This post is more than 5 years old
7 Posts
0
1302
AutoStart: Other TCP/UDP Ports than 8042-8045?
I am installing two servers with AutoStart 5.3 SP3 and they are located on separate subnets behind firewalls.
Server1 has IP 10.10.10.100 and 10.10.10.101 /24
Server2 has 172.31.31.100 and 172.31.31.101 /24.
I have set rules on my firewalls to accept TCP and UDP traffic on these specific IP addresses only for Ports 8042, 8043, 8044 and 8045.
After installing EAS on Server1 I changed the domain lines to both multicast and point-to-point to Server2.
When I perform my install on the Server2 and indicate to retrieve the configuration from Server1 I see the correct domain name and come over and the installation proceeds as normal. However, after rebooting Server2 I do not receive any heartbeats from Server2 on Server1 and I see a split brain (Server1 has Server2 grayed and Server2 has Server1 grayed). Needless to say, my two nodes never sync the EAS database. While looking at my firewall I see another wide range of UDP and TCP ports traffic being blocked and it only occurs when my backbone and agent services are starting on the servers.
Are there any other undocumented ports that need to be opened or can I determine/control what range is used here?
Thanks
yito1
262 Posts
0
December 9th, 2009 16:00
Hi
It is described to page 90 of the administrator's guide.
------------
Note: Currently, AutoStart is not qualified for use on any server that runs a firewall. However,
if you are using a firewall, refer to Firewalls for important guidelines.
------------
You should compose the environment that may not use FireWall.
If FireWall is composed and the ephemeral port is opened, it doesn't mean FireWall.
AutoStart has not operated correctly in the environment that sets FireWall in my experience.
JoelStewart
24 Posts
0
December 9th, 2009 09:00
Richard,
If this is a Windows Environment, you may find that this KB article is applicable: http://solutions.emc.com/emcsolutionview.asp?id=esg93221.
In particular, here are some excerpts:
AutoStart uses the configured TCP and UDP Domain communication ports (default is 8042 - 8045) and will also use random ephemeral ports for other AutoStart communication.
Windows has a range of ephemeral ports 1024 - 65534 that applications can randomly select for communications. This is a Windows feature and we select randomly from the range for AutoStart process communication.
Refer to Microsoft Knowledge base article 812873 for further details on ephemeral port configuration.
Cheers,
Joel
rfox1
7 Posts
0
December 9th, 2009 17:00
Yoshinobu,
Thanks for the reply. I believe that is the official answer since the product does use random ports to communicate and there is no way to control them. Reality is that firewalls are a necessary part of networks these days, specially in WAN environments, and developers need to write code supporting these-days implementations. With thatsaid, the only solution would be to create a tunnel between the two servers where all traffic between the interfaces is trusted and does not block anything.
rfox1
7 Posts
0
December 9th, 2009 17:00
Joel,
Thanks for your quick response. I had already read that article and it does not solve the problem. The article is to reserve in ports that are specifically needed for other applications to use and prevent those applications that use ephimeral port assignment from using them. This is not my problem. AutoStart is choosing a wide range of ports to 'talk' and 'listen' and I need to narrow those down to a controlled range.
yito1
262 Posts
0
December 9th, 2009 17:00
Hi,Richard
The method of connecting between bases with VPN might be better.
P.S.
The WAN environment is not supported by AutoStart.
It is necessary to use RepliStor to compose AutoStart of the WAN environment.
However, this is Windows environment limitation.
rfox1
7 Posts
0
December 9th, 2009 18:00
Yoshinobu,
Understood about EMC support on firewalls, but it is a necessary-evil and I need a solution. I am using RepliStor for data replication and it is working with no problems; my only issue is AutoStart heartbeats and Rayma db sync.
Thanks again.