4 Replies Latest reply on May 15, 2012 1:18 PM by dex chen

    TCP ports for clusetring and firewall rules

    dex chen Novice

      I am using jgroup-tcp.xml configiration for my cluster. I specified bind_port as 7900 and port_range=1 (TCPPing config see below):

      <TCPPING ergonomics="false" initial_hosts="[7900],[7900]" num_initial_members="2" port_range="1" timeout="3000"/>


      However, I have firewalls on each node which allows communication between nodes only through 7900 port. 


      Are there other ports I need to open?

      How do I specified firewall rules to satisfy the ISPN?


      In my experiment, I saw connetions between the 2 nodes looks like the following (as netstat output):

      Node 1:


      tcp    0 ::ffff:*                    LISTEN  6438/java      
      tcp    0 ::ffff:   ::ffff: 6438/java


      Node 2:

      tcp    0 ::ffff:*                    LISTEN  3315/java      
      tcp    0 ::ffff:   ESTABLISHED 3315/java


      You can see the node2 is connected to node1 not on 7900 port.

        • 1. Re: TCP ports for clusetring and firewall rules
          Galder Zamarreño Master

          Most likely that's FD_SOCK. You can fix the port for it, but must be different. You should also check if diagnostics are enabled.

          • 2. Re: TCP ports for clusetring and firewall rules
            dex chen Novice

            Thanks for the response.


            I do not see there is way to configre FS_SOCK port in jgroup-tcp.xml file.


            Here is my jgroup-tcp.xml:

            <config xmlns="urn:org:jgroups" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:org:jgroups file:schema/JGroups-3.0.xsd">

               <TCP bind_addr="x.x.x.x" bind_port="7900" bundler_type="old" discard_incompatible_packets="true" enable_bundling="true" enable_diagnostics="false" loopback="true" max_bundle_size="64K" max_bundle_timeout="30" oob_thread_pool.enabled="true" oob_thread_pool.keep_alive_time="60000" oob_thread_pool.max_threads="30" oob_thread_pool.min_threads="2" oob_thread_pool.queue_enabled="false" oob_thread_pool.queue_max_size="100" oob_thread_pool.rejection_policy="Discard" port_range="30" recv_buf_size="20M" send_buf_size="640K" singleton_name="tcp" sock_conn_timeout="300" thread_naming_pattern="pl" thread_pool.enabled="true" thread_pool.keep_alive_time="60000" thread_pool.max_threads="30" thread_pool.min_threads="2" thread_pool.queue_enabled="true" thread_pool.queue_max_size="100" thread_pool.rejection_policy="Discard" timer.keep_alive_time="3000" timer.max_threads="10" timer.min_threads="4" timer.queue_max_size="500" timer_type="new" use_send_queues="true"/>



               <TCPPING ergonomics="false" initial_hosts="x.x.x.x[7900],y.y.y.y[7900]" num_initial_members="2" port_range="1" timeout="3000"/>

               <MERGE2 max_interval="30000" min_interval="10000"/>


               <FD max_tries="3" timeout="3000"/>

               <VERIFY_SUSPECT timeout="1500"/>

               <pbcast.NAKACK discard_delivered_msgs="false" retransmit_timeout="300,600,1200,2400,4800" use_mcast_xmit="false"/>

               <UNICAST2 max_bytes="1M" stable_interval="5000" timeout="300,600,1200"/>

               <pbcast.STABLE desired_avg_gossip="50000" max_bytes="1M" stability_delay="1000"/>

               <pbcast.GMS join_timeout="7000" print_local_addr="false" view_bundling="true"/>

               <UFC max_credits="200K" min_threshold="0.20"/>

               <MFC max_credits="200K" min_threshold="0.20"/>

               <FRAG2 frag_size="60K"/>

               <RSVP ack_on_delivery="false" resend_interval="500" timeout="60000"/>


            • 3. Re: TCP ports for clusetring and firewall rules
              Galder Zamarreño Master

              There is, it's just that we don't specify it, so it uses a random port.


              The properties that can be configured can be found in https://github.com/belaban/JGroups/blob/master/src/org/jgroups/protocols/FD_SOCK.java


              Basically, you wanna be configuring start_port, which is where the server socket will open, and open that port in the firewall, i.e.


              <FD_SOCK start_port"1234" />


              You can always put a break point in FD_SOCK class to see what's up.