[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Using STUN instead of the CCB



I've been reading about the Condor Connection Broker (CCB) and my
understanding is that it provides a central point where two services,
like the scheduler and the starter for example, can exchange packets
if they are both behind firewalls. So, I was wondering if Condor also
considered using STUN [1] to achieve the same objective while having
the above mentionned "central point" incur significantly less bandwidth
overhead.
Indeed, we initially looked at leveraging STUN, but our hopes were 
dashed when we ran some initial experiments to see how well STUN 
techniques work "out in the real world".  Using a couple dozen sits on 
the Open Science Grid, we found that only a handful of the sites that 
allowed outgoing TCP connections also allowed STUN to operate (for 
various reasons).  While STUN may be useful when using the default 
settings of a typical (semi)-stateful linksys home router box, it seemed 
to fall flat for traversing across institutional firewall configs 
prevalent at universities and government labs - i.e. the sort of 
boundaries we wanted Condor to traverse.
For what it is worth, I was disappointed by these results, as I had 
pinned my hopes on STUN.  Sniff.
--
Todd Tannenbaum                       University of Wisconsin-Madison
Condor Project Research               Department of Computer Sciences
tannenba@xxxxxxxxxxx                  1210 W. Dayton St. Rm #4257
Phone: (608) 263-7132                 Madison, WI 53706-1685