release notes | Book: 1.9.5, 1.9.12 (opt, FHS), 2.11 (FHS), 2.12 (FHS), 2.13 (FHS), 2.14 (FHS), | Wiki | Q&A black_bg
Web: Multi-page, Single page | PDF: A4-size, Letter-size | eBook: epub black_bg

GridFTP with Pools in a Private Subnet

[return to top]

Description

If pool nodes of a dCache instance are connected to a secondary interface of the GridFTP door, e.g. because they are in a private subnet, the GridFTP door will still tell the pool to connect to its primary interface, which might be unreachable.

The reason for this is that the control communication between the door and the pool is done via the network of TCP connections which have been established at start-up. In the standard setup this communication is routed via the dCache domain. However, for the data transfer, the pool connects to the GridFTP door. The IP address it connects to is sent by the GridFTP door to the pool via the control connection. Since the GridFTP door cannot find out which of its interfaces the pool should use, it normally sends the IP address of the primary interface.

[return to top]

Solution

Tell the GridFTP door explicitly which IP it should send to the pool for the data connection with the -ftp-adapter-internal-interface option. E.g. if the pools should connect to the secondary interface of the GridFTP door host which has the IP address 10.0.1.1, the following batch file would be appropriate:

Example 23.2. Batch file for two GridFTP doors serving separate network interfaces

set printout default 2
set printout CellGlue none
onerror shutdown
check -strong setupFile
copy file:${setupFile} context:setupContext
import context -c setupContext
check -strong serviceLocatorPort serviceLocatorHost
check -strong sshPort ftpPort
create dmg.cells.services.RoutingManager  RoutingMgr
create dmg.cells.services.LocationManager lm \
       "${serviceLocatorHost} ${serviceLocatorPort}"

create dmg.cells.services.login.LoginManager GFTP \
            "2811 \
             -export \
             diskCacheV111.doors.GsiFtpDoorV1 \
             -prot=raw \
             -clientDataPortRange=${clientDataPortRange} \
            -root=${ftpBase} \
             -kpwd-file=${kpwdFile} \
             -tlog=/tmp/dcache-ftp-tlog \
             -maxLogin=100 \
             -brokerUpdateTime=5 \
             -protocolFamily=gsiftp \
             -loginBroker=LoginBroker \
             -poolManagerTimeout=5400 \
             -pnfsTimeout=120 \
             -maxRetries=80 \
             -maxStreamsPerClient=10 \
	    -ftp-adapter-internal-interface=10.0.1.1 \
"

This batch file is very similar to the batch file for the GridFTP door in the standard setup. (Comments have been left out.) The emphasized last line has the desired effect.