Longhorn Networking
This page documents the networking communication between components in the Longhorn system. Using this information, users can write Kubernetes NetworkPolicy to control the inbound/outbound traffic to/from Longhorn components. This helps to reduce the damage when a malicious pod breaks into the in-cluster network.
We have provided some NetworkPolicy example yamls at here. Note that depending on the deployed CNI, not all Kubernetes clusters support NetworkPolicy. See here for more detail.
Note: If you are writing network policies, please revisit this page before upgrading Longhorn to make the necessary adjustments to your network policies.
| From | Port | Protocol | 
|---|---|---|
| Other Longhorn Manager | 9500 | TCP | 
| UI | 9500 | TCP | 
| Longhorn CSI plugin | 9500 | TCP | 
| Backup/Snapshot Recurring Job Pod | 9500 | TCP | 
| Longhorn Driver Deployer | 9500 | TCP | 
| To | Port | Protocol | 
|---|---|---|
| Other Longhorn Manager | 9500 | TCP | 
| Instance Manager | 8500; 8501 | TCP | 
| Backing Image Manager | 8000 | TCP | 
| Backing Image Data Source | 8000 | TCP | 
| External Backupstore | User defined | TCP | 
| Kubernetes API server | Kubernetes API server port | TCP | 
Users defined
| To | Port | Protocol | 
|---|---|---|
| Longhorn Manager | 9500 | TCP | 
| From | Port | Protocol | 
|---|---|---|
| Longhorn Manager | 8500; 8501 | TCP | 
| Other Instance Manager | 10000-30000 | TCP | 
| Node in the Cluster | 3260 | TCP | 
| Backing Image Data Source | 10000-30000 | TCP | 
| To | Port | Protocol | 
|---|---|---|
| Other Instance Manager | 10000-30000 | TCP | 
| Backing Image Data Source | 8002 | TCP | 
| External Backupstore | User defined | TCP | 
None
| To | Port | Protocol | 
|---|---|---|
| Longhorn Manager | 9500 | TCP | 
Longhorn CSI plugin pods communitate with CSI sidecar pods over the Unix Domain Socket at <Kuberlet-Directory>/plugins/driver.longhorn.io/csi.sock
None
| To | Port | Protocol | 
|---|---|---|
| Kubernetes API server | Kubernetes API server port | TCP | 
CSI sidecar pods communitate with Longhorn CSI plugin pods over the Unix Domain Socket at <Kuberlet-Directory>/plugins/driver.longhorn.io/csi.sock
None
| To | Port | Protocol | 
|---|---|---|
| Longhorn Manager | 9500 | TCP | 
| Kubernetes API server | Kubernetes API server port | TCP | 
None
None
| From | Port | Protocol | 
|---|---|---|
| Longhorn Manager | 8000 | TCP | 
| Other Backing Image Manager | 30001-31000 | TCP | 
| To | Port | Protocol | 
|---|---|---|
| Instance Manager | 10000-30000 | TCP | 
| Other Backing Image Manager | 30001-31000 | TCP | 
| Backing Image Data Source | 8000 | TCP | 
| From | Port | Protocol | 
|---|---|---|
| Longhorn Manager | 8000 | TCP | 
| Instance Manager | 8002 | TCP | 
| Backing Image Manager | 8000 | TCP | 
| To | Port | Protocol | 
|---|---|---|
| Instance Manager | 10000-30000 | TCP | 
| User provided server IP to download the images from | user defined | TCP | 
| From | Port | Protocol | 
|---|---|---|
| Node in the cluster | 2049 | TCP | 
None
None
| To | Port | Protocol | 
|---|---|---|
| Longhorn Manager | 9500 | TCP | 
None
| To | Port | Protocol | 
|---|---|---|
| Kubernetes API server | Kubernetes API server port | TCP | 
None
None
Original GitHub issue: https://github.com/longhorn/longhorn/issues/1805
© 2019-2025 Longhorn Authors | Documentation Distributed under CC-BY-4.0
© 2025 The Linux Foundation. All rights reserved. The Linux Foundation has registered trademarks and uses trademarks. For a list of trademarks of The Linux Foundation, please see our Trademark Usage page.