[AG-TECH] AG 2.0 and static multicast addresses

Ivan R. Judson judson at mcs.anl.gov
Tue Feb 4 16:18:29 CST 2003


Hi Jennifer, and everybody else :-),

We have been thinking about these issues, more lately than ever before. As
anyone who was in the town hall realized today, ANL is now a corporate-like
institution wrt firewalls. We have one, and we don't accept incoming
connections unless we put conduits in place.

However, we do have a plan in our minds -- we're working on getting it on
paper (well digital paper) -- to share with the community soon; probably
before the retreat.

I'm glad you brought this up, since it's probably a concern that affects
more and more users.

--Ivan

> -----Original Message-----
> From: owner-ag-tech at mcs.anl.gov 
> [mailto:owner-ag-tech at mcs.anl.gov] On Behalf Of Jennifer Teig 
> von Hoffman
> Sent: Tuesday, February 04, 2003 3:52 PM
> To: ag-tech at mcs.anl.gov
> Subject: [AG-TECH] AG 2.0 and static multicast addresses
> 
> 
> Hi everybody, and especially Ivan :-) ,
> 
> Having had a bit of time to reflect on today's town hall, I'm quite 
> worried about the fact that AG 2.0 will shift us to a system of 
> exclusively dynamically-generated multicast addresses for 
> venues (even 
> allowing for some transition time and special transition venues).
> 
> At first this worried me purely in the context of the implications of 
> nodes running 1.x not being able to co-exist in virtual venues with 
> nodes running 2.x; if this incompatibility exists, it's going to be a 
> nightmare for those of us planning even very small events, 
> even if the 
> transitional rooms Ivan spoke of today were available. If you 
> were, say, 
> planning a meeting among 5 sites, you'd need to either be sure that 
> everybody was running the same version of the software, or be sure to 
> reserve the "transitional" venue where everybody could co-exist. My 
> hunch is that most events would take place in these 
> transitional rooms, 
> since most of us wouldn't be able to find the time to ask 
> everybody what 
> version of AGTk they were running.
> 
> But then, after some time worrying about that, I started 
> worrying about 
> ports and firewalls and such. I'm already aware of a couple AG nodes 
> where they have to ask their firewall admins to unblock specific 
> ports/addresses in order to participate in a given meeting; 
> surely that 
> sort of firewall reconfiguration won't happen on the fly 
> along with the 
> dynamic address allocation. So people at those nodes wouldn't 
> be able to 
> upgrade to 2.0 unless they could convince their network 
> security staff 
> to make some substantial changes.
> 
> And I'm guessing that if I (a relatively non-technical user) 
> am coming 
> up with these concerns, there are probably more big issues 
> here too -- 
> it's a major change in the underpinnings of the AG.
> 
> - Jennifer
> 
> 




More information about the ag-tech mailing list