Monday, May 27, 2013

Vfabric GemFire - Firewalls and Ports

For a server, there are two different port settings you may need to be concerned with regarding firewalls:
  • Port that the cache server listens on: This is configurable using the cache-server element in xml, on the Cache Server class in java, and as a command line option to the cache server script.
  • Locator port: Gemfire clients can use the locator to automatically discover cache servers. The locator port is the same one that is configured for peer-to-peer messaging. The locator port is configurable in as an option to the Gemfire start-locator command.
Default Ports
Port Name
Default Port
RMI Server
Bridge Server
Gateway Hub
Cache Server
ephemeral port
Membership Port Range
1024 to 65535
no default
For a client: you tell the client how to connect to the server using the pool options. In the client's pool configuration you can create a pool with either a list of server elements or a list of locator elements. For each element, you specify the host and port to connect to.
By default, Gemfire clients and servers discover each other on a pre-defined port (40404) on the local host.
Each gateway-hub usually has a port where it listens for incoming communication and one or more gateways defined for outgoing communication to remote hubs.
Limiting Ephemeral Ports for Peer-to-Peer Membership
By default, GemFire assigns ephemeral ports, that is, temporary ports assigned from a designated range, which can encompass a large number of possible ports. When a firewall is present, the ephemeral port range usually must be limited to a much smaller number, for example six. If you are configuring P2P communications through a firewall, you must also set each the tcp port for each process and ensure that UDP traffic is allowed through the firewall.
Properties for Firewall and Port Configuration
This table contains properties potentially involved in firewall behavior, with a brief description of each property. Click on a property name for a link to the topic in the GemFire Reference section.

Gemfire Properties
peer-to-peer config
Specifies whether sockets are shared by the system member's threads.
peer-to-peer config
The list of locators used by system members. The list must be configured consistently for every member of the distributed system.
peer-to-peer config
Address used to discover other members of the distributed system. Only used if mcast-port is non-zero. This attribute must be consistent across the distributed system.
peer-to-peer config
Port used, along with the mcast-address, for multicast communication with other members of the distributed system. If zero, multicast is disabled for member discovery and distribution.
peer-to-peer config
The range of ephemeral ports available for unicast UDP messaging and for TCP failure detection in the peer-to-peer distributed system.
peer-to-peer config
The TCP port to listen on for cache communications.
Server Configuration Properties
cache server config
Hostname or IP address to pass to the client as the location where the server is listening.
cache server config
Maximum number of client connections for the server. When the maximum is reached, the server refuses additional client connections.
cache server config
Port that the server listens on for client communication.

No comments :