The diffs...
/usr/bin/Bridge (AG3)
/usr/bin/BridgeServer.py (AG2)
Todd Zimmerman wrote:
> Within WestGrid, we have a need to have static unicast ports for venues so
> that firewall
> administrators can limit the ports required to be opened for AG usage.
> Assigning static multicast
> ports is easy; however, assigning static unicast ports is not.
>
> I thought I'd post to the list the small hacks I've implemented to achieve
> static unicast ports on
> our Venueserver/Bridgeservers.
>
> For background, WestGrid utilizes static multicast addresses from the Netera
> Alliance glop space
> (233.59.192.x) which we have authorization to use. We also use a port
> numbering convention that
> utilizes ports in the range of 60500 - 60800 for these multicast
> addresses/venues. For static
> unicast ports, we have use a 'multicast port - 10000' convention - so our
> unicast range is 50500 -
> 50800.
>
> For AG3 bridging, we still want to offer the bridge to users not using the
> WestGrid Venueserver - so
> I start the bridge giving a range of usable ports outside of our statically
> used range
> (55000-57000). I then added a check in /usr/bin/Bridge to statically assign
> WestGrid venues while
> leaving non-WestGrid venues to be assigned within the range assigned above.
>
> Disclaimer - I am not a doctor nor do I play one on TV. I'm not sure if
> there are any side effects
> to using this hack - so don't blame me if something breaks ;-) To use this
> hack you'll need access
> to a multicast glop space and you need to make sure your static port range
> will not collide with
> your non-static port range since all checks are bypassed.
>
> This is the code I added at line 59 of /usr/bin/Bridge - just after the
> 'uaddr =
> SystemConfig.instance().GetHostname()' line:
>
>
> uport = None
> if mnl["host"].startswith( "233.59.192" ):
> uport = mnl["port"] - 10000;
>
> Then changed lines 64/65 from:
>
> retBridge = self.bridgeFactory.CreateBridge(id=mnl["id"], maddr=mnl["host"],
> mport=mnl["port"],
> mttl=mnl["ttl"], uaddr=uaddr,uport=none)
>
> to
>
> retBridge = self.bridgeFactory.CreateBridge(id=mnl["id"], maddr=mnl["host"],
> mport=mnl["port"],
> mttl=mnl["ttl"], uaddr=uaddr,uport=uport)
>
>
> For AG2.4, the hack was easier since we were only bridging our own venueserer
> - so we didn't have to
> worry about setting up bridges outside of our range. I added the following
> at line 560 (just after
> 'uport = 0' in __AddBridge:
>
> uport = streamDesc.location.port - 10000;
>
> I then commented out the proceeding lines 561-571 (the port allocation part)
> since we no longer need
> to allocate ports.
>
> I've attached diffs for anyone interested. These hacks are just that - hacks
> and I wouldn't
> recommend using them; however I know other people are in the same
> circumstance as WestGrid and need
> to limit port usage for security administrators. If anyone has any thoughts
> ideas on how best to
> implement these in a better/more practical and configurable way I'd be
> interested to hear (I suppose
> we could add a static bridge section to the bridge config file etc.) and
> perhaps I could look at
> coding something up for inclusion in the main source.
>
> Cheers,
>
> Todd
>
>
>
>
>
>
>
58a59,63
> uport = None
> log.info ("Checking Multicast Address")
> if mnl["host"].startswith( "233.59.192" ):
> uport = mnl["port"] - 10000;
> log.info("WestGrid Venue! uport %s" %(str(uport)))
60c65
< mport=mnl["port"], mttl=mnl["ttl"], uaddr=uaddr,uport=None)
---
> mport=mnl["port"], mttl=mnl["ttl"], uaddr=uaddr,uport=uport)
560c560,561
<
---
> uport = streamDesc.location.port - 10000;
> """
570c571
<
---
> """
