Globus Streaming LAN Interface Administration

Administrators may want to control which network interfaces their GCS servers use to establish LAN segments between user applications and the GCS. This section describes that process in the context of a multi-node GCS deployment.

Consider a GCS deployment like the one shown below:

In this example, the conceptual endpoint consists of two nodes. Each node has two network interfaces: one connected to the data center’s internal LAN, and one connected to the external Internet. By default, the Streaming Gateway listens for incoming connections on all available interfaces. However, administrators may wish to restrict access to the LAN interface only, ensuring that only internal users can connect.

To do this, an endpoint administrator must first choose a name for the LAN. This name can be arbitrary, but it must be unique within the endpoint. Next, the administrator associates this LAN name with a specific IP address on each node in the endpoint. The following CLI command shows an example:

In this example, the administrator is configuring the GCS node so that whenever a Globus streaming tunnel needs to listen on the LAN named MyNetwork, it will listen only on the address 192.168.10.50.

The address 192.168.10.50 must be bound to a network interface on that node. Because each data transfer node (DTN) backing a Globus endpoint will typically have a different IP address, this command must be run for each node that backs the endpoint. The same LAN name (MyNetwork) must be used on all nodes, but the associated IP address will differ per node. In this way, a set of node-specific IP addresses is grouped under a single conceptual network name.

Once MyNetwork has been defined on all nodes, the administrator can configure the Streaming Gateway to use only that network when establishing the LAN segments of a stream. This is done with the following command: