[jboss-jira] [JBoss JIRA] Updated: (JGRP-729) Support for NAT

Bela Ban (JIRA) jira-events at lists.jboss.org
Fri Feb 12 06:33:10 EST 2010 

     [ https://jira.jboss.org/jira/browse/JGRP-729?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bela Ban updated JGRP-729:
--------------------------

    Fix Version/s: 3.x
                       (was: 2.10)


> Support for NAT
> ---------------
>
>                 Key: JGRP-729
>                 URL: https://jira.jboss.org/jira/browse/JGRP-729
>             Project: JGroups
>          Issue Type: Feature Request
>            Reporter: Bela Ban
>            Assignee: Bela Ban
>             Fix For: 3.x
>
>
> Using external_addr, members behind NATs can communicate. However, members behind the same NAT cannot communicate as the NATted address is unknown [email by Terence Chan below].
> We need to fix this with logical addresses, where the identity of a member is independent from the physical address
> I am using JGroups to connect multiple servers in 2 zones, separated by
> 2 firewalls with Network Address Translation (NAT).  The servers cannot
> connect to each other due to NAT.
> The situation is as follows:
> -- Server A is behind Firewall A
> -- Server A's local address is 10.253.40.80
> -- Server A's NAT address is 10.253.2.80
> -- Server B is behind Firewall B
> -- Server B's local address is 172.16.80.33
> -- Server B's NAT address is 10.1.1.39
> When Server A initiates a connection to Server B, Server A sends a
> "connection message" with source address = its local address (ie.,
> 10.253.40.80).    Then, Server B replies a message with destination
> address = the source address of the original message (ie., Server A's
> local address).  Since the local address (10.253.40.80) is not
> reachable, so Server A cannot receive the reply.
> Then I try to use "external_addr" attribute in the config file to set
> the message's source address to the NAT address.
>   <TCP start_port="7900" external_addr="10.253.2.80" ...../>
> But, since the message's source address becomes NAT address, servers
> "within" the same network segment cannot send messages to each other,
> because NAT address is ONLY recognized by servers outside the firewall.
> For example, if Server A1 sends a message to another Server A2 in the
> same network segment, A2 cannot reply to A1 because A2 doesn't recognize
> A1's NAT address.   
> For your reference, below is the error message when Server B sends a
> message to itself via its NAT address:
> 2008-03-27 20:36:55,871 DEBUG [ DownHandler (TCP)]
> jgroups.protocols.TCP#sendToSingleMember() -  failure sending message to
> 10.1.1.39:7000
> java.lang.Exception: connection to 10.1.1.39:7000 could not be
> established
>         at
> org.jgroups.blocks.BasicConnectionTable.send(BasicConnectionTable.java:2
> 38)

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list