[Condor-users] Flocking / ports / firewalls

["Kewley, J (John)" <J.Kewley@xxxxxxxx>]

I have two condor pools separated by a firewall (in actual fact, both
central nodes have
their own firewalls IN ADDITION to the site firewall between the 2 subnets).

1 pool is a heterogenous pool. The plan is for it to flock out through the
firewall
to the 2nd pool.

This 2nd pool consists of a head node and some workers. The workers are on a
local
network to the head node and cannot be seen directly from the other pool.

Some questions:

[sorry I previously sent this in another thread, having forgotten to change
the
subject]

1. How big a port range should be opened for communications? (this has to be
done in
   the firewalls and also in the condog_config.local of the firewalled
nodes).
   9614 and 9618 have to be opened as well.

2. As the worker nodes don't have reachable names except from their central
node, can they
   participate in the flock?

and finally (slightly different topic I'm afraid)
3. In general if you have a bunch of machines at 2 different sites, what
advantages are there
   in having one pool flocking to another as opposed to having one big pool?

   Reasons may include:
   a) Political - this is my pool, but you may share it!
   b) Firewall implications (do you only need ports opened between the 2
central nodes in a flock?)
   c) Hierarchy - 1 way flocking
   d) efficiency (I guess big pool is faster), although for distant sites
and jobs with
      large data, maybe it is better for jobs to be done locally if
possible.

Cheers

JK