[AG-TECH] NCSA Venues and port usage

Andrew A Rowley Andrew.Rowley at manchester.ac.uk
Thu Feb 1 04:45:49 CST 2007


Hi,

The AGSC currently assign ports 57004 for audio and port 57006 for video on any venues we have assigned ourselves (mainly the "UK Shared Virtual Venues").  This makes is easier for people to set up their firewalls if they are using multicast.  Our bridge runs on ports between 10000 and 10999 - unfortunately this does cause some problems for network administrators opening firewalls.

I would agree that a standard port range could help with firewalls in general, especially in the situation where a node was using one venue server exclusively but now wants to join a more international meeting.  The bridge port being within a fixed range for all bridges would also help with the fact that with AG3, you can select from a large range of bridges, all with different port numbers.

Anyone got any suggestions on which range we should all use? 

We could apply to IANA for a fixed range for this, as well as fixed port numbers for video and audio.  Note that this won't help with new applications, but we could specify a range for multicast and unicast, with the multicast range being smaller (e.g. a range of 100 ports maximum for multicast (allowing up to 50 services per venue) with the first four ports being used for audio and video so users only interested in these can just open their firewall for these).  The unicast range needs to contain enough ports for the maximum expected multicast range use multiplied by the maximum number of venues that can be used at the same time in unicast mode.  If we allow 100 services, and have 100 venues in use at the same time, we need to have a range of 10000 ports (I bet network admins would love that)!  Note that the multicast and unicast range have to be different from each other, otherwise bridges will not work.

I have got a static bridge service, which uses the same ports for every venue (see http://www.agsc.ja.net/services/staticbridge.php if you are interested in trying it out).  Unfortunatly, the current bridge architecture in the AG3 toolkit doesn't give out enough information to allow my bridge to work correctly (it doesn't pass on the IP address of the client, which is no use if you are behind a proxy, and it doesn't pass a message when the client has finished with the bridge in a venue, which makes it work oddly when you move between venues).  This requires reasonably large changes to the client code in AG3 to get it working (I have these changes in my client which appear to work fine).

Andrew :)

============================================
Access Grid Support Centre,
RSS Group,
Manchester Computing,
Kilburn Building,
University of Manchester,
Oxford Road,
Manchester, 
M13 9PL, 
UK
Tel: +44(0)161-275 0685
Email: Andrew.Rowley at manchester.ac.uk 

> -----Original Message-----
> From: owner-ag-tech at mcs.anl.gov [mailto:owner-ag-tech at mcs.anl.gov] On
> Behalf Of Jean Utke
> Sent: 31 January 2007 20:02
> To: ag-tech at mcs.anl.gov
> Subject: Re: [AG-TECH] NCSA Venues and port usage
> 
> Brian Corrie wrote:
> > I think the only issue is how often would there be changes in the IP
> > number and ports used. Whenever this happens, anyone that has firewall
> > setting that enables AG will need to make changes, which is a
> > significant impact on the community.
> I am currently trying to get everybody in a relatively small group of
> people set up with AG clients on laptops etc.
> Despite being 'conceptually' easy, it is difficult to explain to
> everybody the varying  bridge  IP addresses and port ranges
> AND convince them to go to their system folks to open up these ports AND
> do it themselves on their local firewalls, their
> NAT boxes at home etc.  When things change as recently with the Argonne
> bridge's IP address ( even though it is for good reasons)
> many "users" will likely  consider it a major annoyance to go through
> the above steps again.
> While it is nice for the bridge administrators to have the freedom of
> choosing any port ranges they like this freedom does  not help
> "ease of use" for people who expect the AG client setup to be simple and
> don't want to fiddle with network details.
> I expect something like a "standard" (shudder!) port range for the
> bridges  would help a lot.
> These are my totally uninformed 2 cents.
> 
> Jean
> 
> --
> Jean Utke
> Argonne National Lab./MCS
> utke at mcs.anl.gov
> phone: 630 252 4552
> cell:  630 363 5753
> 




More information about the ag-tech mailing list