Uploaded image for project: 'JGroups'
  1. JGroups
  2. JGRP-729

Support for NAT

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Unresolved
    • Icon: Major Major
    • Future
    • None
    • None

      Using external_addr, members behind NATs can communicate. However, members behind the same NAT cannot communicate as the NATted address is unknown [email by Terence Chan below].

      We need to fix this with logical addresses, where the identity of a member is independent from the physical address

      I am using JGroups to connect multiple servers in 2 zones, separated by
      2 firewalls with Network Address Translation (NAT). The servers cannot
      connect to each other due to NAT.

      The situation is as follows:

      – Server A is behind Firewall A
      – Server A's local address is 10.253.40.80
      – Server A's NAT address is 10.253.2.80

      – Server B is behind Firewall B
      – Server B's local address is 172.16.80.33
      – Server B's NAT address is 10.1.1.39

      When Server A initiates a connection to Server B, Server A sends a
      "connection message" with source address = its local address (ie.,
      10.253.40.80). Then, Server B replies a message with destination
      address = the source address of the original message (ie., Server A's
      local address). Since the local address (10.253.40.80) is not
      reachable, so Server A cannot receive the reply.

      Then I try to use "external_addr" attribute in the config file to set
      the message's source address to the NAT address.
      <TCP start_port="7900" external_addr="10.253.2.80" ...../>
      But, since the message's source address becomes NAT address, servers
      "within" the same network segment cannot send messages to each other,
      because NAT address is ONLY recognized by servers outside the firewall.
      For example, if Server A1 sends a message to another Server A2 in the
      same network segment, A2 cannot reply to A1 because A2 doesn't recognize
      A1's NAT address.

      For your reference, below is the error message when Server B sends a
      message to itself via its NAT address:

      2008-03-27 20:36:55,871 DEBUG [ DownHandler (TCP)]
      jgroups.protocols.TCP#sendToSingleMember() - failure sending message to
      10.1.1.39:7000
      java.lang.Exception: connection to 10.1.1.39:7000 could not be
      established
      at
      org.jgroups.blocks.BasicConnectionTable.send(BasicConnectionTable.java:2
      38)

              rhn-engineering-bban Bela Ban
              rhn-engineering-bban Bela Ban
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Created:
                Updated: