Happy new years everyone.
I am trying to increase parallelism but have port restrictions
in place --with-tcpportrange and --with-udpportrange used in
the build.
I am reading Stefan Weichinger's document
"How Amanda uses UDP and TCP ports" at
http://docs.huihoo.com/amanda/2.5.x/portusage.html
but I'm not completely clear on the issue.
While there are rules given in the web page
for tcp
Pick the max of (2 * inparallel) and (3 * largest maxdumps). Allocate at
least that many ports in the unprivileged (1024 or larger) range. Stay
away from other well known ports (e.g. in your /etc/services file) or
account for their potential use by making the portrange larger.
and
for udp
Allocate at least "inparallel" many ports in the privileged (1023 or
smaller) range. Stay away from other well known ports (e.g. in your
/etc/services file) or account for their potential use by making the
portrange larger.
I'm not completely clear on how exactly to apply this.
If I am using auto bsdtcp rather than default UDP connection
or a mixture of both tcp and udp how do I count my ports ?
We did build with a fairly small port range and have seemingly
shot ourselves in the foot. This is not a big issue for most of
our client/server pairs, but a number of connections either
traverse or are initiated by Firewall systems.
Since I need to aproach our security officer about this I need
a good understanding of how to count my connections.
Actually - we only have a problem with one server, it now has
30+ clients and 280+ DLEs, but numerous connections traverse
a firewall.
We needed to move one client to BSDTCP because of the number of
DLEs but other clients remain default UDP connections. I could
move all clients to BSDTCP but I'm not sure that will not exacerbate
the issue.
A prior note from Jean-Louis to me read:
You have inparallel set to 18 with bsd auth, so the range must be
larger 18*5 = 90 Smaller range can also work, but 18 is too small.
I believe at that time I'd had an inparallel setting of 18. Does
that mean I need 5 TCP sockets per DLE when using bsd tcp ?
Sorry, not sure I'm asking my question clearly...
Thinking about it, since the dumpers are independent of one another
on the server each socket number (of a given type) can only be used
once. So, even if, for instance, I could backup all DLEs on a given
client from a single socket I'd be limited to (in my case) 18 auth
BSDTCP based clients because that was my port range. More likely a
total of 18 concurrent TCP DLEs, but I suspect there are client-server
overhead channels (?)
Is that correct ?
Q: How many sockets of each BSD and/or UDP are needed for each type
of connection, TCP or UDP ?
Do I have this right now ?
For a bsd tcp connected client
If I have 280+ DLE on a client and want to run inparallel of 12 and
I have 30 clients and want to backup 15 at a time I will need
MAX (3*maxdump, 2*Inparallel), max (3*12, 2*15) yields 36 TCP ports
and no UDP ports.
But I'm not sure if that matches with what JLM way saying, but
I have changed all the numbers...
For a UDP connected client
I need only inparallel ports ? From the numbers above I'd need
only 15 UDP ports and no TCP ports ?
thanks for your help,
Brian
---
Brian R Cuttler [email protected]
Computer Systems Support (v) 518 486-1697
Wadsworth Center (f) 518 473-6384
NYS Department of Health Help Desk 518 473-0773
IMPORTANT NOTICE: This e-mail and any attachments may contain
confidential or sensitive information which is, or may be, legally
privileged or otherwise protected by law from further disclosure. It
is intended only for the addressee. If you received this in error or
from someone who was not authorized to send it to you, please do not
distribute, copy or use it or any attachments. Please notify the
sender immediately by reply e-mail and delete this from your
system. Thank you for your cooperation.
