I realize my email was a little wordy, but did anyone have
any input ?
I'm trying to maximize parallelism but we ran nto the port
restriction limitations we'd set. Because altering them will
mean a discussion with my firewall manager I'm trying to get
a good handle on how many ports of type UDP and TCP are needed
for dumping.
I am dumping using both the tradition UPD method as well as
using bsd TCP to a client with a "lot of DLEs".
I assume we have to figure both a per-DLE connection count
as well as a server-client overhead count ?
thank you,
Brian
On Mon, Jan 03, 2011 at 05:24:41PM -0500, Brian Cuttler wrote:
>
> Happy new years everyone.
>
> I am trying to increase parallelism but have port restrictions
> in place --with-tcpportrange and --with-udpportrange used in
> the build.
>
> I am reading Stefan Weichinger's document
> "How Amanda uses UDP and TCP ports" at
> http://docs.huihoo.com/amanda/2.5.x/portusage.html
>
> but I'm not completely clear on the issue.
>
> While there are rules given in the web page
>
> for tcp
> Pick the max of (2 * inparallel) and (3 * largest maxdumps). Allocate at
> least that many ports in the unprivileged (1024 or larger) range. Stay
> away from other well known ports (e.g. in your /etc/services file) or
> account for their potential use by making the portrange larger.
>
> and
>
> for udp
> Allocate at least "inparallel" many ports in the privileged (1023 or
> smaller) range. Stay away from other well known ports (e.g. in your
> /etc/services file) or account for their potential use by making the
> portrange larger.
>
> I'm not completely clear on how exactly to apply this.
> If I am using auto bsdtcp rather than default UDP connection
> or a mixture of both tcp and udp how do I count my ports ?
>
> We did build with a fairly small port range and have seemingly
> shot ourselves in the foot. This is not a big issue for most of
> our client/server pairs, but a number of connections either
> traverse or are initiated by Firewall systems.
>
> Since I need to aproach our security officer about this I need
> a good understanding of how to count my connections.
>
> Actually - we only have a problem with one server, it now has
> 30+ clients and 280+ DLEs, but numerous connections traverse
> a firewall.
>
> We needed to move one client to BSDTCP because of the number of
> DLEs but other clients remain default UDP connections. I could
> move all clients to BSDTCP but I'm not sure that will not exacerbate
> the issue.
>
> A prior note from Jean-Louis to me read:
> You have inparallel set to 18 with bsd auth, so the range must be
> larger 18*5 = 90 Smaller range can also work, but 18 is too small.
>
> I believe at that time I'd had an inparallel setting of 18. Does
> that mean I need 5 TCP sockets per DLE when using bsd tcp ?
>
> Sorry, not sure I'm asking my question clearly...
>
> Thinking about it, since the dumpers are independent of one another
> on the server each socket number (of a given type) can only be used
> once. So, even if, for instance, I could backup all DLEs on a given
> client from a single socket I'd be limited to (in my case) 18 auth
> BSDTCP based clients because that was my port range. More likely a
> total of 18 concurrent TCP DLEs, but I suspect there are client-server
> overhead channels (?)
>
> Is that correct ?
>
> Q: How many sockets of each BSD and/or UDP are needed for each type
> of connection, TCP or UDP ?
>
> Do I have this right now ?
>
> For a bsd tcp connected client
> If I have 280+ DLE on a client and want to run inparallel of 12 and
> I have 30 clients and want to backup 15 at a time I will need
> MAX (3*maxdump, 2*Inparallel), max (3*12, 2*15) yields 36 TCP ports
> and no UDP ports.
>
> But I'm not sure if that matches with what JLM way saying, but
> I have changed all the numbers...
>
> For a UDP connected client
> I need only inparallel ports ? From the numbers above I'd need
> only 15 UDP ports and no TCP ports ?
>
> thanks for your help,
>
> Brian
> ---
> Brian R Cuttler [email protected]
> Computer Systems Support (v) 518 486-1697
> Wadsworth Center (f) 518 473-6384
> NYS Department of Health Help Desk 518 473-0773
>
---
Brian R Cuttler [email protected]
Computer Systems Support (v) 518 486-1697
Wadsworth Center (f) 518 473-6384
NYS Department of Health Help Desk 518 473-0773
IMPORTANT NOTICE: This e-mail and any attachments may contain
confidential or sensitive information which is, or may be, legally
privileged or otherwise protected by law from further disclosure. It
is intended only for the addressee. If you received this in error or
from someone who was not authorized to send it to you, please do not
distribute, copy or use it or any attachments. Please notify the
sender immediately by reply e-mail and delete this from your
system. Thank you for your cooperation.
