[AG-TECH] AG port usage issues

R. P. Channing ["Rick"] Rodgers rodgers at nlm.nih.gov
Fri Dec 2 14:46:56 CST 2005 

Dear AG Colleagues,

First off, I wanted to thank Gomez Alonso of the Univ. of Manchester for his
exceptionally helpful document on AG port usage, available at:
   http://www.accessgrid.org/agdp/guide/ports.html,
referred to again recently in discussions on this list.  I was hoping we could
collectively take this discussion a bit further.  I find that in my dealings
with firewall administrators, they want a short, clear list of ports to open.

I've made an extract of Gomez's document in what follows -- I think it could
be improved considerably in several respects:

1) Split the list into *two* lists, one for a server, one for
   a client (though some hosts could have features of both).
2) Define specific ports used by vic and rat.  Presumably there is an
   algorithm within the AG2 framework which assigns these port numbers?  Are
   they drawn from a range?
3) List port numbers for other commonly-used shared applications.
   
The goal here is to obtain a simple list of ports which one could hand to an
admin, and end up with a reliably usable setup which did not require running
back repeatedly to ask for the opening of additional ports.  Given the multiple
layers of bureaucracy and administrative restrictions that are appearing in
larger organizations, often there will be insufficient time to set things up
for participation in an AG event on the spur of the moment (which could take
days to weeks).  This issue is already a crisis at my institutions, and I am
certain it must be in many other locations as well.

Looking forward: as develoment of the AG progresses, can anything be done to
confine all ports to a parsimonious list of pre-defined numbers?

Best Regards, Rick Rodgers

--------------------------------------------------------------------------------
Summary of AG port usage, based on document "Access Grid Port Usage" by
Javier Gomez Alonso , Access Grid Support Centre, The University of Manchester,
2005, available at: http://www.accessgrid.org/agdp/guide/ports.html
(prepared by RPC Rodgers, Dec 2005)

AG2 client connects to:
   on machine hosting AG2 venue server:
      port 8000/TCP (Virtual Venue Server port)
      port 8002/TCP (Event port)
      port 8004/TCP (Text port)
      port 8006/TCP (Data port)
inSORS IG client connects to:
   port 80/TCP on the inSORS venue server
VIC/IG video connects to:
   the multicast UDP port associated with the multicast IP address
   allocated to the video channel for the Virtual Venue in question
   See http://agschedule.ncsa.uiuc.edu/venues.asp for details;
   also, that multicast UDP port + 1
RAT/IG Audio connects to:
   the multicast UDP port associated with the multicast IP address
   allocated to the audio channel for the Virtual Venue in question
   See http://venues.accessgrid.org/AG/venues.php;  
   also, that multicast UDP port + 1 
   port 47000/UDP on 224.255.222.239 for inter-process communication (rat only)
Jabber client connects to:
   port 5222/TCP on the remote Jabber server
   port 5223/TCP (for encrypted connections using SSL/TLS on older clients)
Jabber server needs to allow external access to:
   port 5222/TCP (client connections)
   port 5269/TCP (server connections)
   port 5269/TCP (other Jabber servers)
   port 5223/TCP (encrypted connections using SSL/TLS on older servers)
tkMoo:
   port 7777/TCP on venues.ncsa.uiuc.edu
AG2 - Shared Applications:
   use server, event, text, data ports of venue server; may require other
   application-specific ports
IG Pix client connects to:
   port 80/TCP on IG Pix server
VNC server needs to open:
   port 58xx/TCP (alloes access to small built-in web server)
   port 59xx/TCP (xx is the display number of the VNC session)
VNC viewer connects to:
   port 58xx/TCP of the display server
   port 59xx/TCP of the display server
Distributed PPT (DPPT) server needs to allow:
   4561/TCP
   5001/TCP
Distributed PPT (DPPT) client connects to:
   4561/TCP on the DPPT server
   5001/TCP on the DPPT server
Multicast-Unicast bridge clients connect to:
   the bridged video and audio ports, and these ports plus one,
   on the machine hosting the bridge (e.g., for a running on george.ag.mcc.ac.uk
   using video port 50350 and audiot port 50348, open access to ports 50351/UDP,
   50350/UDP, 50349/UDP and 50348/UDP on george.ag.mcc.ac.uk.
inSORS bridge/venue server:
   allow connections to port 554/TCP
AG2 client or VIC/RAT
   allow connections to port 47000/UDP on 224.255.222.239
--------------------------------------------------------------------------------

--------------------------------------------------------------------------------
R. P. C. Rodgers, M.D. * rodgers at nlm.nih.gov * (301)435-3267 (voice, fax)
OHPCC, LHNCBC, U.S. National Library of Medicine, NIH
Bldg 38, Rm. B1N-30F2, 8600 Rockville Pike, Bethesda MD 20894 USA
http://lhc.nlm.nih.gov/staff/rodgers/rodgers.html

More information about the ag-tech mailing list