dCache uses the LocationManager to discover the network topology
of the internal communication: to which domains this domain should
connect. The domain contacts a specific host and queries the
information using UDP port 11111
. The response
describes how the domain should react: whether it should allow
incoming connections and whether it should contact any other
domains.
Once the topology is understood, dCache domains connect to each
other to build a network topology. Messages will flow over this
topology, enabling the distributed system to function correctly.
By default, these connections use TCP port
11111
.
It is essential that both UDP and TCP port
11111
are firewalled and that only other nodes
within the dCache cluster are allowed access to these ports.
Failure to do so can result in remote users running arbitrary
commands on any node within the dCache cluster.