Linux Hub Requirements
    • 23 May 2025
    • 3 Minutes to read
    • Dark
      Light
    • PDF

    Linux Hub Requirements

    • Dark
      Light
    • PDF

    Article summary

    System Requirements

    This chapter provides a list of requirements for the Linux system on which the Nectar Endpoint Client will be installed as a Hub. 

    Note: it is recommended by Nectar that all hubs be Linux.

    Platform Requirements

    Nectar Endpoint Client for Linux Hub is supported for the following operating systems:

    • Red Hat Enterprise Linux (RHEL9) / Rocky Linux / Oracle Linux / AlmaLinux 8 or 9
    • Debian 12
    • Ubuntu 22, 23 or 24


    Hardware


    The platform hardware requirements vary depending on the number of virtual endpoints that have been licensed for the agent. The following are the minimum platform requirements required for installation of a Nectar Endpoint Client on a Linux system:

    Agent CapacityCPU CoresRAM
    Storage
    Agent /2



    2 (min.)
    4 (rec.)
    1 GB (min.)
    4 GB (rec.)
    110 MB
    Agent /5
    Agent /10
    Agent /20
    44GB500MB
    Agent /50  44 GB2 GB
    Agent /20044 GB4 GB
    Agent /100088 GB40 GB




    Ports and Protocols

    The following is a list of ports and protocols used by the Nectar Endpoint Client. If the agent will be running behind a firewall, the following ports should be open in your firewall configuration to allow the agent to function properly.

    Local Ports

    Port Number

    Protocol

    Application

    68UDPDHCP Client
    5060TCPSIP
    5060UDPSIP
    5061TCP/UDPSIPS (VoIP, Vidconf, SIP OPTIONS tests using TLS)
    29999UDPPacket trains to/from remote peer agent (Peer-to-Peer tests)
    30000-34000UDPRTP/real-time media (VoIP and Videoconferencing tests)
    443TCPOutbound management connections to the Controller
    AnyICMPInbound ICMP messages (required for some network tests)


    Remote Ports

    Port Number 
    ProtocolApplication
    53
    UDP/TCPDNS server (DNS tests)
    67UDPDHCP server (DHCP tests)
    5060
    TCP/UDPSIP signaling (VoIP, Vidconf, SIP OPTIONS tests
    5061TCP/UDPSIPS (VoIP, Vidconf, SIP OPTIONS tests using TLS)
    29999UDPPacket trains to/from remote peer agent (Peer-to-Peer
    tests)
    30000-34000UDPRTP/real-time media (VoIP and Videoconferencing tests
    40006/443TCPOutbound management connections to the Controller
    26022TCPOutbound connections to the Controller to request SCP
    transfer of TLS certificate bundles to the Agent




    * Default port number.

    Firewall Configuration

    The following sections provide general guidelines for configuring the Linux firewall to open the ports required by the Agent. For more detailed information about firewall configuration, consult the firewalld or iptables documentation.

    Using firewalld 

    The following firewalld command can be used to implement the required firewall rules in RHEL etc, while logged in as 'root':

    TypeScript
    firewall-cmd --permanent --zone=[default_zone] --add-port=[port_number]/[tcp|udp]

    For example:

    TypeScript
    firewall-cmd --permanent --zone=public --add-port=5060/udp

    success

    Multiple ports can be opened with one command. For example:

    TypeScript
    firewall-cmd --permanent --zone=public --add-port=5060/tcp --add-port=5060/udp --add-port=40000/tcp --add-port=26022/tcp --add-port=29999-50000/udp
    
    success

    After configuring all the necessary ports, enter the following command to reload the firewall service:

    TypeScript
    firewall-cmd –reload

    Using iptables

    The following iptables commands can be used to implement the required firewall rules in older versions of RHEL/CentOS, while logged in as 'root':

    TypeScript
    # inbound TCP management-domain connections
    
    iptables -A INPUT -p tcp --dport 40000 -j ACCEPT
    
    # inbound ICMP messages
    
    iptables -A INPUT -p icmp -j ACCEPT
    
    # inbound UDP SIP messages
    
    iptables -A INPUT -p udp --dport 5060 -j ACCEPT
    
    # inbound TCP SIP messages
    
    iptables -A INPUT -p tcp --dport 5060 -j ACCEPT
    
    # inbound UDP RTP media and UDP P2P probes
    
    iptables -A INPUT -p udp --dport 29999:50000 -j ACCEPT
    
    # outbound TCP connections to Controller SCP
    
    iptables -A OUTPUT -p tcp --dport 26002 -j ACCEPT
    
    iptables -P INPUT DROP
    
    iptables -P FORWARD DROP
    
    iptables -P OUTPUT ACCEPT
    
    service iptables restart
    
    iptables: Setting chains to policy ACCEPT: filter [ OK ]
    
    iptables: Flushing firewall rules: [ OK ]
    
    iptables: Unloading modules: [ OK ]
    
    iptables: Applying firewall rules: [ OK ]
    NOTE
    The TCP and UDP rules listed above are only valid for default local ports.

    Test Interface IP Addressing

    When running an active test on an agent, it is necessary to select a specific local interface and IP address to be used as the test interface. It is therefore strongly recommended that a static IP address be assigned to any network interface that will be used to run tests, rather than using DHCP to assign addresses automatically. If dynamic addressing is used and a test interface IP address changes, it will cause all tests currently running on the old IP address to fail, along with any tests scheduled to run using the old IP address.

    Dynamic or static IP assignment can be used for the management domain interface used to communicate with the Controller if it is a dedicated interface that will not be used to run tests. For any interface that will be used as a test interface, static IP addressing is advised


    Was this article helpful?

    Changing your password will log you out immediately. Use the new password to log back in.
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    ESC

    Eddy AI, facilitating knowledge discovery through conversational intelligence