4 Replies Latest reply: May 15, 2012 1:18 PM by dex chen RSS

TCP ports for clusetring and firewall rules

dex chen Novice

I am using jgroup-tcp.xml configiration for my cluster. I specified bind_port as 7900 and port_range=1 (TCPPing config see below):

<TCPPING ergonomics="false" initial_hosts="10.200.22.21[7900],10.200.22.22[7900]" num_initial_members="2" port_range="1" timeout="3000"/>

 

However, I have firewalls on each node which allows communication between nodes only through 7900 port. 

 

Are there other ports I need to open?

How do I specified firewall rules to satisfy the ISPN?

 

In my experiment, I saw connetions between the 2 nodes looks like the following (as netstat output):

Node 1:

 

tcp    0 ::ffff:10.200.22.22:7900:::*                    LISTEN  6438/java      
tcp    0 ::ffff:10.200.22.22:36183   ::ffff:10.200.22.21:7900ESTABLISHED 6438/java

 

Node 2:

tcp    0 ::ffff:10.200.22.21:7900:::*                    LISTEN  3315/java      
tcp    0 ::ffff:10.200.22.21:7900::ffff:10.200.22.22:49846   ESTABLISHED 3315/java

 

You can see the node2 is connected to node1 not on 7900 port.

  • 1. Re: TCP ports for clusetring and firewall rules
    Galder Zamarreño Master

    Most likely that's FD_SOCK. You can fix the port for it, but must be different. You should also check if diagnostics are enabled.

  • 2. Re: TCP ports for clusetring and firewall rules
    dex chen Novice

    Thanks for the response.

     

    I do not see there is way to configre FS_SOCK port in jgroup-tcp.xml file.

     

    Here is my jgroup-tcp.xml:

    <config xmlns="urn:org:jgroups" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:org:jgroups file:schema/JGroups-3.0.xsd">

       <TCP bind_addr="x.x.x.x" bind_port="7900" bundler_type="old" discard_incompatible_packets="true" enable_bundling="true" enable_diagnostics="false" loopback="true" max_bundle_size="64K" max_bundle_timeout="30" oob_thread_pool.enabled="true" oob_thread_pool.keep_alive_time="60000" oob_thread_pool.max_threads="30" oob_thread_pool.min_threads="2" oob_thread_pool.queue_enabled="false" oob_thread_pool.queue_max_size="100" oob_thread_pool.rejection_policy="Discard" port_range="30" recv_buf_size="20M" send_buf_size="640K" singleton_name="tcp" sock_conn_timeout="300" thread_naming_pattern="pl" thread_pool.enabled="true" thread_pool.keep_alive_time="60000" thread_pool.max_threads="30" thread_pool.min_threads="2" thread_pool.queue_enabled="true" thread_pool.queue_max_size="100" thread_pool.rejection_policy="Discard" timer.keep_alive_time="3000" timer.max_threads="10" timer.min_threads="4" timer.queue_max_size="500" timer_type="new" use_send_queues="true"/>

     

      

       <TCPPING ergonomics="false" initial_hosts="x.x.x.x[7900],y.y.y.y[7900]" num_initial_members="2" port_range="1" timeout="3000"/>

       <MERGE2 max_interval="30000" min_interval="10000"/>

       <FD_SOCK/>

       <FD max_tries="3" timeout="3000"/>

       <VERIFY_SUSPECT timeout="1500"/>

       <pbcast.NAKACK discard_delivered_msgs="false" retransmit_timeout="300,600,1200,2400,4800" use_mcast_xmit="false"/>

       <UNICAST2 max_bytes="1M" stable_interval="5000" timeout="300,600,1200"/>

       <pbcast.STABLE desired_avg_gossip="50000" max_bytes="1M" stability_delay="1000"/>

       <pbcast.GMS join_timeout="7000" print_local_addr="false" view_bundling="true"/>

       <UFC max_credits="200K" min_threshold="0.20"/>

       <MFC max_credits="200K" min_threshold="0.20"/>

       <FRAG2 frag_size="60K"/>

       <RSVP ack_on_delivery="false" resend_interval="500" timeout="60000"/>

    </config>

  • 3. Re: TCP ports for clusetring and firewall rules
    Galder Zamarreño Master

    There is, it's just that we don't specify it, so it uses a random port.

     

    The properties that can be configured can be found in https://github.com/belaban/JGroups/blob/master/src/org/jgroups/protocols/FD_SOCK.java

     

    Basically, you wanna be configuring start_port, which is where the server socket will open, and open that port in the firewall, i.e.

     

    <FD_SOCK start_port"1234" />

     

    You can always put a break point in FD_SOCK class to see what's up.

  • 4. Re: TCP ports for clusetring and firewall rules
    dex chen Novice

    I got it .Thanks Galder.