[AG-TECH] Question regarding traffic through a bridge.

Todd Zimmerman toddz at sfu.ca
Mon Jan 8 14:58:51 CST 2007


If you are on unicast, there shouldn't be any point to point / multicast traffic.  All outgoing
stream traffic should go to the bridge to be multicasted out and all incoming traffic will be from
the bridge.  There will also still be multiple outbound connections to venueserver.

Typically on a secure site we will open inbound UDP ports 20000-65535 from the bridge machine and
that should allow all traffic.  Depending on the bridge, that port range could be lower - speak to
the bridge administrator to find out the full range.  For example, for our bridge, we limit the port
range to about 200 ports.

If outbound traffic is also blocked, you'll also have to open the outbound ports to the bridge
machine + the connections to/from the venueserver itself.

If you do require multicast through the firewall, you can open up the entire multicast range by
allowing 224.0.0.0/4


cheers,

Todd

-- 
Collaboration & Visualization Technician
WestGrid - www.westgrid.ca
IRMACS - www.irmacs.com
Ph. 604.268.6979
Todd Zimmerman - toddz at sfu.ca

Derek Piper wrote:
> 
>     Hi Jimmy,
> 
>     When you bridge, traffic flows between the endpoints (those on the
> bridge) over unicast to/from the IP of the bridging machine. Plus,
> traffic flows between the bridge and any multicast participants (over
> the multicast IPs). One of the most common problems while bridging is
> that the endpoints are firewalled against the bridge.
> 
>     Derek
> 
> Jimmy Miklavcic wrote:
>> Is it correct that when a connection is made to a venue through a
>> bridge that my sites outgoing traffic is sent directly to the venue
>> (or to the other sites directly) and the incoming traffic comes back
>> through the bridge? We are working with Kansas University Medical
>> Center and they have some pretty tight security. As long as the return
>> traffic is coming back from the initial address in the outgoing
>> traffic, then all is fine. But if the return traffic is from another
>> address, it is blocked.
>>  
>> Does anyone know of any way to work around this? We tried running vic
>> & rat manually to the bridge but that still didn't work.
>>  
>> Jimmy
>>  
>> PS: Am I making sense here?
>> PSS: Okay, you can all stop laughing now. ;-)
>>  
>>  -- Jimmy Miklavcic
>> Multimedia Specialist
>> Jimmy.Miklavcic at utah.edu
>>
>> UNIVERSITY OF UTAH
>> CTR FOR HIGH PERFORM COMPUTING
>> 155 SOUTH 1452 EAST RM 405
>> SALT LAKE CITY, UT 84112-0190
>>
>> Office: 801.585.9335
>>  Fax: 801.585.5366
>>
>> http://www.anotherlanguage.org
>>  
> 




More information about the ag-tech mailing list