Gregg Wonderly wrote:
Peter Firmstone wrote:
Sim IJskes - QCG wrote:
BTW pluggable marshallers, this could provide us for a place to put
an auto-exporter in. We could with annotations/interfaces signal
verify the intent. (i'm sure i'm not the first one thinking that).
This is going to be interesting, especially considering NAT's will
change ports randomly, the Marshalled Object / Proxy instance won't
know their way home, they'll probably need to find their location on
an event que or something like that.
To break through unrouted paths due to NAT, it would probably be
better to rely on connectivity reversal in the endpoint
implementations. A call through the endpoints in one direction, could
cause traffic in the opposing direction to request a remote inbound
connection, and then use that connection.
Thanks Gregg, I thought that too, but there are some issues, see the
paper below, both NAT's have to think that they initiated the connection
and there are a number of tricks to get the connection started that
require a public third party.
The problem is that when a service exports a marshalled proxy instance
into a lookup server, the unmarshalling of (an instance of) the proxy
is invisible to the service.
So I might have to delay obtaining a marshalled proxy instance until the
connection is set up? How do I request a new proxy instance directly
from the service?
A DNS-SD Registrar (GlobalLookupService, I need a good name) smart proxy
could potentially download the marshalled proxy directly from the
service to the client (not sure how to do that either, got any ideas?).
My earlier comment about having a Marshalled ServiceItem Service with a
hash lookup based on serviceID, might need to perform the Entry
Comparisons for a DNS-SD Registrar (DNS-SD can't match entries), the
Marshalled Proxy contained within would be useless.
Perhaps we need our own implementation of a Reflective Proxy that can
find it's way home? I have the basic reflective proxy object
implementation that I stripped from harmony, I could alter that. That
way we'd be using local code to find the way home. Maybe I should call
him ET?
By utilising the OSGi Conditions for Permissions, certain permissions
can be denied once the connection is lost, until the Service can be can
re verify it's proxy and be authenticated.
I haven't been able to read all of the details of what you all have
discussed because some of the words are not sinking in.
Let me know which one's I'll try to better explain it.
However, the bigger issue is the NAT traversal issue. If there are
not fixed port numbers and port forwarding through the NATing device,
I'm not sure there is a solution that doesn't involve a proxying host
(which you all did discuss).
It appears that the TCP/IP link can keep the connection by advising
either side of the dynamic port changes. See the report (link below),
I'm not 100% confident, that I have interpreted this correctly, I hope
it can actually do this, if it does, it will save a lot of hassle.
That becomes a bottle neck and a resource that is difficult to manage.
My thoughts exactly, read this report (see link), there is a TCP p2p
alternative that will provide a high degree of success for most NAT
routers / firewalls. There's a c implementation for Linux that requires
root permissions (involves the Administrator, why adoption is low). It
only needs a third party to get the connection started. We need a java
implementation, see my earlier posting. The proxying host could be a
fall back if this fails. This method would have no trouble with the
typical home NAT device, however it addresses enterprise NAT devices
also and that is a major concern.
This report details how to create a reliable TCP p2p NAT link between
private networks that handles dynamic ports changes at both ends (the
endpoints notify each other of the changes with TCP).
http://natblaster.sourceforge.net/paper/natblaster.pdf
See my earlier post "Re: roadmap - ICE Interactive Connectivity
Establishment" for other references also.
Maybe we need an endpoint implementation which knows how to use uPnP
for port forwarding configuration on consumer routers? More and more
software is using uPnP for port forwarding.
Checked it out, the home routers are the easiest to break through, it's
the enterprise stuff that's difficult, their uPnP is usually turned off.
Microsofts Home Server knows how to do this, and there are others that
I've seen doing this to provide appropriate port forwarding changes.
Gregg Wonderly
Cheers,
Peter.
