXi Host	ESXi Host	6999	UDP	ARP on VLAN LIFs
ESXi Host	NSX Controllers	1234	TCP	Communication between ESX Host and NSX Controller Clusters
Client PC	NSX Manager	443	TCP	NSX Manager Admin Interface	HTTPS
REST Client	NSX Manager	443	TCP	NSX Manager REST API	HTTPS
Client PC	NSX Manager	80	TCP	NSX Manager VIB Access	HTTP
REST Client	NSX Controller	443	TCP	NSX Controller REST API	HTTPS
NSX Controller	NSX Controller	7777	TCP	Inter-Controller RPC Port
NSX Controller	NSX Controller	30865	TCP	Controller Cluster - State Sync
NSX Manager	vCenter Server	443,80	TCP	vSphere Web Access	HTTPS
NSX Manager	vCenter Server	902	TCP	vSphere Web Access	VMware Internal
NSX Manager	ESXi Host	443	TCP	Management and provisioning connection	HTTPS
NSX Manager	ESXi Host	902	TCP	Management and provisioning connection	VMware Internal
NSX Manager	Distributed Firewall	443	TCP	Management and provisioning connection	HTTPS
NSX Manager	Distributed Firewall	902	TCP	Management and provisioning connection	VMware Internal
VXLAN Termination End Point (VTEP)	VXLAN Termination End Point (VTEP)	8472	UDP	Transport Network encapsulation between VTEP end points	VXLAN
NSX Manager	DNS Server	53	TCP/UDP	DNS client connection	DNS
NSX Manager	NTP Time Server	123	TCP/UDP	NTP client connection	NTP
NSX Manager	Syslog Server	514	TCP/UDP	Syslog connection	Syslog
NSX Controller	NSX Controller	2878, 2888, 3888	TCP	State Sync between controllers	Zookeeper
OVSDB Protocol	NSX Controller	6640	TCP	OVSDB Protocol Integration
Primary NSX Manager	Secondary NSX Manager	443	TCP	Cross-vCenter NSX Universal Sync Service
Primary NSX Manager	vCenter Server	443	TCP	vSphere API
Secondary NSX Manager	vCenter Server	443	TCP	vSphere API
Primary NSX Manager	NSX Universal Controller Cluster	443	TCP	NSX Controller REST API
Secondary NSX Manager	NSX Universal Controller Cluster	443	TCP	NSX Controller REST API
ESXi Host	NSX Universal Controller Cluster	1234	TCP	NSX Control Plane Protocol
ESXi Host	Primary NSX Manager	5671	TCP	AMQP
ESXi Host	Secondary NSX Manager	5671	TCP	AMQP
ESXi Host	vCenter Server	443	TCP	VIB deployment/Host preparation	EAM Service
vCenter Server	NSX Manager	443	TCP	Download Web Client plugin(vsmext.zip)	Web Client
ESXi Host	NSX Manager	8301 and 8302	UDP	DVS Sync
NSX Manager	ESXi Host	8301 and 8302	UDP	DVS Sync
USVM	NSX Manager	5671	TCP	Guest Introspection

Additional Information

Starting with NSX 6.2.3, the default VXLAN port is 4789, the standard port assigned by IANA. Before NSX 6.2.3, the default VXLAN UDP port number was 8472.

VMware vSphere 6.0 supports VIB downloads over port 443 (instead of port 80). This port is opened and closed dynamically. The intermediate devices between the ESXi hosts and vCenter Server must allow traffic using this port.

VXLAN port 8472 is reserved or restricted for VMware use, any virtual machine cannot use this port for other purpose or for any other application.

For more information regarding port requirements with other VMware Products, see TCP and UDP Ports required to access VMware vCenter Server, VMware ESXi and ESX hosts, and other network components (1012382).

For more information on NSX ports, see the Ports Required for NSX Communication section in the NSX Installation and Upgrade Guide.