1 / 21

HTCondor Networking Concepts

HTCondor Networking Concepts. Disclaimers. Not about configuration macros Not about host or daemon lookups Not about HTCondor internals. Asking the Right Questions. There will be a quiz at the end Start by reviewing fairy-tale networking … then add IPv6 … then add schedd firewalls

mattox
Download Presentation

HTCondor Networking Concepts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. HTCondorNetworking Concepts

  2. Disclaimers • Not about configuration macros • Not about host or daemon lookups • Not about HTCondor internals

  3. Asking the Right Questions • There will be a quiz at the end • Start by reviewing fairy-tale networking • … then add IPv6 • … then add schedd firewalls • … then add startd firewalls • End by passing the quiz (open-manual)

  4. Fairy-tale Networking • Single network protocol • All addresses publically routable • No firewalls • Fewer than ~25k simultaneous running jobs

  5. Working in a Fairy Tale negotiator collector schedd startd shadow* starter* * One shadow, starter per running job

  6. IPv6 negotiator collector schedd startd shadow starter IPv4 IPv6

  7. IPv6 + IPv4 negotiator collector schedd startd shadow starter startd IPv4 starter IPv6

  8. Shared Port • Problem: Firewall • Admin willing to open only one port • Problem: only ~60k TCP ports • Need one per shadow • Shared Port Service • Listens on single port for incoming connections • Hands each connection to intended recipient

  9. Shared Port Internet Fire wall startd schedd shared_port starter

  10. Firewalled Submit Node negotiator collector schedd Wall startd shared port starter Fire shadow

  11. TCP Forwarding Host • Problem: Private network with NAT • Traverse firewall via port forwarding • Allocate a public IP address • Connections to public address forwarded by NAT to machine on private network • Common in the Cloud

  12. Condor Connection Broker • Problem: Private network with NAT • Or firewall with no opening for HTCondor • Traverse firewall by reversing connection • Client sends connection request via broker • Server initiates TCP connection to client • Only bypasses one firewall • Client and broker (CCB server) must have publically routable addresses

  13. CCB: Condor Connection Broker CCB Internet Outbound firewall schedd startd schedd

  14. NATd Execute Nodes negotiator collector/CCB schedd Wall NAT shared port startd Fire shadow starter

  15. Port Usage (Digression) • Shadow for each running job • In fairy-tale setup • Each shadow uses two ports • Limit of ~25k running jobs • With shared port and CCB • Shadow use no ports • No network limit on number of running jobs

  16. Quiz • Why do schedds and central managers need to be mixed-mode in a pool split between IPv4 and IPv6 nodes? • Why use CCB on execute nodes? • Why use both CCB and shared port? • If both the schedd and the execute nodes are NATd, what do you do?

  17. Question1 • Why do schedds and central managers need to be mixed-mode in a pool split between IPv4 and IPv6 nodes? • They need to be able to talk to all execute nodes

  18. Question2 • Why use CCB on execute nodes (and not submit nodes)? • Easier to make submit nodes publically accessible (fewer of them)

  19. Question3 • Why use both CCB and shared port? • Can’t use CCB for both schedd and startd • No ports used for shadow, so no limit on number of running jobs

  20. Question4 • If both the schedd and the execute nodes are NATd, what do you do? • If same NAT, no problem • TCP Forwarding Host for schedd

  21. Congratulations! HTCondor Administrator Networking

More Related