Controller/Node Communications

This section only applies to SwiftStack Controller On-Premises installations and is not relevant for SwiftStack customers using SwiftStack Controller As-a-Service.

The communications channel between a SwiftStack Controller On-Premises and its nodes goes through a VPN (OpenVPN) tunnel. During the post-installation setup of a Controller, the OpenVPN subnet is set (to 10.123.0.0/16 by default). If this subnet is already in use or partially overlaps with a subnet already in use, you may specify a different subnet during post-installation setup.

The controller talks to the Nodes inside the VPN through ports 6050, 9914 and 9915. Every Node has firewall rules put in place during installation to disallow any connections initiated from the controller. The controller has firewall rules that only allow connections from the nodes to the controller on the above-mentioned ports.

Troubleshooting

If the controller displays that there are communications errors with Node, then a diagnostics command should be run on the Node to check the current state of the Node.:

$ sudo ssdiag

In cases where node to controller communication problems are not easily solved, a full diagnostics tarball should be generated by running the following command on the Node:

$ sudo ssdiagtarball

The resulting tarball will have a name similar to node-diagnostics-<NodeName>.tar.gz and contain pertinent Node configuration information as well as logs that can help in the troubleshooting of the issue.

In these instances it is recommended to share the diagnostics tarball with SwiftStack Support (support@swiftstack.com). If you need to upload a large diagnostics tarball, please contact Support.