Uploaded image for project: 'JGroups'
  1. JGroups
  2. JGRP-729

Support for NAT

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Unresolved
    • Major
    • Future
    • None
    • None
    • 0
    • 0% 0%

    Description

      Using external_addr, members behind NATs can communicate. However, members behind the same NAT cannot communicate as the NATted address is unknown [email by Terence Chan below].

      We need to fix this with logical addresses, where the identity of a member is independent from the physical address

      I am using JGroups to connect multiple servers in 2 zones, separated by
      2 firewalls with Network Address Translation (NAT). The servers cannot
      connect to each other due to NAT.

      The situation is as follows:

      – Server A is behind Firewall A
      – Server A's local address is 10.253.40.80
      – Server A's NAT address is 10.253.2.80

      – Server B is behind Firewall B
      – Server B's local address is 172.16.80.33
      – Server B's NAT address is 10.1.1.39

      When Server A initiates a connection to Server B, Server A sends a
      "connection message" with source address = its local address (ie.,
      10.253.40.80). Then, Server B replies a message with destination
      address = the source address of the original message (ie., Server A's
      local address). Since the local address (10.253.40.80) is not
      reachable, so Server A cannot receive the reply.

      Then I try to use "external_addr" attribute in the config file to set
      the message's source address to the NAT address.
      <TCP start_port="7900" external_addr="10.253.2.80" ...../>
      But, since the message's source address becomes NAT address, servers
      "within" the same network segment cannot send messages to each other,
      because NAT address is ONLY recognized by servers outside the firewall.
      For example, if Server A1 sends a message to another Server A2 in the
      same network segment, A2 cannot reply to A1 because A2 doesn't recognize
      A1's NAT address.

      For your reference, below is the error message when Server B sends a
      message to itself via its NAT address:

      2008-03-27 20:36:55,871 DEBUG [ DownHandler (TCP)]
      jgroups.protocols.TCP#sendToSingleMember() - failure sending message to
      10.1.1.39:7000
      java.lang.Exception: connection to 10.1.1.39:7000 could not be
      established
      at
      org.jgroups.blocks.BasicConnectionTable.send(BasicConnectionTable.java:2
      38)

      Attachments

        Issue Links

          is blocked by

          Feature Request - Feature requests from customers and/or users JGRP-129 Logical addresses

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              rhn-engineering-bban Bela Ban
              rhn-engineering-bban Bela Ban
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated: