Re: [Condor-users] flocking: trying to connect directly to theprivatenetwork

["Henrique Bucher" <hbucher@xxxxxxxxxxxxxxx>]

Hi Mark,

Thanks for your reply.

I was under the impression that Condor would tackle this problem natively -
by flocking.  But now I'm confused by what flocking means - if it's
marshalling files between whole pools or only between two machines.

One interesting thing I did other day is to issue a
NETWORK_INTERFACE = 0.0.0.0   (which is INADDR_ANY in netinet/in.h anyway).
It's been working very well so far and makes my head node listen to all
network interfaces, both the external and the internal.

I've seen GCB and DPF from Sechang - but do you think they are stable enough
to deploy in production mode?

Henrique


> Hi Henrique,
>
> Those viznodes are going to have to talk to your submit node, which will
> not be possible with their private IP addresses because I'm betting that
> the head node is not performing IP masquerading on their behalf, right?
> Another alternative is to run a GCB instance on the head node, though I
> haven't actually done this myself. See the following link for details:
>
> http://www.cs.wisc.edu/~sschang/firewall/gcb/index.htm
>
> The way we do it is to give all nodes in our Condor "world" certain
> "private" addresses that are routable within our domain (hence local
> routers need to be suitably configured). Then the head node has IP
> forwarding activated as well as being an ARP proxy. This then acts as the
> gateway for the cluster nodes, and it all works well.
>
> Cheers,
> Mark