Linux Hub Requirements
- 23 May 2025
- 3 Minutes to read
- Print
- DarkLight
- PDF
Linux Hub Requirements
- Updated on 23 May 2025
- 3 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback!
System Requirements
This chapter provides a list of requirements for the Linux system on which the Nectar Endpoint Client will be installed as a Hub.
Note: it is recommended by Nectar that all hubs be Linux.
Platform Requirements
Nectar Endpoint Client for Linux Hub is supported for the following operating systems:
- Red Hat Enterprise Linux (RHEL9) / Rocky Linux / Oracle Linux / AlmaLinux 8 or 9
- Debian 12
- Ubuntu 22, 23 or 24
Hardware
The platform hardware requirements vary depending on the number of virtual endpoints that have been licensed for the agent. The following are the minimum platform requirements required for installation of a Nectar Endpoint Client on a Linux system:
| Agent Capacity | CPU Cores | RAM | Storage |
| Agent /2 | 2 (min.) 4 (rec.) | 1 GB (min.) 4 GB (rec.) | 110 MB |
| Agent /5 Agent /10 Agent /20 | 4 | 4GB | 500MB |
| Agent /50 | 4 | 4 GB | 2 GB |
| Agent /200 | 4 | 4 GB | 4 GB |
| Agent /1000 | 8 | 8 GB | 40 GB |
Ports and Protocols
The following is a list of ports and protocols used by the Nectar Endpoint Client. If the agent will be running behind a firewall, the following ports should be open in your firewall configuration to allow the agent to function properly.
Local Ports
Port Number | Protocol | Application |
| 68 | UDP | DHCP Client |
| 5060 | TCP | SIP |
| 5060 | UDP | SIP |
| 5061 | TCP/UDP | SIPS (VoIP, Vidconf, SIP OPTIONS tests using TLS) |
| 29999 | UDP | Packet trains to/from remote peer agent (Peer-to-Peer tests) |
| 30000-34000 | UDP | RTP/real-time media (VoIP and Videoconferencing tests) |
| 443 | TCP | Outbound management connections to the Controller |
| Any | ICMP | Inbound ICMP messages (required for some network tests) |
Remote Ports
| Port Number | Protocol | Application |
| 53 | UDP/TCP | DNS server (DNS tests) |
| 67 | UDP | DHCP server (DHCP tests) |
| 5060 | TCP/UDP | SIP signaling (VoIP, Vidconf, SIP OPTIONS tests |
| 5061 | TCP/UDP | SIPS (VoIP, Vidconf, SIP OPTIONS tests using TLS) |
| 29999 | UDP | Packet trains to/from remote peer agent (Peer-to-Peer tests) |
| 30000-34000 | UDP | RTP/real-time media (VoIP and Videoconferencing tests |
| 40006/443 | TCP | Outbound management connections to the Controller |
| 26022 | TCP | Outbound connections to the Controller to request SCP transfer of TLS certificate bundles to the Agent |
* Default port number.
Firewall Configuration
The following sections provide general guidelines for configuring the Linux firewall to open the ports required by the Agent. For more detailed information about firewall configuration, consult the firewalld or iptables documentation.
Using firewalld
The following firewalld command can be used to implement the required firewall rules in RHEL etc, while logged in as 'root':
TypeScript
firewall-cmd --permanent --zone=[default_zone] --add-port=[port_number]/[tcp|udp]For example:
TypeScript
firewall-cmd --permanent --zone=public --add-port=5060/udpsuccess
Multiple ports can be opened with one command. For example:
TypeScript
firewall-cmd --permanent --zone=public --add-port=5060/tcp --add-port=5060/udp --add-port=40000/tcp --add-port=26022/tcp --add-port=29999-50000/udp
successAfter configuring all the necessary ports, enter the following command to reload the firewall service:
TypeScript
firewall-cmd –reloadUsing iptables
The following iptables commands can be used to implement the required firewall rules in older versions of RHEL/CentOS, while logged in as 'root':
TypeScript
# inbound TCP management-domain connections
iptables -A INPUT -p tcp --dport 40000 -j ACCEPT
# inbound ICMP messages
iptables -A INPUT -p icmp -j ACCEPT
# inbound UDP SIP messages
iptables -A INPUT -p udp --dport 5060 -j ACCEPT
# inbound TCP SIP messages
iptables -A INPUT -p tcp --dport 5060 -j ACCEPT
# inbound UDP RTP media and UDP P2P probes
iptables -A INPUT -p udp --dport 29999:50000 -j ACCEPT
# outbound TCP connections to Controller SCP
iptables -A OUTPUT -p tcp --dport 26002 -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
service iptables restart
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]NOTE
The TCP and UDP rules listed above are only valid for default local ports.
Test Interface IP Addressing
When running an active test on an agent, it is necessary to select a specific local interface and IP address to be used as the test interface. It is therefore strongly recommended that a static IP address be assigned to any network interface that will be used to run tests, rather than using DHCP to assign addresses automatically. If dynamic addressing is used and a test interface IP address changes, it will cause all tests currently running on the old IP address to fail, along with any tests scheduled to run using the old IP address.
Dynamic or static IP assignment can be used for the management domain interface used to communicate with the Controller if it is a dedicated interface that will not be used to run tests. For any interface that will be used as a test interface, static IP addressing is advised
Was this article helpful?