IP Port Considerations
The HCC2 uses IP ports for both internal operation, and also exposes others externally.
When designing an OEM application the use of IP ports should be avoided where possible, and if not, the selection of the post number should not clash with those in use by the HCC2 device. These port numbers and their usage are identified in the sections below.
Private subnet
IO board Fixed IP facing the CPU board: 172.17.1.1
CPU board Fixed IP facing the IO board: 172.17.1.2 on eno3
Subnet mask: 255.255.255.0
Network interface names: eno1, eno2, eno3, usb0, cdc-wdm1 external for wwan0, wlp1s0
Other services
| Port Number | Owner | Connector | Comment | Exposed Externally (Inbound) | ETH 1 & 2 | ETH3 | Cell | Wifi | USB gadget | ICMP |
|---|---|---|---|---|---|---|---|---|---|---|
| n/a | Ping | Host OS | Allow inbound and outbound ping | (Yes) | Z | Z | X | X | Y |
Port numbers
Routing rules - need all 172.17.1.1 traffic routed to ETH3 only. (make new network bridge for iobmgr only). Need to block 172.17.1.1 on edgenet.
Owner reflects the application that binds to the port (owns it). Connector reflects applications that connect to this port (do not own it).
X - Closed by default (configurable)
Y - Always open
Z - Open by default (configurable)
blank - Always closed
NAT (Network Address Translation)
Listed interfaces are sources to forward from. The comments will contain the interfaces to forward to. The supported interfaces shall provide NAT service from their primary outward facing IP to the IP of the IO board (172.17.1.1) on eno3.
| Port Number | Owner | Connector | Comment | Exposed Externally (Inbound) | ETH 1 & 2 | ETH3 | Cell | Wifi | USB gadget | Docker managed |
|---|---|---|---|---|---|---|---|---|---|---|
| 44818 | IO Board | CIP Explicit | External | Static forward of port to ETH3 | Yes TCP | Z | X | X | X | NO |
| 2222 | IO Board | CIP Implicit | External | Static forward of port to ETH3 | Yes UDP | Z | X | X | X | NO |
| 1131 | IO Board | ISaGRAF Debug | External | Static forward of port to ETH3 | Yes TCP | Z | X | X | X | NO |
Inbound (Internal or Docker Services)
| Port Number | Owner | Connector | Comment | Exposed Externally (Inbound) | ETH 1 & 2 | ETH3 | Cell | Wifi | USB gadget | Docker managed |
|---|---|---|---|---|---|---|---|---|---|---|
| 40022 | SSH/SFTP | Host OS | for SFTP (and SSH when debugging) | (Yes) 40022 | Z | X | X | Y | ||
| 80 | Unity | End User | To be forwarded (always forwards to 443) | (Yes) 80 | Z | X | X | Y | ||
| 123/UDP | NTP | Host OS | Chrony NTP Server to sync clock with IO Board | 123 | Y | |||||
| 123/UDP | NTP | Host OS | Chrony NTP Client to sync clock with external NTP servers | 123 | Z | X | X | |||
| 502 | Modbus | External | Modbus-TCP Framing | Yes | Z | X | X | Z | ||
| 503 | Modbus | External | Modbus-RTU Framing | Yes | Z | X | X | Z | ||
| 3000 | Tag Broker (aka ZMQproxy) | All other Application / Module | The tag broker should open a publishing port and all the other Applications/modules will connect to this port for subscription. | No | (Yes on Debug only) | |||||
| 3001 | Tag Broker (aka ZMQproxy) | All other Application / Module including Configuration Manager. | No | (Yes on Debug only) | ||||||
| 3002 | Cache | May be part of Tag Broker (aka ZMQproxy) | Request port to initiate a cache request. | No | (Yes on Debug only) | |||||
| 3003 | IO Board | IO Board MGR | Fast AI UDP | No | Y | |||||
| 4444 | Optixentitlement | Optix Runtime | Consider putting on separate private network. | No | ||||||
| 5000 | Configuration Manager | All other Applications | All other application / module will connect on ZMQ REQ/REP connection to send the Configuration Schema and receive status back. | No | (Yes on Debug only) | |||||
| 5001 | IO Board MGR | IO Board | Used by IO Board Manager to publish new configuration information to the IO Board (Pub-Sub). | No | (Yes on Debug only) | |||||
| 5002 | IO Board MGR | IO Board | Used by IO Board Manager to send configuration to the IO board (Req-Response). | No | (Yes on Debug only) | |||||
| 5003 | Any Client (Application) | IO Board | Used by any client for sending asynchronous drive parameter read/write requests (Req-Response). | No | (Yes on Debug only) | |||||
| 7000 | Event Manager API | All Other Applications | Used by applications to register commands and send acknowledgement signals. | Event Manager API | No | (Yes on Debug only) | ||||
| 7070 | Modbus map editor | End user | Yes | Z | X | X | Y | |||
| 8443 | Unity | End user | To be forwarded | Yes (on port 443) | Z | X | X | Y | ||
| 9443 | HMI | COG browser | Presumably FTOptix | No | ||||||
| 7700 | Data Logger Applications API | All Other Applications and Unity | Used by applications to interact with the pre-decimated time series, Event and Alarm Logs. | Event And Alarms Log API | No | (Yes on Debug only) | ||||
| 13000 | CP-Gateway Config | Users | Used to access configuration webpage for cp-gateway. | Yes (temporary) | X | |||||
| 24285 | IO Board Logging Service | Fluent Bit Container | Any application on a host machine (debugging), or CPU board can connect to the logs on this port. | Refer to: logging | No | (Yes on Debug only) | ||||
| 25000 | Modbus Driver | All other Applications | Out Of Band (OOB) port for Modbus Requests. | ZMQ REP port. | No | (Yes on Debug only) | ||||
| 25500 | Modbus | IOB | IOB Serial Server RS485-4 | NO | ||||||
| 25501 | Modbus | IOB | IOB Serial Server RS485-5 | NO | ||||||
| 23080 | License | WebAdmin | Users | This is HTTP connection. A web interface provided by Wibu to view the license status. | No. (Yes: Only for debuging. Requires root access) | |||||
| 29912 | IO System Control | IOB | Used for Rebooting or Factory Resetting the IOB without relying on containers (IOBM). | NO | ||||||
| 53923 | Optix Entitlement | Optix Runtime | NO |