Zsolt,
Roebridge was always a backup bridge, put in place when we were having
problems with venuesbridge. And since venuesbridge seems to be working fine we
have taken roebridge off line. Please consider, knock on wood, this to be the
permanent bridge configuration.
George
At 02:16 PM 4/10/2006, Nagykaldi, Zsolt F. (HSC) wrote:
Anybody knows if recent NCSA venue bridge changes (roebridge is gone,
accessbridge is on) are temporary or pretty much permanent? Thanks.
Zsolt
_ _ _
Zsolt Nagykaldi, PhD
Research Associate, Clinical IT Specialist
University Of Oklahoma Health Sciences Center
Department Of Family And Preventive Medicine
Oklahoma Center For Family Medicine Research
900 NE 10th Street
Oklahoma City, OK 73104
Phone: (405) 271-8000 Ext.:1-32212
Fax: (405) 271-1682
_____
From: owner-ag-t...@mcs.anl.gov on behalf of Andrew A Rowley
Sent: Fri 4/7/2006 3:00 AM
To: Masullo, Chris F; ag-t...@mcs.anl.gov
Subject: RE: [AG-TECH] Firewall and unicast questions
Hi,
I know of various places that are running AG from behind a firewall using
both multicast and unicast.
Using unicast means that you add strain to the bridge for the venue.
However, I have not seen any bridges fail under strain so far (others may have
seen this). The other problem with unicast and firewalls is the port numbers.
The bridges will be assigned random port numbers within a fixed range, so the
only way to guarantee that you will be able to use the bridge is to open up the
entire range. This range will depend on the venue server. Of course with
dynamic multicast venues, you would have the same problem, however, with static
venues, you could at least open the fixed port numbers in use. AG Connector
can also help with the port number problem, since it only uses a single fixed
port.
The only other problem I have seen with firewalls, is when the firewall
cannot cope with the amount of traffic passing with large AG meetings. It is
worth finding out what bandwidth the firewall can cope with if you regularly
join large meetings.
Andrew :)
============================================
Access Grid Support Centre,
RSS Group,
Manchester Computing,
Kilburn Building,
University of Manchester,
Oxford Road,
Manchester,
M13 9PL,
UK
Tel: +44(0)161-275 0685
Email: andrew.row...@manchester.ac.uk
> -----Original Message-----
> From: owner-ag-t...@mcs.anl.gov [mailto:owner-ag-t...@mcs.anl.gov] On
> Behalf Of Masullo, Chris F
> Sent: 06 April 2006 17:04
> To: ag-t...@mcs.anl.gov
> Subject: [AG-TECH] Firewall and unicast questions
>
> Hello All,
>
> We currently have our AG nodes outside our firewall, however cyber
> security
> has told us that we need to move the systems inside our firewall. The
> last
> time I brought up this issue a number of years ago I was told that
> multicast
> would not get past our firewall. I have some questions regarding this
> issue.
>
> Has anyone successfully placed an AG VTC system behind a Cisco Firewall?
> Are there any issues using unicast mode for and AG node behind a
> firewall?
> If not then why not run unicast?
>
> I have looked through the mailer however I do not see any answers to
> these
> Questions.
>
> Thanks in advance
>
>
>
> Chris Masullo Information Technology Division
> Brookhaven National Laboratory Network Engineering & Operations
> 61 Brookhaven Ave. Phone: (631) 344-2326
> Upton, NY 11973 Fax: (631) 344-7688
>
