4 Replies Latest reply: May 15, 2012 1:18 PM by dex chen RSS

    TCP ports for clusetring and firewall rules

    dex chen Novice

      I am using jgroup-tcp.xml configiration for my cluster. I specified bind_port as 7900 and port_range=1 (TCPPing config see below):

      <TCPPING ergonomics="false" initial_hosts="10.200.22.21[7900],10.200.22.22[7900]" num_initial_members="2" port_range="1" timeout="3000"/>

       

      However, I have firewalls on each node which allows communication between nodes only through 7900 port. 

       

      Are there other ports I need to open?

      How do I specified firewall rules to satisfy the ISPN?

       

      In my experiment, I saw connetions between the 2 nodes looks like the following (as netstat output):

      Node 1:

       

      tcp    0 ::ffff:10.200.22.22:7900:::*                    LISTEN  6438/java      
      tcp    0 ::ffff:10.200.22.22:36183   ::ffff:10.200.22.21:7900ESTABLISHED 6438/java

       

      Node 2:

      tcp    0 ::ffff:10.200.22.21:7900:::*                    LISTEN  3315/java      
      tcp    0 ::ffff:10.200.22.21:7900::ffff:10.200.22.22:49846   ESTABLISHED 3315/java

       

      You can see the node2 is connected to node1 not on 7900 port.

        • 1. Re: TCP ports for clusetring and firewall rules
          Galder Zamarreño Master

          Most likely that's FD_SOCK. You can fix the port for it, but must be different. You should also check if diagnostics are enabled.

          • 2. Re: TCP ports for clusetring and firewall rules
            dex chen Novice

            Thanks for the response.

             

            I do not see there is way to configre FS_SOCK port in jgroup-tcp.xml file.

             

            Here is my jgroup-tcp.xml:

            <config xmlns="urn:org:jgroups" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:org:jgroups file:schema/JGroups-3.0.xsd">

               <TCP bind_addr="x.x.x.x" bind_port="7900" bundler_type="old" discard_incompatible_packets="true" enable_bundling="true" enable_diagnostics="false" loopback="true" max_bundle_size="64K" max_bundle_timeout="30" oob_thread_pool.enabled="true" oob_thread_pool.keep_alive_time="60000" oob_thread_pool.max_threads="30" oob_thread_pool.min_threads="2" oob_thread_pool.queue_enabled="false" oob_thread_pool.queue_max_size="100" oob_thread_pool.rejection_policy="Discard" port_range="30" recv_buf_size="20M" send_buf_size="640K" singleton_name="tcp" sock_conn_timeout="300" thread_naming_pattern="pl" thread_pool.enabled="true" thread_pool.keep_alive_time="60000" thread_pool.max_threads="30" thread_pool.min_threads="2" thread_pool.queue_enabled="true" thread_pool.queue_max_size="100" thread_pool.rejection_policy="Discard" timer.keep_alive_time="3000" timer.max_threads="10" timer.min_threads="4" timer.queue_max_size="500" timer_type="new" use_send_queues="true"/>

             

              

               <TCPPING ergonomics="false" initial_hosts="x.x.x.x[7900],y.y.y.y[7900]" num_initial_members="2" port_range="1" timeout="3000"/>

               <MERGE2 max_interval="30000" min_interval="10000"/>

               <FD_SOCK/>

               <FD max_tries="3" timeout="3000"/>

               <VERIFY_SUSPECT timeout="1500"/>

               <pbcast.NAKACK discard_delivered_msgs="false" retransmit_timeout="300,600,1200,2400,4800" use_mcast_xmit="false"/>

               <UNICAST2 max_bytes="1M" stable_interval="5000" timeout="300,600,1200"/>

               <pbcast.STABLE desired_avg_gossip="50000" max_bytes="1M" stability_delay="1000"/>

               <pbcast.GMS join_timeout="7000" print_local_addr="false" view_bundling="true"/>

               <UFC max_credits="200K" min_threshold="0.20"/>

               <MFC max_credits="200K" min_threshold="0.20"/>

               <FRAG2 frag_size="60K"/>

               <RSVP ack_on_delivery="false" resend_interval="500" timeout="60000"/>

            </config>

            • 3. Re: TCP ports for clusetring and firewall rules
              Galder Zamarreño Master

              There is, it's just that we don't specify it, so it uses a random port.

               

              The properties that can be configured can be found in https://github.com/belaban/JGroups/blob/master/src/org/jgroups/protocols/FD_SOCK.java

               

              Basically, you wanna be configuring start_port, which is where the server socket will open, and open that port in the firewall, i.e.

               

              <FD_SOCK start_port"1234" />

               

              You can always put a break point in FD_SOCK class to see what's up.

              • 4. Re: TCP ports for clusetring and firewall rules
                dex chen Novice

                I got it .Thanks Galder.