Dealing with Internet Connectivity in Distributed Computing - PowerPoint PPT Presentation

About This Presentation
Title:

Dealing with Internet Connectivity in Distributed Computing

Description:

connect(A, X) CONNECT (X) ACTIVE (X) CONTACT (Y) Y. 11. ondor. C. www.cs.wisc.edu/condor ... requires administrative and technical control on headnodes but it ... – PowerPoint PPT presentation

Number of Views:20
Avg rating:3.0/5.0
Slides: 19
Provided by: sec109
Category:

less

Transcript and Presenter's Notes

Title: Dealing with Internet Connectivity in Distributed Computing


1
Dealing with Internet Connectivity in Distributed
Computing
2
Firewalls Private Networks
  • Firewalls
  • provide cheap and good way to protect networks
  • becoming headquarters of integrated security
    systems
  • Private networks
  • A solution to IPv4 address shortage problem
  • Easy network management and easy address planning
  • We have many firewalls and private networks
    deployed and will continue to have them in the
    future

3
Problems
  • Non-universal connectivity
  • Asymmetric connectivity
  • Collaboration becomes difficult or impossible
  • Resources are wasted

4
Agenda
  • Introduction
  • DPF (Dynamic Port Forwarding)
  • GCB (Generic Connection Brokering)
  • eGCB (extended GCB)
  • Conclusion

5
Dynamic Port Forwarding
B socket()
bind(B, ANY)
getsockname(B, X)
Server app

A socket()
DPF agent
connect(A, X)
NAT
DPF lib
Client
X ?? B
6
DPF
  • Basic Idea On-demand open/close
  • Supporting Environments
  • Headnode Linux NAT box
  • DPFnized private application
  • Regular public application

7
DPF
  • DPF can be used with any firewall that allows you
    to control opening/closing through the following
    APIs
  • open (local, remote, sec)
  • timeout (sec), where sec may be 0 to close the
    opening
  • list
  • Confirms MIDCOM specification at semantics level

8
GCB socket registration
B socket()
bind(B, ANY)
getsockname(B, X)
GCB lib
GCB lib
Broker
9
GCB passive connection
connect(A, X)
GCB lib
GCB lib
Broker
10
GCB relay connection
connect(A, X)
GCB lib
GCB lib
Broker
11
GCB
  • Basic Idea reversing the direction underneath
    the application
  • Supporting Environments
  • No requirement to firewalls
  • Outbound connections are allowed
  • Broker is placed either on the edge or outside of
    the private network

12
eGCB (extended GCB)
  • Support for multiple connection mechanisms
  • Integration of DPF GCB
  • Security to protect the Broker
  • Extension to DPF
  • On-demand open/close for outbound connections

13
Support for Multiple Methods
14
Connection Setup
inagent
15
Conclusions
  • DPF requires administrative and technical control
    on headnodes but it is fast and scalable
  • GCB is a little slower than DPF but requires no
    control on headnodes
  • The combination of DPF and GCB supports wider
    range of network setting than any other system
  • GCB and eGCB are generic mechanisms and can be
    used any application

16
Thank you!Sonny (Sechang) SonRm
3387sschang_at_cs.wisc.edu
17
Ways to handle
  • Manual opening
  • Same effect as not having firewall for the range
    of addresses
  • Impossible for administrator to know how many and
    how long addresses must be opened
  • Deceiving firewalls
  • War between firewalls and firewall-friendly
    software
  • We need a cooperative way!

18
Security Enforcement
Security Enforcement
inagent
Sec. Req.
Sec. Req.
Write a Comment
User Comments (0)
About PowerShow.com