Collectora.storj.io (104.154.195.27) outgoing traffic on port udp/9000

Hi,

since some time, I’m having thousands of lines in my firewall log, of the machine on which my nodes run, trying to connect 50 to 100 times per second to 104.154.195.27 on (remote) port UDP/9000

I found out that this IP refers to collectora.storj.io, so the telemetry collector.

Is it a requirement for a node to operate to be able to connect to collectora.storj.io on UDP/9000 ?
if so, can it be added and described in the documentation?

it seems to be disabled in my config, but still trying to send telemetry?

# address to send telemetry to
# metrics.addr: collectora.storj.io:9000
...
# how frequently to send up telemetry
# metrics.interval: 1m0s

P.S. My 2 nodes are working, getting data, audits at 100% and so on (so it all looks healthy)

1 Like

this is how storj know how much you send and get dat from clients, so how much they need to pay you.

1 Like

Hmm ok
but I’ve been paid before, and my dashboard shows me my payout info, updated daily,
while port udp/9000 has never been open on my firewall for this host
so something changed then?

1 Like

Pretty sure it’s only non-essential telemetry data. Payouts are calculated by the satellites and based on data stored and bandwidth orders settled directly with the satellite.

I’m pretty sure this domain is only used to monitor the behavior of nodes. Probably best to not block it, but I doubt it’s a problem. Either way, outgoing ports for the node should be open for correct operation anyway. So don’t block any outgoing ports for the node.

3 Likes

From security perspective, it is always good the know the expected traffic patterns, that is why I always set my firewalls restrictive in stead of permissive.

But if the traffic is part of the STORJ ecosystem, I’ve no problem allowing it of course.

1 Like

Nodes don’t know beforehand on which outgoing ports they will need to connect. Therefor you shouldn’t be blocking any outgoing port for these processes. I don’t disagree with your statement on security, but I think you’ll have to find a way to make an exception for this process (on the node machine itself) and/or the node device (on the network level).

1 Like