You must plan for data grid traffic between a container
server and another container server.
The examples illustrate where you must allow communication between
these servers. You should read the port properties and values that
are defined in
Planning for network ports.
Figure 1. Intra-domain
traffic between container servers. Communication between these servers
must be allowed through any firewall.
Figure 2. Inter-domain traffic between container servers. If
more domains are configured, then both inter-domain and intra-domain
container service traffic must be allowed through any firewall.

- C1: Both sides can initiate traffic.
- If a High Availability (HA) manager port is not configured, an
ephemeral port is chosen at startup. This port can vary each time
that the server is restarted. In this example, the data grid servers
have an HA manager port that is set to 37834.
For traffic that is initiated by A.ContainerServer1 server, outbound
traffic uses source port: ephemeral, destination port: 37834,
and return traffic from A.ContainerServer2 server flows over the same
connection. Similarly, for traffic that is initiated by A.ContainerServer2
server, outbound traffic uses source port: ephemeral, destination
port: 37834, and return traffic from A.ContainerServer1
server flows over the same connection.
- C2: Both sides can initiate traffic.
- If a listener port is not configured, an ephemeral port is chosen
at startup and this port can vary each time that the server is restarted.
In this example, the data grid servers have a listener port that
is set to 2809. For traffic that is initiated
by A.ContainerServer1 server, outbound traffic uses source port: ephemeral,
destination port: 2809, and return traffic
from A.ContainerServer2 server flows over the same connection. Similarly,
for traffic that is initiated by A.ContainerServer2 server, outbound
traffic uses source port: ephemeral, destination port: 2809,
and return traffic from A.ContainerServer1 server flows over the same
connection.
Note: When a data grid server operates inside WebSphere
Application Server and uses an Object Request Broker (ORB) transport
protocol, another port ORB_LISTENER_ADDRESS must also be opened. The
BOOTSTRAP_ADDRESS port forwards requests to this port.
- C3: When either an IBM® eXtremeIO (XIO) or Object Request Broker
(ORB) transport protocol is used, Secure Socket Layer (SSL) is an
optional configuration. If SSL is enabled, then both sides can initiate
traffic.
- XIO does not use a separate port for SSL and sends SSL traffic
over the listener port. The following applies only when an ORB transport
protocol is used: If an SSL port is not configured, an ephemeral port
is chosen at startup and this port can vary each time that the server
is restarted. In this example, the data grid servers have an SSL
port that is set to 37511. For traffic that
is initiated by A.ContainerServer1 server, outbound traffic uses source
port: ephemeral, destination port: 37511, and
return traffic from A.ContainerServer2 server flows over the same
connection. Similarly, for traffic that is initiated by A.ContainerServer2
server, outbound traffic uses source port: ephemeral, destination
port: 37511, and return traffic from A.ContainerServer1
server flows over the same connection.
- D1: Both sides can initiate traffic.
- If a listener port is not configured, an ephemeral port is chosen
and this port can vary each time that the server is restarted. In
this example, the data grid servers have a listener port that is
set to 2809. For traffic that is initiated
by A.ContainerServer1 server, outbound traffic uses source port: ephemeral,
destination port: 2809, and return traffic
from B.ContainerServer1 server flows over the same connection. Similarly,
for traffic that is initiated by B.ContainerServer1 server, outbound
traffic uses source port: ephemeral, destination port: 2809,
and return traffic from A.ContainerServer1 server flows over the same
connection.
Note: When a data grid server operates inside WebSphere
Application Server and uses an Object Request Broker (ORB) transport
protocol, another port ORB_LISTENER_ADDRESS must also be opened. The
BOOTSTRAP_ADDRESS port forwards requests to this port.
- D2: When either an XIO or ORB transport protocol is used, SSL
is an optional configuration. If SSL is enabled, then both sides can
initiate traffic.
- XIO does not use a separate port for SSL but sends SSL traffic
over the listener port. The following applies only when an ORB transport
protocol is used: If an SSL port is not configured, an ephemeral port
is chosen at startup and this port can vary each time that the server
is restarted. In this example, the data grid servers have an SSL port
that is set to 37511. For traffic that is initiated
by A.ContainerServer1 server, outbound traffic uses source port: ephemeral,
destination port: 37511, and return traffic
from B.ContainerServer1 flows over the same connection. Similarly,
for traffic that is initiated by B.ContainerServer1 server, outbound
traffic uses source port: ephemeral, destination port: 37511,
and return traffic from A.ContainerServer1 server flows over the same
connection.