Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sonny (Sechang) Son Computer Sciences Department University of Wisconsin-Madison Dealing with Internet Connectivity in Distributed.

Published byAsher Norman Modified over 8 years ago

Similar presentations

Presentation on theme: "Sonny (Sechang) Son Computer Sciences Department University of Wisconsin-Madison Dealing with Internet Connectivity in Distributed."— Presentation transcript:

1 Sonny (Sechang) Son Computer Sciences Department University of Wisconsin-Madison sschang@cs.wisc.edu Dealing with Internet Connectivity in Distributed Computing

2 www.cs.wisc.edu/condor 2 Firewalls & Private Networks › Firewalls  provide cheap and good way to protect networks  becoming headquarters of integrated security systems › Private networks  A solution to IPv4 address shortage problem  Easy network management and easy address planning › We have many firewalls and private networks deployed and will continue to have them in the future

3 www.cs.wisc.edu/condor 3 Problems › Non-universal connectivity › Asymmetric connectivity › Collaboration becomes difficult or impossible › Resources are wasted

4 www.cs.wisc.edu/condor 4 Agenda › Introduction › DPF (Dynamic Port Forwarding) › GCB (Generic Connection Brokering) › eGCB (extended GCB) › Conclusion

5 www.cs.wisc.edu/condor 5 Dynamic Port Forwarding B DPF lib DPF agent A Client Server app NAT X A  XA  B B = socket(); bind(B, ANY); getsockname(B, X ); BIND (B) X X  B X A = socket(); connect(A, X);

6 www.cs.wisc.edu/condor 6 DPF › Basic Idea: On-demand open/close › Supporting Environments  Headnode: Linux NAT box  DPFnized private application  Regular public application

7 www.cs.wisc.edu/condor 7 DPF › DPF can be used with any firewall that allows you to control opening/closing through the following APIs:  open (local, remote, sec)  timeout (sec), where sec may be 0 to close the opening  list › Confirms MIDCOM specification at semantics level

8 www.cs.wisc.edu/condor 8 GCB: socket registration BGCB lib Broker X Server AGCB lib Client B = socket(); bind(B, ANY); getsockname(B, X ) BIND (B) X X

9 www.cs.wisc.edu/condor 9 GCB: passive connection B GCB lib Broker X Server AGCB lib Client connect(A, X ) CONNECT (X) PASSIVE CONTACT (A)

10 www.cs.wisc.edu/condor 10 GCB: relay connection B GCB lib Broker X Server AGCB lib Client connect(A, X ) CONNECT (X) ACTIVE (X) CONTACT (Y) Y

11 www.cs.wisc.edu/condor 11 GCB › Basic Idea: reversing the direction underneath the application › Supporting Environments  No requirement to firewalls  Outbound connections are allowed  Broker is placed either on the edge or outside of the private network

12 www.cs.wisc.edu/condor 12 eGCB (extended GCB) › Support for multiple connection mechanisms  Integration of DPF & GCB › Security to protect the Broker › Extension to DPF  On-demand open/close for outbound connections

13 www.cs.wisc.edu/condor 13 Support for Multiple Methods submit site execution site … … direct connection communication via a punched hole reversed connection communication via relay execution site execution site execution site

14 www.cs.wisc.edu/condor 14 Connection Setup inagent outagentlistenerconnector F/W 1) registration 2) open for outbound 3) negotiation 4) connection setup

15 www.cs.wisc.edu/condor 15 Conclusions › DPF requires administrative and technical control on headnodes but it is fast and scalable › GCB is a little slower than DPF but requires no control on headnodes › The combination of DPF and GCB supports wider range of network setting than any other system › GCB and eGCB are generic mechanisms and can be used any application

16 www.cs.wisc.edu/condor 16 Thank you! Sonny (Sechang) Son Rm# 3387 sschang@cs.wisc.edu

17 www.cs.wisc.edu/condor 17 Ways to handle › Manual opening  Same effect as not having firewall for the range of addresses  Impossible for administrator to know how many and how long addresses must be opened › Deceiving firewalls  War between firewalls and ‘firewall-friendly’ software › We need a cooperative way!

18 www.cs.wisc.edu/condor 18 Security Enforcement inagent outagentlistenerconnector F/W Sec. Req. Security Enforcement

Download ppt "Sonny (Sechang) Son Computer Sciences Department University of Wisconsin-Madison Dealing with Internet Connectivity in Distributed."

