- This topic has 6 replies, 3 voices, and was last updated March 2, 2022 by Matthew L.
We are seeing UDP traffic over ports in the 44,400 range between Zerto VRAs. Is anyone else seeing the same?
I can find no mention of this in the documentation.Shannon SDecember 10, 2015 06:37:29 PM
I know we covered this in a case, but I wanted to post the port requirements listing.
http://s3.amazonaws.com/zertodownload_docs/Latest/Zerto%20Virtual%20Replication%20Zerto%20Virtual%20Manager%20%28ZVM%29%20-%20vSphere%20Online%20Help/index.html#page/ZertoVirtualManagerInstallationandConfiguration%2FInstall_VC.1.4.htmlSenior Technical Architect at ZertoKenny LJanuary 4, 2016 08:25:58 PM
Anyone else see the UDP packets on ports like 44446, 44447, 44448?
I see them coming from the ZRAs between sites.Shannon SJanuary 6, 2016 12:20:17 PM
The UDP activity is from the dhclient on the VRA. We have a feature request to change the behavior in future versions. However, as long as you have the required ports open per our documentation, everything will function correctly.Senior Technical Architect at ZertoGreg BJune 5, 2020 07:07:08 PM
Is there a way to turn this off on the VRAs?David VJanuary 25, 2022 07:24:55 PM
Had a case open for this very issue. Zerto’s response:
“Being that VRAs are Linux based virtual machines and require dhclient to be active, UDP ports in the 444xx range will appear when performing a security scan. UDP ports in the 444xx range are not required for the VRA functionality and therefore can be blocked by the customer.
All ports above port 32768 are known as ephemeral ports, which are random ports assigned to the client side of a client-server connection.
These ephemeral ports are used for Linux DHCP communication and are not needed for replication.
Zerto recommends UDP ports in the 444xx be blocked by the customer.”Matthew LMarch 2, 2022 03:50:06 AM
We just ran into this as well, but found something slightly different. A security tool we had found that the VRA was sending UDP traffic to other VRA’s in the same subnet and another site. It always started at UDP port 44447 and incremented from there. That is exactly how tracepath works. Come to find, there is a cron job on the VRA that runs a series of connectivity checks constantly to the other devices, one of those tests is tracepath. Below is the crontab entry, and if you cat out that script you’ll see the references to tracepath and how it reads in the IP’s from a file. Hope this helps someone, as it was driving us nuts.
crontab -l | grep Connectivity
0 * * * * /mnt/run/scripts/periodicPeersConectivityTester.sh 2>&1 | /mnt/run/zvr/bin/LogWriter /mnt/logs/peersConnectivity 100