Subnets

The gateway has two independent network interfaces: The uplink network and the anchor network. We have 2 different gateway models in use, and depending on which gateway you have the network ports for these interfaces will differ a bit:

  • Our standard gateway (included in the Enterprise kit, and usually used for full installations):

    On this gateway the port for the uplink network is labeled LAN1 or UPLINK (depending on when you received your gateway), and the ports for the anchor network are labeled ANCHOR NETWORK (internally they’re all connected to each other).

  • Our compact gateway (included in the Enterprise kit Lite):

    On this gateway the port for the uplink network is labeled 2, and the port for the anchor network is labeled 1.

Uplink network

The uplink network is used to connect the gateway to your home or company network. Through this port, the gateway is expected to reach the internet. By default the gateway will request an IP address from the DHCP server running on this network, but it’s also possible to define a static IP address for the gateway.

Anchor network

The anchor network is used to connect the anchors to the gateway. It is strongly recommended that only anchors (and network switches) are connected to this network. On the anchor network of the gateway, a DHCP server is configured which assigns IP addresses within the subnetwork 10.0.0.1/24. When a device is connected to the anchor network, it will receive an IP address from the gateway, and it will be able to access the gateway through the static IP address 10.0.0.254.

Sometimes, it may occur that the subnet 10.0.0.1/24 is already in use for a different application. This is fine and will work if the anchor network is physically separated from the other network. Although if this is not the case and switches are shared for different applications, VLANs need to be configured on the switches. This will give problems if the subnet or any overlapping subnet is used in another part of the network. In these situations we can configure a different subnet on the gateway for the anchor network, contact us on enterprise@pozyx.io.

Network requirements

If you are using the Pozyx system from the cloud, make sure that the correct IP addresses and ports are whitelisted in your firewall. The Gateway: Info page in the web application will highlight the required ports in green if they are accessible, or in red otherwise. A summary of the used ports and IP’s is given below:

  1. Port 123 (NTP)
    This port should be opened to all IP, unless a local NTP server is used. The NTP configuration of the gateway can be changed in the devices → Gateway:info page by clicking the “edit NTP configuration” button.

  2. Port 53 (DNS)
    This port should be opened for all IP in order to do domain name resolution, translating all the Pozyx FQDN’s and NTP domain names to an IP-address. A local DNS server can be used if this DNS server is advertised in the DHCP lease message from the DHCP server in the local network.

  3. Port 1194 (OpenVPN)
    This port should only be opened for IP 34.247.139.22 in order for Pozyx engineers to give remote support. If this port is closed, the positioning system will still work but the possibility of remote support is limited.

  4. Port 443 (HTTPS and WSS)
    This port has to be opened for 5 FQDN’s and their corresponding IP:
    - static IP = 52.215.147.210
    This IP is permanent for now but be aware that we are in the progress of migrating our Cloud services to managed EKS. Once the migration is done this IP will change one time to a new static address. This address will be 54.73.5.40
    FQDN’s

    1. capi.cloud.pozyxlabs.com

    2. uws.cloud.pozyxlabs.com     

    3. gws.cloud.pozyxlabs.com

    4. uauth.cloud.pozyxlabs.com

    5. gauth.cloud.pozyxlabs.com

Port number

Type

Direction

Purpose

443

TCP

OUT

HTTPS and WSS

Required for usage of the Pozyx web application in the cloud and OpenVPN (the gateway needs to authenticate itself to our cloud and request a VPN certificate before it can establish a VPN connection to our VPN server).

123

UDP

OUT

NTP

Enables optional network system time synchronization. NTP is only needed for time synchronization with an already existing network. Internal synchronization of our RTLS (= synchronization of the clocks in the Pozyx anchors) does not require this.

1194

TCP/UDP1

OUT

OpenVPN

Required for remote support by Pozyx engineers.

53

TCP/UDP2

OUT

DNS

Required for usage of the Pozyx web application in the cloud and OpenVPN.


1 https://openvpn.net/faq/why-does-openvpn-use-udp-and-tcp/

2 https://docs.microsoft.com/en-us/troubleshoot/windows-server/networking/dns-works-on-tcp-and-udp