[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Condor-users] Using STUN instead of the CCB

I've been reading about the Condor Connection Broker (CCB) and my
understanding is that it provides a central point where two services,
like the scheduler and the starter for example, can exchange packets
if they are both behind firewalls. So, I was wondering if Condor also
considered using STUN [1] to achieve the same objective while having
the above mentionned "central point" incur significantly less bandwidth

Indeed, we initially looked at leveraging STUN, but our hopes were dashed when we ran some initial experiments to see how well STUN techniques work "out in the real world". Using a couple dozen sits on the Open Science Grid, we found that only a handful of the sites that allowed outgoing TCP connections also allowed STUN to operate (for various reasons). While STUN may be useful when using the default settings of a typical (semi)-stateful linksys home router box, it seemed to fall flat for traversing across institutional firewall configs prevalent at universities and government labs - i.e. the sort of boundaries we wanted Condor to traverse.

For what it is worth, I was disappointed by these results, as I had pinned my hopes on STUN. Sniff.

Todd Tannenbaum                       University of Wisconsin-Madison
Condor Project Research               Department of Computer Sciences
tannenba@xxxxxxxxxxx                  1210 W. Dayton St. Rm #4257
Phone: (608) 263-7132                 Madison, WI 53706-1685