Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of John Walsh said:
> supposed to be
> > a working group looking at doing this more efficiently, but
> don't hold
> > your breath :)
>
> DNS has scaled up resonably well, could the same basic
> conceptal model be applied?
> For instance, you could have a primary source/info provider,
> with multiple secondary sources.
> (I am not saying that such a change would be easy).
What people are supposed to be looking at is passing the job
requirements through to the batch system to avoid needing explicit
queues for every configuration. The problem isn't really with the
information itself, but with how it's used.
> Does the inbound/oubound apply to the service nodes, all
> nodes or just the worker nodes?
Just the worker nodes. Service nodes are assumed to have whatever
connectivity is required by the service(s) they run. In theory most/all
services should be able to run on arbitrary ports, although like many
things it may not be very well-tested.
> If it is on a service node such as the CE, then it is
> reasonable to assume outbound,
> but assuming outbound on a workernode is not so reasonable,
> and the middleware/application developers
> should actually take that into account.
This argument has been running at least since I joined EDG in 2001! In
practice the vast majority of sites have never been willing to dig in
their heels and forbid outbound access, they just grumble periodically,
so users and m/ware developers have mostly ignored it. I think there was
a plan to collect a list of all DNS domains used by LCG/EGEE sites and
users so it could be used for firewall restriction, but I haven't heard
anything lately so it probably went on the back burner.
> I don't think that a
> site can be criticised because
> of this, unless they have signed an SLA stipulating that they
> would provide outbound.
True, but in practice such a site will not be used by most VOs.
Stephen
|