<html>
<body>
Zsolt,<br><br>
Roebridge was always a backup bridge, put in place when we were
having problems with venuesbridge. And since venuesbridge seems to
be working fine we have taken roebridge off line. Please consider,
knock on wood, this to be the permanent bridge configuration.<br><br>
George<br><br>
At 02:16 PM 4/10/2006, Nagykaldi, Zsolt F. (HSC) wrote:<br>
<blockquote type=cite class=cite cite> <br>
<font face="arial" size=2>Anybody knows if recent NCSA venue bridge
changes (roebridge is gone, accessbridge is on) are temporary or pretty
much permanent? Thanks.<br>
</font> <br>
<font face="arial" size=2>Zsolt<br>
</font> <br>
<font face="arial" size=2>_ _ _<br>
</font> <br>
<font face="arial" size=2>Zsolt Nagykaldi, PhD<br>
Research Associate, Clinical IT Specialist<br>
University Of Oklahoma Health Sciences Center<br>
Department Of Family And Preventive Medicine<br>
Oklahoma Center For Family Medicine Research<br>
</font> <br>
<font face="arial" size=2>900 NE 10th Street<br>
Oklahoma City, OK 73104<br>
Phone: (405) 271-8000 Ext.:1-32212<br>
Fax: (405) 271-1682<br>
</font><br>
<hr>
<font face="tahoma" size=2><b>From:</b> owner-ag-tech@mcs.anl.gov on
behalf of Andrew A Rowley<br>
<b>Sent:</b> Fri 4/7/2006 3:00 AM<br>
<b>To:</b> Masullo, Chris F; ag-tech@mcs.anl.gov<br>
<b>Subject:</b> RE: [AG-TECH] Firewall and unicast questions<br>
</font><br>
<font size=2>Hi,<br><br>
I know of various places that are running AG from behind a firewall using
both multicast and unicast. <br><br>
Using unicast means that you add strain to the bridge for the
venue. However, I have not seen any bridges fail under strain so
far (others may have seen this). The other problem with unicast and
firewalls is the port numbers. The bridges will be assigned random
port numbers within a fixed range, so the only way to guarantee that you
will be able to use the bridge is to open up the entire range. This
range will depend on the venue server. Of course with dynamic
multicast venues, you would have the same problem, however, with static
venues, you could at least open the fixed port numbers in use. AG
Connector can also help with the port number problem, since it only uses
a single fixed port.<br><br>
The only other problem I have seen with firewalls, is when the firewall
cannot cope with the amount of traffic passing with large AG
meetings. It is worth finding out what bandwidth the firewall can
cope with if you regularly join large meetings.<br><br>
Andrew :)<br><br>
============================================<br>
Access Grid Support Centre,<br>
RSS Group,<br>
Manchester Computing,<br>
Kilburn Building,<br>
University of Manchester,<br>
Oxford Road,<br>
Manchester,<br>
M13 9PL,<br>
UK<br>
Tel: +44(0)161-275 0685<br>
Email: Andrew.Rowley@manchester.ac.uk<br><br>
> -----Original Message-----<br>
> From: owner-ag-tech@mcs.anl.gov
[<a href="mailto:owner-ag-tech@mcs.anl.gov">mailto:owner-ag-tech@mcs.anl.gov</a>]
On<br>
> Behalf Of Masullo, Chris F<br>
> Sent: 06 April 2006 17:04<br>
> To: ag-tech@mcs.anl.gov<br>
> Subject: [AG-TECH] Firewall and unicast questions<br>
><br>
> Hello All,<br>
><br>
> We currently have our AG nodes outside our firewall, however
cyber<br>
> security<br>
> has told us that we need to move the systems inside our
firewall. The<br>
> last<br>
> time I brought up this issue a number of years ago I was told
that<br>
> multicast<br>
> would not get past our firewall. I have some questions regarding
this<br>
> issue.<br>
><br>
> Has anyone successfully placed an AG VTC system behind a Cisco
Firewall?<br>
> Are there any issues using unicast mode for and AG node behind
a<br>
> firewall?<br>
> If not then why not run unicast?<br>
><br>
> I have looked through the mailer however I do not see any answers
to<br>
> these<br>
> Questions.<br>
><br>
> Thanks in advance<br>
><br>
><br>
><br>
> Chris
Masullo
Information Technology Division<br>
> Brookhaven National Laboratory Network Engineering
& Operations<br>
> 61 Brookhaven
Ave.
Phone: (631) 344-2326<br>
> Upton, NY
11973
Fax: (631) 344-7688<br>
><br>
</font></blockquote></body>
</html>