<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7232.11">
<TITLE>Re: [AG-TECH] Access Grid 3.0 beta1 available !</TITLE>
</HEAD>
<BODY>
<DIV id=idOWAReplyText40300 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>2 comments:</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>1) Win XP SP2 indeed self-configures the
client machine firewall for the AG Toolkit. The problem is that most
Universities have a group policy to overtake individual firewall control
(usually they turn it off) when the PC is connected to the local network. This
renders local settings void and only central settings count.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2>2) Interestingly, RAT almost always works
(apart when clients have "local " IPs assigned by PIX, where port forwarding or
dedicated IP address assignment help only), but VIC almost never works just by
installing the Toolkit behind regular firewalls. This tells me that in the case
of VIC, the connection is actually initiated by the server (???) and since
many networks specifically block INBOUND connections, VIC can not receive
incoming video, while RAT is fine (client initiates connection??). This would
explain why in many cases parties can talk and may be visible on one side, but
can not receive video on the other (ominous "waiting for video..." message). I
wonder whether something could be done regarding this specific problem (i.e. can
VIC work like RAT in this regard).</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Zsolt</FONT></DIV>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2></FONT> </DIV></DIV>
<DIV id=idSignature58633 dir=ltr>
<DIV><FONT face=Arial color=#000000 size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000000 size=2>_ _ _</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial color=#000000 size=2>Zsolt Nagykaldi, PhD</FONT></DIV>
<DIV><FONT face=Arial size=2>Research Associate, Clinical IT
Specialist</FONT></DIV>
<DIV><FONT face=Arial size=2>University Of Oklahoma Health Sciences
Center</FONT></DIV>
<DIV><FONT face=Arial size=2>Department Of Family And Preventive
Medicine</FONT></DIV>
<DIV><FONT face=Arial size=2>Oklahoma Center For Family Medicine
Research</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>900 NE 10th Street</FONT></DIV>
<DIV><FONT face=Arial size=2>Oklahoma City, OK 73104</FONT></DIV>
<DIV><FONT face=Arial size=2>Phone: (405) 271-8000 Ext.:1-32212</FONT></DIV>
<DIV><FONT face=Arial size=2>Fax: (405)
271-1682</FONT></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> Piers O'Hanlon
[mailto:p.ohanlon@cs.ucl.ac.uk]<BR><B>Sent:</B> Mon 1/30/2006 12:21
PM<BR><B>To:</B> michael.daw@manchester.ac.uk<BR><B>Cc:</B> Nagykaldi, Zsolt F.
(HSC); ag-tech; Socrates Varakliotis<BR><B>Subject:</B> Re: [AG-TECH] Access
Grid 3.0 beta1 available !<BR></FONT><BR></DIV>
<DIV>
<P><FONT size=2>Hi Mike (and others),<BR><BR>> We discussed doing this as
part of the SUMOVER project workshop in<BR>> November. This project is
updating vic and rat at UCL, mainly for the<BR>> AG community. I can't
remember where it was on the priority list,<BR>> though...<BR><BR>I guess
there's a couple of issues here - There's port selection, and<BR>there's
firewall config.<BR>- As mentioned by others the media port ranges are
controlled by the AG<BR>server's config - these can be taken down to narrower
ranges. There's<BR>shouldn't be too much of an issue with multicast venue
address clashing<BR>if the 233/8 GLOP addressing is used by the
servers.<BR><BR>- Secondly the firewall interaction then depends on which
platform AG<BR>client is running on - For those lucky folk running WinXP-SP2
I<BR>understand that AG will automatically configure the windows firewall
to<BR>let AG traffic pass (could possibly explain lack connectivity in
one<BR>previous email if things go wrong?). If you're not running
Windows<BR>Firewall then you're probably back to manual FW config. If
you're<BR>running Linux then you'll need to open some holes in your
firewall<BR>(iptables/ipchains etc) manually.<BR><BR>I should mention that most
of this is out of scope of the media tools<BR>themselves as UDP port selection
isn't generally done by the tools<BR>themselves. The one caveat is that vic does
normally allow the OS to<BR>choose the source port when it sends video packets,
though this doesn't<BR>usually matter if the firewall is appropriately
configured. If needs be<BR>we could add an option to enable source port
selection, or 'symmetric'<BR>ports
usage.<BR><BR>Piers.<BR><BR>> <BR>> More information (though
sparse!):<BR>> <A
href="http://www.cs.ucl.ac.uk/research/sumover/">http://www.cs.ucl.ac.uk/research/sumover/</A><BR><BR>It
has been updated today with more info.<BR><BR>Piers.<BR><BR>> <BR>>
Perhaps one of the team could enlighten
us...?!<BR>><BR>>
------------------------------------------------------------------------<BR>>
*From:* owner-ag-tech@mcs.anl.gov<BR>> [<A
href="mailto:owner-ag-tech@mcs.anl.gov">mailto:owner-ag-tech@mcs.anl.gov</A>]
*On Behalf Of *Nagykaldi, Zsolt<BR>> F.
(HSC)<BR>> *Sent:* 30 January 2006
15:19<BR>> *To:*
ag-tech<BR>> *Subject:* RE: [AG-TECH] Access Grid 3.0
beta1 available
!<BR>><BR>> <BR>>
It seems that most practical problems during implementation
come<BR>> from firewall issues. Are you guys planning
to (at least) narrow<BR>> the UDP port range for VIC
and RAT, or maybe (in my dreams) tunnel<BR>> all
audio/video traffic through a few number of ports that
are<BR>> usually open? I have been networking with a
lot of people who are<BR>> desperate to set up their
nodes and they hit a brick wall every<BR>> time it
comes to push changes through their IT departments,
who<BR>> are freaking out about the idea of opening
ports in such a wide<BR>> range. More and more people
would like to use the system via PIGs<BR>> and not
necessarily big institutional nodes that require weeks,
if<BR>> not months of negotiations and arm-twisting
each time a new client<BR>> is added at a new
location. (The AG Connector would be really<BR>>
helpful, except it causes an ominous looping drop of
all<BR>> audio-video connections, as it has been
reported before, and it is<BR>> very unreliable).
Extra features in v3.0 are nice, but I truly<BR>>
believe that the firewall/ports issue is the most
significant<BR>> barrier to wider adoption of the
Toolkit.<BR>> <BR>> <BR>>
Zsolt<BR>> <BR>> _ _
_<BR>> <BR>> Zsolt
Nagykaldi, PhD<BR>> Research Associate, Clinical IT
Specialist<BR>> University Of Oklahoma Health
Sciences Center<BR>> Department Of Family And
Preventive Medicine<BR>> Oklahoma Center For Family
Medicine
Research<BR>> <BR>>
900 NE 10th Street<BR>> Oklahoma City, OK
73104<BR>> Phone: (405) 271-8000
Ext.:1-32212<BR>> Fax: (405)
271-1682<BR>><BR><BR><BR></FONT></P></DIV>
</BODY>
</HTML>