Anand Bisen
2007-Oct-15 19:00 UTC
[Lustre-discuss] iptables rules for lustre 1.6.x and MGS recovery procedures
Hi, I would like to know what TCP/UDP ports should i keep open in my firewall policies on my MGS server such that I can have my MGS server fire-walled. Also if in a event of loss of MGT would it be possible to recreate the MGT without loosing data or bringing the filesystem down (i.e. by using cached information from MDT''s and OST''s) Thanks Anand
On Mon, 15 Oct 2007, Anand Bisen wrote:> Hi, > > I would like to know what TCP/UDP ports should i keep open in my > firewall policies on my MGS server such that I can have my MGS server > fire-walled.Since firewalling is, as far as I know, the only way of limiting access to a lustre filesystem when using TCP/IP on lustre 1.6 it should really be mentioned in the manual, right? /Nikke -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Niklas Edmundsson, Admin @ {acc,hpc2n}.umu.se | nikke at hpc2n.umu.se --------------------------------------------------------------------------- "What did you do to the computer, Monkey-Man?" -- Zaphod =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Isaac Huang
2007-Oct-17 17:01 UTC
[Lustre-discuss] iptables rules for lustre 1.6.x and MGS recovery procedures
Hi, AFAIK, UDP is not used in LNet, the Lustre networking sub-system. TCP port usage depends on the LNDs (Lustre Network Driver) you''re using. For LNDs that rely on LNet acceptor to establish connections (ciblnd, openiblnd, ralnd, and socklnd), the acceptor port must be open. Acceptor port can be configured via lnet module parameter "accept_port", which defaults to 988. The o2iblnd creates connections via OFED RDMA CM API, which requires no TCP/UDP port to work despite the fact that it utilises IP addresses. The viblnd should also fail into this category. Hope this helps, Isaac On Mon, Oct 15, 2007 at 12:00:32PM -0700, Anand Bisen wrote:> Hi, > > I would like to know what TCP/UDP ports should i keep open in my > firewall policies on my MGS server such that I can have my MGS server > fire-walled. Also if in a event of loss of MGT would it be possible > to recreate the MGT without loosing data or bringing the filesystem > down (i.e. by using cached information from MDT''s and OST''s) > > Thanks > > Anand
Anand Bisen
2007-Oct-17 19:16 UTC
[Lustre-discuss] iptables rules for lustre 1.6.x and MGS recovery procedures
Isaac, Thanks for the reply. In our setup in cases where we could have multiple lustre file systems (with IB, 10Gig et. al) i don''t want to waste one (switch port, IB HCA) for the MGS node as there would not be a lot of traffic for MGS, so I am planning to use just a regular GigE network for the MGS even for the cases where we would have IB on the OSS and compute nodes. So I would run MGS on the regular GigE network which would provide the config information to all the OSS/MDS and clients irrespective of the network that these clients would use for the IO. Thanks Anand On Oct 17, 2007, at 10:01 AM, Isaac Huang wrote:> Hi, > > AFAIK, UDP is not used in LNet, the Lustre networking sub-system. TCP > port usage depends on the LNDs (Lustre Network Driver) you''re using. > > For LNDs that rely on LNet acceptor to establish connections (ciblnd, > openiblnd, ralnd, and socklnd), the acceptor port must be open. > Acceptor port can be configured via lnet module parameter > "accept_port", > which defaults to 988. > > The o2iblnd creates connections via OFED RDMA CM API, which > requires no > TCP/UDP port to work despite the fact that it utilises IP addresses. > The viblnd should also fail into this category. > > Hope this helps, > Isaac > > On Mon, Oct 15, 2007 at 12:00:32PM -0700, Anand Bisen wrote: >> Hi, >> >> I would like to know what TCP/UDP ports should i keep open in my >> firewall policies on my MGS server such that I can have my MGS server >> fire-walled. Also if in a event of loss of MGT would it be possible >> to recreate the MGT without loosing data or bringing the filesystem >> down (i.e. by using cached information from MDT''s and OST''s) >> >> Thanks >> >> Anand--- Anand Bisen Sr. Systems Architect, DataDirect Networks 9351 Deering Avenue, Chatsworth, CA 91311 Tel: 818-700-4053 Fax: 818-700-7665 Cell: 818-723-9752 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.lustre.org/pipermail/lustre-discuss/attachments/20071017/cb855fca/attachment-0002.html