The gridBox connects to various public endpoints during its normal operation through an Internet connection that needs to be established on site. Restrictions that limit this access can have an impact on the long-term functionality of the gridBox. The following document gives an overview of the domains and IPs that the gridBox contacts, and for what purpose these connections are necessary. For all services that are listed by domain name, the IP addresses to which the domain names resolve may change at any time. Note that all of the following are outgoing connections - the gridBox does not require any inbound connections from the public Internet, port forwarding or similar.
This list is not guaranteed to be complete. For best performance and reliable operation we recommend to not restrict the internet access by the gridBox.
Cloud Connectivity
The gridX Cloud
The core functionality of the gridBox relies on the backend services of our XENON platform. Through this, the gridBox is commissioned & parameterized, and it in turn uploads measurements from connected assets. All of this communication goes to:
edge.platform.gridx.ai on TCP port 443
Device Services
For application updates and remote maintenance features, the gridBox connects to multiple endpoints, all on TCP port 443:
Base API HTTPs: api.ds.gridx.ai
Separate endpoint for logs: logs.ds.gridx.ai
Separate metrics endpoint: metrics.ds.gridx.ai
Remote maintenance: ssh.ds.gridx.ai and vpn.ds.gridx.de
Application and OS updates are also indirectly backed by different AWS services, also all contacted through TCP port 443:
General AWS related services: *.cloudfront.net
ECR base API: ecr.eu-central-1.amazonaws.com, public.ecr.aws
Various private ECR registries: *.dkr.ecr.eu-central-1.amazonaws.com (various subdomains)
S3: s3.eu-central-1.amazonaws.com, prod-eu-central-1-starport-layer-bucket.s3.eu-central-1.amazonaws.com (for ECR image downloads)
DNS
Various public DNS servers are contacted for reliability. At least one of them needs to be reachable such that the gridBox can establish a connection to any other domain, though we recommend allowing traffic to all of them. These are all contacted on UDP port 53:
8.8.8.8
8.8.4.4
185.121.177.177
185.121.177.53
91.239.100.100
89.233.43.71
208.67.222.222
208.67.220.220
1.1.1.1
1.0.0.1
NTP
The gridBox needs to have an accurate knowledge of the current time in order to verify certificates that are needed to establish a secure connection to the above services. For this purpose, it contacts multiple public NTP servers on UDP port 123, at least one of which must be reachable:
pool.ntp.org
ptbtime3.ptb.de
ptbtime2.ptb.de
ptbtime1.ptb.de
ntps1-1.eecsit.tu-berlin.de
ntps1-0.eecsit.tu-berlin.de
Local Connectivity
Besides connecting to the above endpoints via the public Internet, the gridBox also makes use of the local network to directly connect to energy assets. Communication protocols and ports vary between the individual supported assets. Please consult the respective commissioning document for more details.
In order to automatically detect supported assets in the local network, the gridBox might (depending on configuration) perform ARP sweeps, i.e. send ARP requests to possible IP addresses in the local network and check for responses. Some firewall solutions or features in e.g. routers classify this as unwanted behavior and might restrict public or private network access for the gridBox as a result. We recommend turning off such features or using different network equipment. Please consult the documentation and the manufacturer of the network equipment for more details.
Summary
Server | Port | TCP/UDP | Purpose |
edge.platform.gridx.ai | 443 | TCP | gridX cloud |
api.ds.gridx.ai | 443 | TCP | Device services |
logs.ds.gridx.ai | 443 | TCP | Device services |
metrics.ds.gridx.ai | 443 | TCP | Device services |
vpn.ds.gridx.de | 443 | TCP | Device services |
ssh.ds.gridx.ai | 443 | TCP | Device services |
ecr.eu-central-1.amazonaws.com | 443 | TCP | Device services |
public.ecr.aws | 443 | TCP | Device services |
*.dkr.ecr.eu-central-1.amazonaws.com | 443 | TCP | Device services |
s3.eu-central-1.amazonaws.com | 443 | TCP | Device services |
prod-eu-central-1-starport-layer-bucket.s3.eu-central-1.amazonaws.com | 443 | TCP | Device services |
*.cloudfront.net | 443 | TCP | Device services |
8.8.8.8 | 53 | UDP | DNS* |
8.8.4.4 | 53 | UDP | DNS* |
185.121.177.177 | 53 | UDP | DNS* |
185.121.177.53 | 53 | UDP | DNS* |
91.239.100.100 | 53 | UDP | DNS* |
89.233.43.71 | 53 | UDP | DNS* |
208.67.222.222 | 53 | UDP | DNS* |
208.67.220.220 | 53 | UDP | DNS* |
1.1.1.1 | 53 | UDP | DNS* |
1.0.0.1 | 53 | UDP | DNS* |
pool.ntp.org | 123 | UDP | NTP* |
ptbtime3.ptb.de | 123 | UDP | NTP* |
ptbtime2.ptb.de | 123 | UDP | NTP* |
ptbtime1.ptb.de | 123 | UDP | NTP* |
ntps1-1.eecsit.tu-berlin.de | 123 | UDP | NTP* |
ntps1-0.eecsit.tu-berlin.de | 123 | UDP | NTP* |
*at least one NTP respectively DNS server has to be reachable
FAQ
Question 1
Answer 1