diff --git a/_images/fuel-master-node-containers.png b/_images/fuel-master-node-containers.png
new file mode 100644
index 000000000..5486dbdd5
Binary files /dev/null and b/_images/fuel-master-node-containers.png differ
diff --git a/contents/contents-refarch.rst b/contents/contents-refarch.rst
index b254f71c2..7a636d197 100644
--- a/contents/contents-refarch.rst
+++ b/contents/contents-refarch.rst
@@ -14,3 +14,5 @@
 .. include:: /pages/reference-architecture/8100-zabbix.rst
 .. include:: /pages/reference-architecture/8000-fuel-upgrade.rst
 .. include:: /pages/reference-architecture/8800-base-os.rst
+.. include:: /pages/reference-architecture/containers-master-node.rst
+
diff --git a/pages/reference-architecture/containers-master-node.rst b/pages/reference-architecture/containers-master-node.rst
new file mode 100644
index 000000000..1271c01dc
--- /dev/null
+++ b/pages/reference-architecture/containers-master-node.rst
@@ -0,0 +1,48 @@
+.. _containers-master-node:
+
+The Fuel Master node containers structure
+=========================================
+
+Most services hosted on the Fuel Master node,
+require connectivity to PXE network.
+The services used only for internal Fuel
+processes (such as Nailgun and Postgres)
+are limited to local connections only.
+
+Containers structure
+--------------------
+
+.. image:: /_images/fuel-master-node-containers.png
+  :width: 70%
+
+
++=============+=================+============================+
+| Container   | Ports           | Allow connections from     |
++=============+=================+============================+
+| Cobbler     | TCP  80, 443    | PXE network only           |
+|             | UDP  53, 69     |                            |
++-------------+-----------------+----------------------------+
+| Postgres    | TCP  5432       | the Fuel Master node only  |
++-------------+-----------------+----------------------------+
+| RabbitMQ    | TCP  5672,4369  | PXE network only           |
+|             | 15672,61613     |                            |
++-------------+-----------------+----------------------------+
+| Rsync       | TCP  873        | PXE network only           |
++-------------+-----------------+----------------------------+
+| Astute      | none            | N/A                        |
++-------------+-----------------+----------------------------+
+| Nailgun     | TCP  8001       | the Fuel Master node only  |
++-------------+-----------------+----------------------------+
+| OSTF        | TCP  8777       | the Fuel Master node only  |
++-------------+-----------------+----------------------------+
+| Nginx       | TCP  8000,8080  | the Fuel Master node only  |
++-------------+-----------------+----------------------------+
+| Rsyslog     | TCP  8777,25150 | PXE network only           |
+|             | UDP 514         |                            |
++-------------+-----------------+----------------------------+
+| MCollective | none            | N/A                        |
++-------------+-----------------+----------------------------+
+| Keystone    | TCP 5000,35357  | PXE network only           |
++-------------+-----------------+----------------------------+
+
+