Re: Clarification on firewall issues with Java networking APIs


"Qu0ll" <Qu0llSixFour@xxxxxxxxx> wrote in message
news:476016a9$0$25522$5a62ac22@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
"Lew" <lew@xxxxxxxxxxxxx> wrote in message
news:9vWdnQW0sPM0YcLanZ2dnUVZ_oPinZ2d@xxxxxxxxxxxxxx

Yes. That's one reason why most client-server protocols eschew client
callbacks, plus it's complicated. Firewalls generally allow return
traffic for outbound clients, but they get finicky about spontaneous
inbound traffic.

Where finicky here means that any meaningful firewall will block the
incoming connections by default and NAT routers will completely block
the incoming requests unless forwarding is explicitly allowed.

Quite so.

So basically I am in a no-win situation. I can have callbacks with RMI
but it doesn't play well with firewalls and I can't have callbacks with
any other method for the same reason. Quite frankly, if callbacks of any
kind can't be made to work with firewalls then they are useless in a
practical sense given that most/all corporations use firewalls. So-called
"Comet" approaches looked promising because the callbacks pass through the
standard HTTP port (or that's my understanding) but it seems that they
can't be made to work with applets. *sigh* Ho hum.

It's a fundamental characteristic of TCP/IP that listeners cannot not reach
out to callers--they have to wait for the caller to first connect. Network
topology (NATs & firewalls) has grown up around this concept to the extent
that client-to-server connections are easy and common whereas
server-to-client connections require special configuration. If you want
clients to receive timely (non-polled) events, they must maintain an open
connection to the server. It is entirely possible to do so, but you have to
keep in mind that you're trading server performance for client performance.

It's not clear to me why servlets would not work for this, even if the
connection is proxied. The technique I use (with RMI, not HTTP) is that
the client requests "waiting events". This makes the connection which then
stays open so long as there are no waiting events, but only up to a small
time limit, such as a minute--something well below the servlet container's
threshold. When an event arrives it either is sent as the reply directly
and the connection closed or it is queued until the next request. (You could
keep the connection open depending on how long "long" is and whether
proxying is a problem.) The point is that the connection doesn't have to
stay open indefinately. We're simply trying to beat the latency of polling.
(If the container threshold is low enough there will be little difference
between this and polling and you'll get the worst of both worlds.)

The performance limitation of this technique is that all your clients will
have simultaneously pending waits that are all essentially idle. They will
receive a fast response to any arriving event, but the server will not
support very many clients, hence the tradeoff of client for server
performance.

I plan to try this out soon, as soon as I get Eclipse to work with JBoss
again.

Matt Humphrey http://www.iviz.com/


.

Relevant Pages

  • Re: Connecting Out of Process Servers via COM+
    ... connection, and in fact we can only use one connection because of the way ... years ago when I needed a number of clients to share a single serial ... it would create a Dispatcher-Object first and registers ... > This means, altough COM+ would allow parallel requests, the calls would be ...
    (microsoft.public.vb.com)
  • Re: Network desintegrating(?)
    ... 15 clients XP Pro SP2 ... I made a reservation for Noodserv in DHCP. ... I know PDC and BDC are NT 4 terms, TELSERV is the SBS box, NOODSERV ... Ethernet adapter Local Area Connection: ...
    (microsoft.public.windows.server.sbs)
  • Re: Connect to Small Business Server VPN
    ... Here is the results of an ipconfig /all from one of my clients: ... Ethernet adapter Internet Connection: ... "Cris Hanna " ... Actually the subnet is correct on a VPN ...
    (microsoft.public.windows.server.sbs)
  • RE: No internet for clients
    ... I understand that the internal clients ... Please rerun the CEICW to make sure your SBS 2003 server have right ... How to configure Internet access in Windows Small Business Server 2003 ... Two network adapters - manual router connection to broadband ...
    (microsoft.public.windows.server.sbs)
  • Re: How can I make the server to call back to client without being blocked by firewall.
    ... Since UDP can also be in connection mode even ... *no* inbound TCP ports will be open to client machines. ... > Most, however, are not so liberal, and by default restrict clients to ... > Sometimes, especially in more security conscious environments, you may ...
    (comp.security.firewalls)
Loading