[AG-TECH] NCSA unicast bridge changes

George Estes gestes at ncsa.uiuc.edu
Mon Apr 10 15:37:19 CDT 2006


   I want to add, as we've stated in the past, the unicast bridge is meant 
to be a temporary solution to your multicast network problems.


t 02:16 PM 4/10/2006, Nagykaldi, Zsolt F. (HSC) wrote:
>Anybody knows if recent NCSA venue bridge changes (roebridge is gone, 
>accessbridge is on) are temporary or pretty much permanent? Thanks.
>_ _ _
>Zsolt Nagykaldi, PhD
>Research Associate, Clinical IT Specialist
>University Of Oklahoma Health Sciences Center
>Department Of Family And Preventive Medicine
>Oklahoma Center For Family Medicine Research
>900 NE 10th Street
>Oklahoma City, OK 73104
>Phone: (405) 271-8000 Ext.:1-32212
>Fax:     (405) 271-1682
>From: owner-ag-tech at mcs.anl.gov on behalf of Andrew A Rowley
>Sent: Fri 4/7/2006 3:00 AM
>To: Masullo, Chris F; ag-tech at mcs.anl.gov
>Subject: RE: [AG-TECH] Firewall and unicast questions
>I know of various places that are running AG from behind a firewall using 
>both multicast and unicast.
>Using unicast means that you add strain to the bridge for the 
>venue.  However, I have not seen any bridges fail under strain so far 
>(others may have seen this).  The other problem with unicast and firewalls 
>is the port numbers.  The bridges will be assigned random port numbers 
>within a fixed range, so the only way to guarantee that you will be able 
>to use the bridge is to open up the entire range.  This range will depend 
>on the venue server.  Of course with dynamic multicast venues, you would 
>have the same problem, however, with static venues, you could at least 
>open the fixed port numbers in use.  AG Connector can also help with the 
>port number problem, since it only uses a single fixed port.
>The only other problem I have seen with firewalls, is when the firewall 
>cannot cope with the amount of traffic passing with large AG meetings.  It 
>is worth finding out what bandwidth the firewall can cope with if you 
>regularly join large meetings.
>Andrew :)
>Access Grid Support Centre,
>RSS Group,
>Manchester Computing,
>Kilburn Building,
>University of Manchester,
>Oxford Road,
>M13 9PL,
>Tel: +44(0)161-275 0685
>Email: Andrew.Rowley at manchester.ac.uk
> > -----Original Message-----
> > From: owner-ag-tech at mcs.anl.gov 
> [<mailto:owner-ag-tech at mcs.anl.gov>mailto:owner-ag-tech at mcs.anl.gov] On
> > Behalf Of Masullo, Chris F
> > Sent: 06 April 2006 17:04
> > To: ag-tech at mcs.anl.gov
> > Subject: [AG-TECH] Firewall and unicast questions
> >
> > Hello All,
> >
> > We currently have our AG nodes outside our firewall, however cyber
> > security
> > has told us that we need to move the systems inside our firewall.  The
> > last
> > time I brought up this issue a number of years ago I was told that
> > multicast
> > would not get past our firewall. I have some questions regarding this
> > issue.
> >
> > Has anyone successfully placed an AG VTC system behind a Cisco Firewall?
> > Are there any issues using unicast mode for and AG node behind a
> > firewall?
> > If not then why not run unicast?
> >
> > I have looked through the mailer however I do not see any answers to
> > these
> > Questions.
> >
> > Thanks in advance
> >
> >
> >
> > Chris Masullo                     Information Technology Division
> > Brookhaven National Laboratory    Network Engineering & Operations
> > 61 Brookhaven Ave.                Phone:  (631) 344-2326
> > Upton, NY 11973                   Fax:    (631) 344-7688
> >
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/ag-tech/attachments/20060410/e6220a12/attachment.htm>

More information about the ag-tech mailing list