Mailing List ArchivesAuthenticated access |
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}
|
Mailing List ArchivesAuthenticated access |
|
I've been reading about the Condor Connection Broker (CCB) and my understanding is that it provides a central point where two services, like the scheduler and the starter for example, can exchange packets if they are both behind firewalls. So, I was wondering if Condor also considered using STUN [1] to achieve the same objective while having the above mentionned "central point" incur significantly less bandwidthoverhead.
Indeed, we initially looked at leveraging STUN, but our hopes were dashed when we ran some initial experiments to see how well STUN techniques work "out in the real world". Using a couple dozen sits on the Open Science Grid, we found that only a handful of the sites that allowed outgoing TCP connections also allowed STUN to operate (for various reasons). While STUN may be useful when using the default settings of a typical (semi)-stateful linksys home router box, it seemed to fall flat for traversing across institutional firewall configs prevalent at universities and government labs - i.e. the sort of boundaries we wanted Condor to traverse.
For what it is worth, I was disappointed by these results, as I had pinned my hopes on STUN. Sniff.
-- Todd Tannenbaum University of Wisconsin-Madison Condor Project Research Department of Computer Sciences tannenba@xxxxxxxxxxx 1210 W. Dayton St. Rm #4257 Phone: (608) 263-7132 Madison, WI 53706-1685