[fi-rg] Common classification
Gian Luca Volpato
volpato at rrzn.uni-hannover.de
Fri Feb 10 09:30:28 CST 2006
Hello,
I would like to add a couple of comments.
> Please find below, a list of common issue as I believe can be found
> in the high level classification documents. Please add/change/
> modify/comment
>
> *Software:*
>
> Ports numbers and amount of ports unknown until application starts:
> Consequence: big holes (many ports) are required if amount and/or port
> numbers are unknown, single hole case (e.g. HTTP port 80) causes
> referral
> problems. Only specific, predetermined applications that use a low
> number
> and very well defined ports can be supported adequately.
In some cases ports are dynamically allocated by the application
(e.g. GridFTP, dCache) and they are not known at the time the
application starts. Usually it' s possible to constrain these port
numbers within a range but it does not help that much because the
complete range must be opened in the firewall.
> *Network:*
>
> Grid hardware resources running certain applications can not be
> place inside the DMZ.
> Sometimes applications must past more then 2 DMZs.
> Putting Grid applications inside the DMZ can sometimes not be avoided.
> Firewalls, when involved in bypass connections must perform
> elaborate routing functions,
> ie. by separating private and public IP addresses.
Any number and any kind of firewalls may be present on the
communication path. We can't assume to always know in advance the
complete network configuration.
Kind regards
/Gian Luca
More information about the fi-rg
mailing list