2 Replies Latest reply on Jul 30, 2010 11:35 AM by vkopichenko

More firewall ports for cluster than in config guide?

bmelloni Jan 20, 2009 12:21 PM

After resolving a number of issues I got a 2-node jBossEAP cluster mostly working with the Windows Firewall disabled and settings at default values except for those required post-installation.

Attempting to re-enable the firewall I opened the ports indicated in the Server Configuration Guide, tables 9.1 and 9.2. I get the errors below on other server (stayed running, first node, no firewall on it). It looks like TreeCache is using ports in the 1000-2000 range that change at each server start. As shown in the attached log snippet, the problem goes away as soon as I set the firewall back to OFF.

Is there a known range for those ports? Or is there a configuration item that will lock the ports so that they will be reused at each start? In a different post someone thought I was using TCP instead of the expected UDP multicast, even though I used defaults. If the defaults are wrong for the multicast choice or something else is causing it to fail over to TCP, where do I fix them?

Thanks.

BTW, yes I know that since I am using a commercial version I can open a support ticket... I am using the forum until I get my support credentials.

10:54:38,183 INFO [DefaultPartition] I am (192.168.11.103:1099) received membershipChanged event:
10:54:38,183 INFO [DefaultPartition] Dead members: 0 ([])
10:54:38,183 INFO [DefaultPartition] New Members : 1 ([192.168.11.102:1099])
10:54:38,183 INFO [DefaultPartition] All Members : 2 ([192.168.11.103:1099, 192.168.11.102:1099])
10:54:43,027 INFO [TreeCache] viewAccepted(): [192.168.11.103:1746|5] [192.168.11.103:1746, 192.168.11.102:2190]
10:54:48,887 WARN [NAKACK] 192.168.11.103:1742] discarded message from non-member 192.168.11.102:2171, my view is [192.168.11.1
03:1742|4] [192.168.11.103:1742]
10:54:49,199 WARN [NAKACK] 192.168.11.103:1742] discarded message from non-member 192.168.11.102:2171, my view is [192.168.11.1
03:1742|4] [192.168.11.103:1742]
10:55:27,277 WARN [NAKACK] 192.168.11.103:1742] discarded message from non-member 192.168.11.102:2171, my view is [192.168.11.1
03:1742|4] [192.168.11.103:1742]
10:55:28,308 WARN [NAKACK] 192.168.11.103:1742] discarded message from non-member 192.168.11.102:2171, my view is [192.168.11.1
03:1742|4] [192.168.11.103:1742]
10:55:56,418 WARN [NAKACK] 192.168.11.103:1742] discarded message from non-member 192.168.11.102:2171, my view is [192.168.11.1
03:1742|4] [192.168.11.103:1742]
10:55:56,418 INFO [TreeCache] viewAccepted(): MergeView::[192.168.11.102:2171|5] [192.168.11.102:2171, 192.168.11.103:1742], su
bgroups=[[192.168.11.102:2171|0] [192.168.11.102:2171], [192.168.11.103:1742|4] [192.168.11.103:1742]]

1. Re: More firewall ports for cluster than in config guide?

brian.stansberry Jan 20, 2009 2:30 PM (in response to bmelloni)
This can be done by adding a bind_port attribute and a port_range attribute to the UDP section of the various JGroups protocol stack configurations. By default bind_port is "0" meaning the OS picks the port.

<UDP mcast_addr="${jboss.partition.udpGroup:228.1.2.3}" mcast_port="${jboss.hapartition.mcast_port:45566}" bind_port=1234 port_range=0 ....

This will need to be done in numerous places (something that's much better in AS 5):

cluster-service.xml
ejb3-clustered-sfsbcache-service.xml
ejb3-entity-cache-service.xml
jboss-web-cluster.sar/META-INF/jboss-service.xml
jboss-messaging.sar/clustered-hsqldb-persistence-service.xml

Each one should get a different bind_port value.
Actions
2. Re: More firewall ports for cluster than in config guide?

vkopichenko Jul 30, 2010 11:35 AM (in response to brian.stansberry)

I've ended up adding just bind_port to UDP. Cause port_range seems to be not working.
And also start_port to FD_SOCK.
Actions

Go to original post