[an error occurred while processing this directive]

GridFTP with Pools in a Private Subnet

[return to top]

Description

If pool nodes of a dCache instance are connected to a secondary interface of the GridFTP door, e.g. because they are in a private subnet, the GridFTP door will still tell the pool to connect to its primary interface, which might be unreachable.

The reason for this is that the control communication between the door and the pool is done via the network of TCP connections which have been established at start-up. In the standard setup this communication is routed via the dCache domain. However, for the data transfer, the pool connects to the GridFTP door. The IP address it connects to is sent by the GridFTP door to the pool via the control connection. Since the GridFTP door cannot find out which of its interfaces the pool should use, it normally sends the IP address of the primary interface.

[return to top]

Solution

Tell the GridFTP door explicitly which IP it should send to the pool for the data connection with the ftp.net.internal property.

Example:

E.g. if the pools should connect to the secondary interface of the GridFTP door host which has the IP address 10.0.1.1, set

ftp.net.internal=10.0.1.1

in the /opt/d-cache/etc/dcache.conf file.