Prerequisites
System requirements, network ports, and required packages for Arctic
Before installing Arctic, ensure your environment meets these requirements.
What You Need
Prerequisites
- Two or more Linux servers with root access
- A
license.jsonfile (provided by Tillered)
Your license controls expiry dates and limits on the number of peers and services in your cluster.
The agent verifies your license on every startup. Once the license expires the agent keeps running and routing existing traffic, but it blocks writes (creating peers, services, and routes) until you supply a valid license. See Licensing for the full expiry behaviour, and the license command reference for checking status and updating a license.
Network Requirements
All agents must be able to communicate with each other. Open these ports on each server:
| Port | Protocol | Purpose |
|---|---|---|
| 8080 | TCP | Agent API (required for CLI and peer communication) |
| 51840 | UDP | IP tunnel traffic (non-TCP routing) |
| 61000 | TCP | TProxy traffic (TCP routing) |
Your workstation (CLI) needs to reach the first peer on port 8080. Peers need to reach each other on all three ports (8080, 51840, 61000).
Important
The CLI only needs to reach the first peer in your configuration. API requests for other peers are automatically proxied through that peer.
Prepare Linux Hosts
As of v1.4.0, the agent talks directly to the kernel over netlink to manage network interfaces, routing, packet marking, and nftables (an xtables fallback exists but is less feature complete). Because of this, you no longer need to install nftables, NetworkManager, tc, or iproute2 to run the agent.
The only required preparation is removing the host firewall.
Why remove the firewall?
Removing the host firewall keeps the initial setup simple, since the agent manages its own kernel-level rules and a host firewall can interfere with them. This is the easiest path to a working cluster.
If you would rather keep a firewall in place, you can leave it installed and instead harden it manually by opening the ports listed above. This is only recommended if you are comfortable managing firewall rules yourself.
AlmaLinux / Rocky Linux / RHEL
dnf remove -y firewalldUbuntu / Debian
ufw disable && apt remove -y ufwNext Steps
Once your hosts are prepared, proceed to Installation to install the Arctic agent and CLI.