IP Port Considerations
The HCC2 uses IP ports for internal operations and for exposing operations externally.
When designing an OEM application, avoid the use of IP ports where possible. If you must use an IP port, make sure the port number does not clash with any port in use by the HCC2 device. These port numbers and their usage are identified in the sections below.
Private Subnet
IO board Fixed IP facing the CPU board: 172.17.1.1
CPU board Fixed IP facing the IO board: 172.17.1.2 on eno3
Subnet mask: 255.255.255.0
Network interface names: eno1, eno2, eno3, usb0, cdc-wdm1 external for wwan0, wlp1s0
Other Services
| Port Number | Owner | Connector | Comment | Exposed Externally (Inbound) | ETH 1 & 2 | ETH3 | Cell | Wifi | USB Gadget | ICMP |
|---|---|---|---|---|---|---|---|---|---|---|
| n/a | Ping | Host OS | Allow inbound and outbound ping | (Yes) | Z | Z | X | X | Y |
Port Numbers
Routing rules - route all 172.17.1.1 traffic to ETH3 only (make new network bridge for iobmgr only). Block 172.17.1.1 on edgenet.
Owner reflects the application that binds to (owns) the port. Connector reflects applications that connect to (do not own) the port.
X - Closed by default (configurable)
Y - Always open
Z - Open by default (configurable)
blank - Always closed
NAT (Network Address Translation)
Listed interfaces are sources to forward from. The comments will contain the interfaces to forward to. The supported interfaces shall provide NAT service from their primary outward facing IP to the IP of the IO board (172.17.1.1) on eno3.
| Port Number | Owner | Connector | Comment | Exposed Externally (Inbound) | ETH 1 & 2 | ETH3 | Cell | Wifi | USB Gadget | Docker Managed |
|---|---|---|---|---|---|---|---|---|---|---|
| 44819 | IO Board | CIP Explicit | External | Static forward of port to ETH3 | Yes TCP | Z | X | X | X | No |
| 2223 | IO Board | CIP Implicit | External | Static forward of port to ETH3 | Yes UDP | Z | X | X | X | No |
| 1131 | IO Board | ISaGRAF Debug | External | Static forward of port to ETH3 | Yes TCP | Z | X | X | X | No |
Inbound (Internal or Docker Services)
| Port Number | Owner | Connector | Comment | Exposed Externally (Inbound) | ETH 1 & 2 | ETH3 | Cell | Wifi | USB Gadget | Docker Managed |
|---|---|---|---|---|---|---|---|---|---|---|
| 40022 | SSH/SFTP | Host OS | for SFTP (and SSH when debugging) | (Yes) 40022 | Z | X | X | Y | ||
| 80 | Unity | End User | To be forwarded (always forwards to 443) | (Yes) 80 | Z | X | X | Y | ||
| 123/UDP | NTP | Host OS | Chrony NTP Server to sync clock with IO Board | 123 | Y | |||||
| 123/UDP | NTP | Host OS | Chrony NTP Client to sync clock with external NTP servers | 123 | Z | X | X | |||
| 502 | Modbus | External | Modbus-TCP Framing | Yes | Z | X | X | Z | ||
| 503 | Modbus | External | Modbus-RTU Framing | Yes | Z | X | X | Z | ||
| 3000 | Tag Broker (aka ZMQproxy) | All other Application / Module | The tag broker should open a publishing port and all the other Applications/modules will connect to this port for subscription. | No | (Yes on Debug only) | |||||
| 3001 | Tag Broker (aka ZMQproxy) | All other Application / Module including Configuration Manager. | No | (Yes on Debug only) | ||||||
| 3002 | Cache | May be part of Tag Broker (aka ZMQproxy) | Request port to initiate a cache request. | No | (Yes on Debug only) | |||||
| 3003 | IO Board | IO Board MGR | Fast AI UDP | No | Y | |||||
| 4444 | Optixentitlement | Optix Runtime | Consider putting on separate private network. | No | ||||||
| 5000 | Configuration Manager | All other Applications | All other application / module will connect on ZMQ REQ/REP connection to send the Configuration Schema and receive status back. | No | (Yes on Debug only) | |||||
| 5001 | IO Board MGR | IO Board | Used by IO Board Manager to publish new configuration information to the IO Board (Pub-Sub). | No | (Yes on Debug only) | |||||
| 5002 | IO Board MGR | IO Board | Used by IO Board Manager to send configuration to the IO board (Req-Response). | No | (Yes on Debug only) | |||||
| 5003 | Any Client (Application) | IO Board | Used by any client for sending asynchronous drive parameter read/write requests (Req-Response). | No | (Yes on Debug only) | |||||
| 7000 | Event Manager API | All Other Applications | Used by applications to register commands and send acknowledgement signals. | Event Manager API | No | (Yes on Debug only) | ||||
| 7067 | ENIP Target PDEF Editor | End user | Yes | Z | X | X | Y | |||
| 7068 | OPC-UA Client PDEF Editor | End user | Yes | Z | X | X | Y | |||
| 7069 | DNP3 Outstation PDEF Editor | End user | Yes | Z | X | X | Y | |||
| 7070 | Modbus Map Editor | End user | Yes | Z | X | X | Y | |||
| 7071 | REST Server | Other Application that uses REST APIs | The APIs are accessible. Additionally, with a Development license installed, the Swagger UI is also available. | Yes | Y | Y | ||||
| 7072 | REST Server | Other Application that uses REST APIs over HTTPS | The APIs are accessible. Additionally, with a Development license installed, the Swagger UI is also available on HTTPS. | Yes | Y | Y | ||||
| 8443 | Unity Edge | End user | To be forwarded | Yes (on port 443) | Z | X | X | Y | ||
| 9443 | HMI | COG browser | Presumably FTOptix | No | ||||||
| 7700 | Data Logger Applications API | All Other Applications and Unity | Used by applications to interact with the pre-decimated time series, Event and Alarm Logs. | Event And Alarms Log API | No | (Yes on Debug only) | ||||
| 13000 | CP-Gateway Config | Users | Used to access configuration webpage for cp-gateway. | Yes (temporary) | X | |||||
| 20000 | DNP3 Outstation | Users | Reserved | Yes | ||||||
| 24285 | IO Board Logging Service | Fluent Bit Container | Any application on a host machine (debugging), or CPU board can connect to the logs on this port. | Refer to: logging | No | (Yes on Debug only) | ||||
| 25000 | Modbus Driver | All other Applications | Out Of Band (OOB) port for Modbus requests | ZMQ REP port | No | (Yes on Debug only) | ||||
| 25500 | Modbus | IOB | IOB Serial Server RS485-4 | No | ||||||
| 25501 | Modbus | IOB | IOB Serial Server RS485-5 | No | ||||||
| 23080 | License | WebAdmin | Users | This is HTTP connection. A web interface provided by Wibu to view the license status. | No. (Yes: Only for debugging. Requires root access) | |||||
| 29912 | IO System Control | IOB | Used for rebooting or factory resetting the IOB without relying on containers (IOBM). | No | ||||||
| 39229 | Unity Edge Debug | External Dev | Reserved | |||||||
| 44818 | ENIP Target Driver | End user | User Configured ENIP Target. | |||||||
| 44819 | IOB ENIP Target | Manufacturing System | Manufacturing Only. | |||||||
| 53923 | Optix Entitlement | Optix Runtime | No | |||||||
| 62541 | OPC UA Server | End user | External OPC clients can connect and browse this server. | Yes |