We have an HDP cluster which is managed by Ambari. We have been asked to put a firewall and block unknown ports. We have noticed there is an interaction between Ambari Metrics collector and all of the nodes exactly in the opposite direction of Ambari Metrics designed architecture! Based on the architecture, the interaction should be from all of the machines in HDP cluster as a source to Ambari Metrics machine port 6188 as a destination. However, we've found out in addition to this connectivity, there is another type of interaction from source port 6188 on Ambari Metrics machine to all of the machines in HDP cluster with an ephemeral port as the destination port. I was wondering what the purpose of this interaction is and whether it makes sense to have such an interaction or not?
Hi Ali, the communication between HDP daemons an AMS is only on the HTTP connection on port 6188. The connections that you are seeing on the client side are just tcp connections that client will use a random port for while opening a tcp connection. On the client side, the one initiating the connection to the server, it has to pick a source port to fulfil its part of that 4-tuple needed to uniquely identify a connection. Clients usually pick a random port in the 1025-65535 range. The server-side port is still 6188 which should be used to design the firewall rule.