1 / 18

Dealing with Internet Connectivity in Distributed Computing

Dealing with Internet Connectivity in Distributed Computing. Firewalls & Private Networks. Firewalls provide cheap and good way to protect networks becoming headquarters of integrated security systems Private networks A solution to IPv4 address shortage problem

randi
Download Presentation

Dealing with Internet Connectivity in Distributed Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Dealing with Internet Connectivity in Distributed Computing

  2. Firewalls & Private Networks • Firewalls • provide cheap and good way to protect networks • becoming headquarters of integrated security systems • Private networks • A solution to IPv4 address shortage problem • Easy network management and easy address planning • We have many firewalls and private networks deployed and will continue to have them in the future

  3. Problems • Non-universal connectivity • Asymmetric connectivity • Collaboration becomes difficult or impossible • Resources are wasted

  4. Agenda • Introduction • DPF (Dynamic Port Forwarding) • GCB (Generic Connection Brokering) • eGCB (extended GCB) • Conclusion

  5. B A X BIND (B) X X A  X A  B Dynamic Port Forwarding B = socket(); bind(B, ANY); getsockname(B, X); Server app A = socket(); DPF agent connect(A, X); NAT Client DPF lib X  B

  6. DPF • Basic Idea: On-demand open/close • Supporting Environments • Headnode: Linux NAT box • DPFnized private application • Regular public application

  7. DPF • DPF can be used with any firewall that allows you to control opening/closing through the following APIs: • open (local, remote, sec) • timeout (sec), where sec may be 0 to close the opening • list • Confirms MIDCOM specification at semantics level

  8. X Server Client BIND (B) B A X X GCB: socket registration B = socket(); bind(B, ANY); getsockname(B, X) GCB lib GCB lib Broker

  9. X Server Client B A CONNECT (X) CONTACT (A) PASSIVE GCB: passive connection connect(A, X) GCB lib GCB lib Broker

  10. X Y Server Client B A CONNECT (X) CONTACT (Y) ACTIVE (X) GCB: relay connection connect(A, X) GCB lib GCB lib Broker

  11. GCB • Basic Idea: reversing the direction underneath the application • Supporting Environments • No requirement to firewalls • Outbound connections are allowed • Broker is placed either on the edge or outside of the private network

  12. eGCB (extended GCB) • Support for multiple connection mechanisms • Integration of DPF & GCB • Security to protect the Broker • Extension to DPF • On-demand open/close for outbound connections

  13. submit site communication via relay direct connection communication via a punched hole execution site execution site execution site execution site … reversed connection … Support for Multiple Methods

  14. 4) connection setup 3) negotiation F/W F/W 2) open for outbound connector listener outagent 1) registration Connection Setup inagent

  15. Conclusions • DPF requires administrative and technical control on headnodes but it is fast and scalable • GCB is a little slower than DPF but requires no control on headnodes • The combination of DPF and GCB supports wider range of network setting than any other system • GCB and eGCB are generic mechanisms and can be used any application

  16. Thank you!Sonny (Sechang) SonRm# 3387sschang@cs.wisc.edu

  17. Ways to handle • Manual opening • Same effect as not having firewall for the range of addresses • Impossible for administrator to know how many and how long addresses must be opened • Deceiving firewalls • War between firewalls and ‘firewall-friendly’ software • We need a cooperative way!

  18. F/W F/W connector listener outagent Security Enforcement Security Enforcement Sec. Req. inagent Sec. Req.

More Related