Similar presentations

Todd Tannenbaum Condor Team GCB Tutorial OGF 2007.

Todd Tannenbaum Condor Team GCB Tutorial OGF 2007.
Jaime Frey Computer Sciences Department University of Wisconsin-Madison OGF 19 Condor Software Forum Routing.

Jaime Frey Computer Sciences Department University of Wisconsin-Madison OGF 19 Condor Software Forum Routing.
Current methods for negotiating firewalls for the Condor ® system Bruce Beckles (University of Cambridge Computing Service) Se-Chang Son (University of.

Current methods for negotiating firewalls for the Condor ® system Bruce Beckles (University of Cambridge Computing Service) Se-Chang Son (University of.
Dan Bradley Computer Sciences Department University of Wisconsin-Madison Schedd On The Side.

Dan Bradley Computer Sciences Department University of Wisconsin-Madison Schedd On The Side.
CSE 222a Final Project - UCSD Spring 2007 p2p DNS addressing Presented By- Anup Tapadia Alexander Loukissas Justin Wu.

CSE 222a Final Project - UCSD Spring 2007 p2p DNS addressing Presented By- Anup Tapadia Alexander Loukissas Justin Wu.
Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)

Setting Up a Virtual Private Network Chapter 9. Learning Objectives Understand the components and essential operations of virtual private networks (VPNs)
An Example of IPv6 Necessity in the Greek School Network Athanassios Liakopoulos Greek Research & Technology Network.

An Example of IPv6 Necessity in the Greek School Network Athanassios Liakopoulos Greek Research & Technology Network.
Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec 2003 1 Secure Generic Connection Brokering SGCB enhancing secure submission of grid jobs.

Secure Generic Connection Brokering – SGCB JPDPS Tel-Aviv Dec Secure Generic Connection Brokering SGCB enhancing secure submission of grid jobs.
Sechang Son Computer Sciences Department University of Wisconsin-Madison Network Bandwidth Regulation.

Sechang Son Computer Sciences Department University of Wisconsin-Madison Network Bandwidth Regulation.
Improving Customer Satisfaction Through Advances in Remote Management Technology Greg Michel Product Manager Quintum Technologies Inc.

Improving Customer Satisfaction Through Advances in Remote Management Technology Greg Michel Product Manager Quintum Technologies Inc.
WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,

WSV404 DirectAccess Server (Server 2008 R2) DirectAccess Client (Windows 7) Internet Native IPv6 6to4 Teredo IP-HTTPS Tunnel over IPv4 UDP, HTTPS,
Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.

Support Protocols and Technologies. Topics Filling in the gaps we need to make for IP forwarding work in practice – Getting IP addresses (DHCP) – Mapping.
CS 5565 Network Architecture and Protocols

CS 5565 Network Architecture and Protocols
SOCKS Group: Challenger Member: Lichun Zhan. Agenda Introduction SOCKS v4 SOCKS v5 Summary Conclusion References Questions.

SOCKS Group: Challenger Member: Lichun Zhan. Agenda Introduction SOCKS v4 SOCKS v5 Summary Conclusion References Questions.
Introduction to Networking Concepts. Introducing TCP/IP Addressing Network address – common portion of the IP address shared by all hosts on a subnet/network.

Introduction to Networking Concepts. Introducing TCP/IP Addressing Network address – common portion of the IP address shared by all hosts on a subnet/network.
 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.

 Introduction  VoIP  P2P Systems  Skype  SIP  Skype - SIP Similarities and Differences  Conclusion.
CS 3214 Computer Systems Godmar Back Lecture 24 Supplementary Material.

CS 3214 Computer Systems Godmar Back Lecture 24 Supplementary Material.
1 Chapter 28-29 Client-Server Interaction. 2 Functionality  Transport layer and layers below  Basic communication  Reliability  Application layer.

1 Chapter Client-Server Interaction. 2 Functionality  Transport layer and layers below  Basic communication  Reliability  Application layer.
Sonny (Sechang) Son Computer Sciences Department University of Wisconsin-Madison Dealing with Internet Connectivity in Distributed.

Sonny (Sechang) Son Computer Sciences Department University of Wisconsin-Madison Dealing with Internet Connectivity in Distributed.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

Similar presentations

Ads by Google