Why does RHEV use network ports outside of the documented range 5634 - 6166 for remote display of VMs?

Solution Verified - Updated -

Environment

  • Red Hat Enterprise Virtualization 3.2 or 3.3.
  • vdsm version vdsm-4.13.2-0.10.el6ev or earlier.
  • RHEV-Hypervisor 6.6 - 20150603.0

Issue

  • Why do all new VMs created after upgrading to RHEV 3.2 use ports for remote display outside of the documented range 5634 - 6166?
https://<rhevm>/api/vms/<vm_uuid>/ 

[...]
        <display>
            <type>spice</type>
            <address>1.2.3.4</address>
            <port>6236</port>
            <secure_port>6237</secure_port>
            <monitors>1</monitors>
            <allow_override>true</allow_override>
            <smartcard_enabled>false</smartcard_enabled>
        </display>
[...]

Resolution

Please update vdsm to version 4.13.2-0.11.el6ev.

The range of ports for Spice consoles is now 5900 - 6923 (allowing concurrent running of up to 512 virtual machine consoles per host).

This issue was tracked in Red Hat Bugzilla 983088.

UPDATE: There was a regression on RHEV-Hypervisor 6.6 - 20150603.0. Please update to the latest RHEV-Hypervisor

Root Cause

Previously, VDSM's documented port range for SPICE was 5634 to 6166, but it used libvirt's default range of 5900 to 65535. Consequently, firewalls set according to this range could erroneously block SPICE traffic.
Now VDSM uses the 5900 to 6923 range for SPICE, which allows concurrent running of up to 512 virtual machines using the SPICE console.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.