From: Kate Keahey (keahey@mcs.anl.gov)
Date: Thu Apr 18 2002 - 09:26:08 PDT
Dear all,
I sent this message yesterday but it bounced. I apologize for multiple
postings if any.
>My apologies, I did not notice that Qian forwarded her mail to this
>mailing list and consequently the resulting exchange did not get forwarded
>either. Here are highlights of the solutions mentioned; one is problem
>avoidance, Qian, did you try the second one? Also, I am talking to people
>about this problem and possible fixes in OGSA. Things look promising; I
>will be happy to outline the details
>at the May meeting.
>
>At 08:27 AM 4/16/2002 -0400, you wrote:
>On Monday 15 April 2002 8:51 pm, Kate Keahey wrote:
>
> > Qian, one thing I suggested earlier would be to simply run the demo from
> > some machine with a non-local IP address (for example from your Argonne
> > account) and just set the display to your laptop (you'd have to run an X
> > Server). This worked for me in similar circumstances. Is there a reason why
> > this would not be an adequate solution?
> >
>
>Another thing you can do is set the GLOBUS_HOSTNAME environment variable in
>the environment where globusrun is invoked to be the public IP address of
>that machine. Note that this will only work if the port numbers are not
>reassigned by the machine doing the IP masquerading.
>
>joe
>
>
>
>At 02:18 PM 4/17/2002 -0400, Doug Mccune wrote:
>>Mary, Qian, David,
>>
>>This information shows the usefulness of the TTF/Sherwood
>>Fusion Collaboratory demo exercise! We have gained some important
>>practical information for Globus. I think this is very good work.
>>
>>Regards,
>>
>> ---Doug
>>
>>
>> > X-Authentication-Warning: mail.gat.com: majordom set sender to
>> owner-april2002@fusiongrid.org using -f
>> > Date: Wed, 17 Apr 2002 11:08:39 -0700
>> > From: Mary Thompson <mrthompson@lbl.gov>
>> > Organization: LBNL
>> > X-Accept-Language: en
>> > MIME-Version: 1.0
>> > CC: april2002@fusiongrid.org
>> > References: <200204152352.g3FNqvw28903@chopin.gat.com>
>> > Content-Type: text/plain; charset=us-ascii
>> > Content-Transfer-Encoding: 7bit
>> >
>> > I think the basic answer to this is that the GRAM protocol does not
>> > support this. That protocol relies on end-to-end identity verification
>> > which NAT breaks. The only way to make it work is what you have done.
>> > Direct the stdout and stderr to a file on the server machine and then
>> > use GSIFTP in passive mode to pull it back.
>> >
>> > The one thing we can do about this it to be sure that the Globus folks
>> > have our input that this is important to deal with in the OGSA design
>> > which is now in progress. Clients that are behind NAT firewalls would
>> > seem to be a problem that is here to stay as exemplfied in hotels and
>> > personal machines at home. Do any of the server site firewalls do
>> > NATing?
>> >
>> > Mary
>> >
>> >
>> > Qian Peng wrote:
>> > >
>> > > When a globus client uses globusrun to submit a job to a server, the
>> > > server tries to write back to client's stdout using client's
>> > > hostname:port. An error code of 73 will be given if the server cannot
>> > > find a route to the client or the port is blocked. For our demo case,
>> > > the ports specified by GLOBUS_TCP_PORT_RANGE are opened through the
>> > > firewall.
>> > >
>> > > When the client is on a local network with a IP number like 10.x.x.x,
>> > > but can connect to the outside through a switch or the like, the server
>> > > cannot find the route to the client host. This can happen in at least
>> > > two scenarios for the demo,
>> > >
>> > > 1. When the hotel at the demo site (TTF) gave us a T1 line, we plugged
>> > > it in and were directed to a web site to make the connection. The IP
>> > > assigned to the host was 10.1.x.x. If we go outside of this local
>> > > network, the host is being seen as coming from a fixed real IP of that
>> > > internet service company.
>> > >
>> > > 2. If we only get one cable modem connection (one IP) for the next demo
>> > > (Sherwood), but we need to put two computers on the network, we need to
>> > > use a router and use DHCP to give out the IPs. Both computers will end
>> > > up with a private IP like 10.x.x.x. Again the internet see them as from
>> > > that one IP given from the cable service company.
>> > >
>> > > Is there a work around for the client? This is a question to the Globus
>> > > people, but if anyone has any suggestions?
>> > >
>> > > -Qian
>> >
>> > --
>> > ---------------------------------------------------------------------
>> > Mary R. Thompson <MRThompson@lbl.gov>
>> > Distributed Security Research Group (510) 486-7408
>> > Lawrence Berkeley National
>> Lab http://www-itg.lbl.gov/~mrt
>> > ----------------------------------------------------------------------
>> >
>
>__________________________
>Dr. Kate Keahey
>Math & Computer Science Div.
>Argonne National Laboratory
>Argonne, IL 60439, USA
>(630) 252-1673
>
__________________________
Dr. Kate Keahey
Math & Computer Science Div.
Argonne National Laboratory
Argonne, IL 60439, USA
(630) 252-1673
This archive was generated by hypermail 2.1.4 : Fri Apr 19 2002 - 03:00:19 PDT